InvokeHub REST API documentation.
https://your-invokehub.azurewebsites.net/api
All endpoints except /health and /loader require authentication.
X-API-Key: your-api-key
$headers = @{
"X-API-Key" = "your-api-key"
}
Invoke-RestMethod "https://api/menu" -Headers $headersHealth check endpoint - no authentication required.
Response:
{
"status": "healthy",
"timestamp": "2024-01-15T10:30:00Z",
"version": "1.0.0",
"platform": "InvokeHub",
"authMode": "apikey",
"containerName": "powershell-scripts",
"environment": "Production"
}Authenticate and receive session information.
Request:
POST /api/auth
X-API-Key: your-api-keyResponse:
{
"authenticated": true,
"sessionToken": "...",
"expiresIn": 3600,
"authMode": "apikey"
}Get the complete script repository structure.
Request:
GET /api/menu
X-API-Key: your-api-keyResponse:
{
"name": "Root",
"type": "folder",
"path": "",
"children": [
{
"name": "Administration",
"type": "folder",
"path": "Administration",
"children": [
{
"name": "Update-ADUsers.ps1",
"type": "script",
"path": "Administration/Update-ADUsers.ps1",
"size": 12543,
"lastModified": "2024-01-15T14:32:00Z",
"metadata": {
"author": "Admin Team",
"description": "Updates Active Directory users"
}
}
]
}
]
}Download a specific script.
Request:
GET /api/script?path=Administration/Update-ADUsers.ps1
X-API-Key: your-api-keyResponse:
{
"path": "Administration/Update-ADUsers.ps1",
"content": "# PowerShell script content\n...",
"lastModified": "2024-01-15T14:32:00Z",
"contentHash": "SHA256Hash...",
"metadata": {
"author": "Admin Team",
"description": "Updates Active Directory users"
}
}Get the PowerShell loader script - no authentication required.
Request:
GET /api/loader?key=optional-api-keyResponse:
# InvokeHub Loader v1.0.0
# ... loader script content ...Get the full PowerShell client.
Request:
GET /api/clientResponse:
# InvokeHub Client v1.0.0
# ... client script content ...{
"error": "Error message description"
}| Code | Description | Example |
|---|---|---|
| 400 | Bad Request | Invalid script path |
| 401 | Unauthorized | Missing or invalid API key |
| 404 | Not Found | Script not found |
| 429 | Too Many Requests | Rate limit exceeded |
| 500 | Server Error | Internal error |
$headers = @{ "X-API-Key" = "your-key" }
$menu = Invoke-RestMethod "https://api/menu" -Headers $headers$headers = @{ "X-API-Key" = "your-key" }
$script = Invoke-RestMethod `
-Uri "https://api/script?path=Utilities/Get-Info.ps1" `
-Headers $headers
# Execute the script
Invoke-Expression $script.content# Get menu and filter
$menu = Invoke-RestMethod "https://api/menu" -Headers $headers
$scripts = $menu.children | Where-Object { $_.name -like "*deploy*" }curl https://your-api/healthcurl -H "X-API-Key: your-key" https://your-api/menucurl -H "X-API-Key: your-key" \
"https://your-api/script?path=Scripts/test.ps1" \
-o test.ps1import requests
api_url = "https://your-api"
headers = {"X-API-Key": "your-key"}
# Get menu
response = requests.get(f"{api_url}/menu", headers=headers)
menu = response.json()
# Download script
script_path = "Utilities/Get-Info.ps1"
response = requests.get(
f"{api_url}/script",
params={"path": script_path},
headers=headers
)
script = response.json()
print(script["content"])- Always use HTTPS in production
- Keep API keys secure - never commit to source control
- Rate limiting is enforced - respect it
- Path validation prevents directory traversal
- Script validation blocks dangerous commands