Session Credentials

Operations invoked by the REST API run as the Windows System account, which cannot decrypt credentials that are not shared with it. To facilitate this ability, you must provide session credentials for the specified user. Session credentials are an explicit local login with a local API server Window Session. This provides a local token that is used to initialize access to the Security Controls credential store. These credentials define the exact user account that will be used by the system account when performing patch scan and patch deployment operations remotely using the REST API.

For information about creating, locating, sharing, and deleting credentials, see Credentials.

Some important notes about session credentials:

  • The session credential password must be the same as that of the Windows user account that is used to authenticate to the REST API.
  • There is no session credential timeout.
  • It is safe to initialize the session credential multiple times. If it already exists, the REST API will respond with a 409 Conflict response status code. This can safely be ignored.
  • To reset the session credential you must delete it and then add it back.

Base URL


Supported Requests

Method URL Input Return




Success code



Session Body


Input Models

Request Examples

Output Model