The VSXi REST API allows you to manage VSXi systems in a simple, programmatic way using conventional HTTP requests. Most of the functionality that you are familiar with in the VSXi GUI is also available through the API, allowing you to script the complex actions that your situation requires.

The API documentation will start with a general overview and then break down the different components. To access the VSXi REST API,  basic HTTP knowledge is necessary: how an HTTP request is sent as {method url}, how to attach a file as input and save output into a file.

User authentication is done on each request using basic authentication. User has to input a valid GUI/API username/password and embed that in HTTPS basic authentication header.

All requests made to the VSXi follow a similar format, with user authentication performed on each HTTP request.

The syntax for REST is as follows:

curl -u $user:$pass -X $METHOD -k -$FLAG file.xml


In the following sections we go into further detail on actions and tables.

The basic supports the following HTTP methods:

  • GET: For downloads, queries and stats commands.
  • POST: For inserts and changes.
  • DELETE: For deletions.

In combination with the HTTP method, the VSXi REST API defines several actions described below. Each action supports a specific HTTP method.

Downloads data from the specified table. HTTP GET.

Updates entries in the specified table. If the entry is not currently in the table this action functions as an insert. HTTP POST.

Deletes entries from the specified table. HTTP DELETE.

Uploads data in a XML file to the server and replaces the data in a specified table. HTTP POST.

Note: A replace is a wipe and insert operation. The large counterpart action is replaceLarge.

Commands that have “Large” as part of operation name are used to update, replace, delete or download data in zipped XML (binary) format. HTTP POST.

These actions are:

  • updateLarge
  • downloadLarge
  • deleteLarge
  • replaceLarge

Query specified table using the specified query string. HTTP GET.

Downloads real-time stats from specified table. HTTP GET.

Downloads system status or files.  HTTP GET.

The VSXi web interface is structured into parent tabs and child tabs. There are eight parent tabs: Monitoring, Trace, Routes, Resources, Digit Mappings, Service Ports, App Servers and System. In the scope of this document a table is defined as the different sub-tabs available on the system. For example, the Resources parent tab has the following tables: Resources, Registrar, Blocked Resources, SIP Profiles, Cause Code Profiles, Stop Route Profiles, SMC Profiles, SMC Data Files and CAC Profiles.

The following tables are supported via API. Tables are listed in the familiar parent-child structure. In parenthesis you will find the web UI reference in parent > child tab format. (e.g. Resources > Resources).

  • Monitoring:
    • active_calls (Monitoring > Active Answered Calls)
    • realtime (Monitoring > System Stats)
    • resource (Monitoring > Resource Stats)
    • resource_detail (Monitoring > Real-Time Stats)
    • sip_stats (Monitoring > SIP Stats)
    • sub_stats
  • Routes:
    • route (Routes > Routes)
    • routegroup (Routes > Route Groups)
    • routetable (Routes > Route Table)
  • Resources:
    • cac_index (Resources > CAC Profies)
    • resource (Resources > Resource)
    • resourceblock (Resources > Blocked Resources)
    • smcDataFile (Resources > SMC Data Files)
    • subscriber Resources > Registrar)
  • Digit Mappings:
    • digit_mapping (Digit Mappings > Digit Mappings)
    • digit_mapping_index (Digit Mappings > Digit Mapping Table)
  • Service Ports:
    • serviceport (Service Ports > Service Ports)
    • serviceport_certificates
    • media_server_profile (Service Port > Media Server Profiles)
    • virtualip
  • App Servers:
    • media_server (App Servers > Media Servers)
  • System:
    • hardwareConfiguration (System > Advanced: Save Hardware Info)
    • systemConfiguration (System > Save Config)
    • users ( System > Users)

The VSXi REST API is an evolution of the VSXi legacy SOAP/Web Services API. By default, if not specified, data will be downloaded or received in XML format. You can use the format parameter within the URL to specify the desired data format.


While XML/JSON are widely supported some tables or actions support CSV and plain text.

On any data input operation (UPDATE, DELETE, UPLOAD, REPLACE) you must submit the the entire payload. That is all XML/JSON elements that correspond to the table. All fields are required and omitting fields will result in an error. As an example if you are updating one field in the Resource table, you need to submit all fields not just the key element and the field being changed.  The best common practice is to download, edit and upload the file.

While files are most commonly used it is also possibly to send serial data with the full XML/JSON content if desired.

This is an example schema of a resource input file.

         "name" : "Example",
         "companyName" : "Example",
         "trunkId" : 1,
         "sgId" : 0,
         "capacity" : 50,
         "cpsLimit" : 5,
         "node" : [ {
            "fqdn" : "",
            "netmask" : 32,
            "capacity" : 46,
            "cpsLimit" : 5,
            "cacProfileId" : 0
         }, {
            "fqdn" : "",
            "netmask" : 32,
            "capacity" : 46,
            "cpsLimit" : 5,
            "cacProfileId" : 0
         } ],
         "rtid" : 0,
         "ingress1" : {
            "match" : "1",
            "action1" : "none",
            "digits1" : "",
            "action2" : "none",
            "digits2" : ""
         "ingress2" : {
            "match" : "all",
            "action1" : "prepend",
            "digits1" : "1",
            "action2" : "none",
            "digits2" : ""
         "egress1" : {
            "match" : "all",
            "action1" : "none",
            "digits1" : "",
            "action2" : "none",
            "digits2" : ""
         "egress2" : {
            "match" : "all",
            "action1" : "none",
            "digits1" : "",
            "action2" : "none",
            "digits2" : ""
         "outboundANI" : "pass",
         "techPrefix" : "default",
         "rnIngress1" : {
            "match" : "all",
            "action1" : "none",
            "digits1" : "",
            "action2" : "none",
            "digits2" : ""
         "rnIngress2" : {
            "match" : "all",
            "action1" : "none",
            "digits1" : "",
            "action2" : "none",
            "digits2" : ""
         "rnEgress1" : {
            "match" : "all",
            "action1" : "none",
            "digits1" : "",
            "action2" : "none",
            "digits2" : ""
         "rnEgress2" : {
            "match" : "all",
            "action1" : "none",
            "digits1" : "",
            "action2" : "none",
            "digits2" : ""
         "codecPolicy" : "transparent",
         "srtpEnable" : "disable",
         "srtpSize" : 80,
         "srtpDtls" : "disable",
         "groupPolicy" : "top_down",
         "dtid" : 1,
         "t38" : "enable",
         "rfc2833" : "enable",
         "payloadType" : 101,
         "tos" : "B8",
         "svcPortIndex" : 1,
         "radiusAuthGrpIndex" : 0,
         "radiusAcctGrpIndex" : 0,
         "lnpGrpIndex" : 1,
         "lnpEnhancedGrpIndex" : 0,
         "stiASGrpIndex" : 0,
         "stiVSGrpIndex" : 0,
         "cnamGrpIndex" : 0,
         "ersGrpIndex" : 0,
         "maxCallDuration" : 10800,
         "minCallDuration" : 0,
         "noAnswerTimeout" : 120,
         "noRingTimeout" : 30,
         "causeCodeProfile" : 0,
         "stopRouteProfile" : 0,
         "paiAction" : "Disable",
         "paiString" : "5555555013",
         "inheritedGenericHeader" : "",
         "outSMCProfileId" : 0,
         "stiIngressAuthentication" : "none",
         "stiIngressAuthFailBehavior" : "passthru",
         "stiEgressIdHdrTreatment" : "no-hdr",
         "stiIngressVerification" : "disable",
         "stiEgressVerifyFailBehavior" : "passthru"
      } ]


Having an understanding of the supported HTTP methods, system tables and actions the following table provides a list of the possible "commands" that can be issued via API and supported data format.

HTTP Method Action Table Format
GET download route XML/JSON/CSV
GET download routegroup XML/JSON
GET download routetable XML/JSON
GET download resource XML/JSON
GET download resourceblock XML/JSON
GET download digit_mapping_index XML/JSON
GET download digit_mapping XML/JSON
GET download subscriber XML/JSON
GET download media_server_profile XML/JSON
GET download media_server XML/JSON
GET downloadLarge route Zip XML/JSON/CSV
GET downloadLarge subscriber Zip XML/JSON
GET downloadLarge digit_mapping Zip XML/JSON
GET downloadLarge systemConfiguration Zip SDC
GET downloadLarge hardwareConfiguration Zip SDC
GET downloadLarge smcDataFile Zip CSV
POST update route XML/JSON/CSV
POST update routegroup XML/JSON
POST update routetable XML/JSON
POST update resource XML/JSON
POST update resourceblock XML/JSON
POST update digit_mapping_index XML/JSON
POST update digit_mapping XML/JSON
POST update subscriber XML/JSON
POST update users XML/JSON
POST updateLarge route Zip XML/JSON/CSV
POST updateLarge subscriber Zip XML/JSON
POST updateLarge digit_mapping Zip XML/JSON
DELETE delete route XML/JSON/CSV
DELETE delete routegroup XML/JSON
DELETE delete routetable XML/JSON
DELETE delete resource XML/JSON
DELETE delete resourceblock XML/JSON
DELETE delete digit_mapping_index XML/JSON
DELETE delete digit_mapping XML/JSON
DELETE delete subscriber XML/JSON
DELETE delete sub_stats XML/JSON
DELETE delete active_calls XML/JSON/CSV
DELETE delete users XML/JSON
DELETE deleteLarge route Zip XML/JSON/CSV
DELETE deleteLarge subscriber Zip XML/JSON
DELETE deleteLarge digit_mapping Zip XML/JSON
POST upload route XML/JSON /CSV
POST upload routegroup XML/JSON
POST upload routetable XML/JSON
POST upload resource XML/JSON
POST upload resourceblock XML/JSON
POST replaceLarge route Zip XML/JSON/CSV
POST replaceLarge routesInRouteTable Zip XML/JSON/CSV
POST replaceLarge subscriber Zip XML/JSON
POST replaceLarge digit_mapping Zip XML/JSON
POST replaceLarge digitMappingsInDigMapTable Zip XML/JSON
POST replaceLarge smcDataFile Zip CSV
GET query route XML/JSON
GET query resource XML/JSON
GET query subscriber XML/JSON
GET query digit_mapping XML/JSON
GET query active_calls XML/JSON
GET stats resource XML/JSON
GET stats realtime XML/JSON
GET stats resource_detail XML/JSON
GET stats media_server XML/JSON
GET stats sub_stats XML/JSON
GET stats sip_stats XML/JSON
GET stats active_calls XML/JSON/CSV
GET system realtime Text


curl -u $user:$pass -X GET -k -o file.xml


curl -u $user:$pass -X POST -k -T file.xml


curl -u $user:$pass -X DELETE -k -T file.xml


              "https://SERVER_IP:8888/SSConfig/webresources/query/digit_mapping?queryString=alias like '%TEST%'"




curl -u USERNAME:PASSWORD -X GET -k -o /root/stats.xml

If you prefer sending the payload within the curl command instead of using a file this is an example syntax.

curl -u USERNAME:PASSWORD -X POST -k -H "Content-Type:text/xml" -d '<?xml version="1.0" encoding="UTF-8"?><DigitTranslationList><DigitTrans><alias>API_Test</alias><tableId>4</tableId><origAni>any</origAni><origAniMinLength>0</origAniMinLength><origAniMaxLength>40</origAniMaxLength><origDnis>555</origDnis><origDnisMinLength>0</origDnisMinLength><origDnisMaxLength>40</origDnisMaxLength>
<transAni>5555551234</transAni><transDnis></transDnis><aniAction>all</aniAction><dnisAction>passthrough</dnisAction></DigitTrans></DigitTranslationList>' "https://SERVER_IP:8888/SSConfig/webresources/update/digit_mapping"

Querying a table allows you to download just a portion of the content you are interested in instead of the entire table. This is the list of table parameters currently supported:

resource route digit_mapping
alias alias alias
allow_directMedia digit_match table_id
cause_code_profile_id end_tod oani
CNAME_group_index group_id odnis
codec_policy max_len tani
company_name min_len tdnis
cps_limit policy  
digit_trans_id resource_id_1  
direction resource_id_2  
DNC_group_index resource_id_3  
ERS_group_index resource_id_4  
LNP_group_index resource_id_5  
max_call_duration resource_id_6  
no_answer_timeout resource_id_7  
no_ring_timeout resource_id_8  
option_poll start_tod  
pai_action table_id  

This paragraph lists codes returned by VSXi server in response to various requests. Each return message has the return code and text message that describes the code.

Code Associated Message Description
200 200 OK General OK response.
  200 OK - uploadXmlFile success. File upload was OK.
300 Finished With Errors File was uploaded but some items failed validation and were discarded. Valid items were processed successfully.
400 400 fail - invalid table specified: + requested table name. Invalid table name.
    Invalid table name.
  400 fail - validation exception XML validation error.
  400 fail - digit match can not be empty Digit match has to be specified for RouteLookUp
  400 – failed Other types of errors (exception)
401 401 Fail - User Not Authorized: Invalid username or no read/write permissions. User is not authorized or doesn't have permissions
  401 Fail - User Not Authorized: invalid user password User password is invalid.
402 402 Fail - This action is not allowed while system is in Load-Balance Slave mode

No configuration changes are allowed on slave servers data can only be dowloaded


When data is uploaded to the VSXi server in plain-text the whole file is validated and if any error is found, the process is aborted and no changes are done to the system table.

In case when “Large” commands are used with compressed (zipped) data, if an error is found in one entry (XML element), that entry is thrown away and error is logged to the user log file. However, the process continues. For example, if one route is found to be invalid, it’s thrown away, but the other routes are processed and stored in DB (updated, replaced, deleted...). In that case the return code is 300, and the message describing the error is “300 Finished With Errors - Validation Errors were detected. Please see User Access Log file for details.”

In both cases errors are logged to User Access Log File that can be found and downloaded in GUI, Trace>User Log tab. Upper box on this page lists all User Log files available for download, and the lower box shows the latest entries in the latest file – user_access.log.

Starting in version VSXi- it is possible to delete entries in the Subscriber Stats page using SOAP or REST API.

The API request can specify from one or multiple fields to perform the delete. The following fields can be included:

  • "username",
  • "trunkID",
  • "id" (Subscriber ID),
  • "userDomain" (Host) or
  • "userIp" (Source IP)

Multiple entries are interpreted as an AND operator.


curl -u username:password -X DELETE -k -T sub_stats_delete.xml 'https://testip:8888/SSConfig/webresources/delete/sub_stats'


<?xml version="1.0" encoding="UTF-8"?>

All requests receive a 200 OK.

Full payload response and fiefld defintion for sub_stats endpoint:

  • States:
    • Authenticated: Successful registration.
    • Unauthenticated: Registration with pending authentication.
    • Blocked: Endpoint has failed N number of authentication attempts.
    • Pending: Transient state normally indicates waiting for Feature Server/Registrar.
  • Trunk ID: Trunk ID associated with the registered user.
  • Create Time: Registration instance when the device first registered.
  • Username.
  • User Domain.
  • User IP: Source IP address of registering endpoint.
  • User Port: Source Port of registering endpoint.
  • ID: Registration ID created by the VSXi for internal tracking purposes.
  • NAT: Network Address Translation detection (Yes, No).
  • SPID: Origination Service Port ID.
  • Protocol:
    • UDP
    • TCP
    • TLS (TLS v1.0, TLS v1.1, TLS v1.2, TLS v1.3).
    • Note: TLS protocol version display added in VSXi-
  • Expiration: Calculation of when this registration will expire if the device fails to re-register timely. This was designed for Push Notifications that may not re-register for days or weeks.
  • Agent: SIP User-Agent disclosed in the SIP REGISTER.
  • PN-PARAM: Push Notifications pn-param per RFC8599.
      <createTime>02-10-2023 17:20:52</createTime>
      <expiration>03-13-2023 07:46:05</expiration>
30replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • In which version of VSXi software is REST introduced?

    • Peter Eisengrein 

      REST API was introduced in version VSXi-10.1.1.x. Some objects were not added until VSXi-, worth noting if you have an earlier release installed.


      Will add this note to the article, thanks Peter.

  • Is the REST api supported on the 10.2.2.x code base too?  (Specifically  Asking as we would prefer to make use of the REST API as opposed to having to install the vsxi ws client in multiple places.  

    • gene. lamoreaux yes, REST API is supported in 10.2.2.x as well. Anything greater than 10.1.1.x supports REST API. 

    • Carlos Perez Thanks!  I guess we're waiting on a new 10.2.2.x build that will resolve the dtmf 0 not being transcoded into an rtp event.   

    • gene. lamoreaux That problem has been fixed 🙂

    • Carlos Perez   Yep, looks like build fixes the missing inband 0 transcoded to rtpevent.  

  • How do I use curl to test the REST api function when it keeps returning "curl: (35) schannel: next InitializeSecurityContext failed: SEC_E_INVALID_TOKEN (0x80090308) - The token supplied to the function is invalid" for any curl issued command against the sbc?     I don't see anything noting Token garnering or how to use such in the RESTful API guide on this page. 

    • gene. lamoreaux You will need a valid SSL certificate to get past this error in Windows. (There may be other tricks to accept existing self-signed certificate). 

    •   Carlos Perez Ok, and where is the process for getting that setup documented? 

    • gene. lamoreaux You can follow the basics of this procedure. It is titled SIP/TLS but it also applies for GUI/API SSL cert. Once Sansay has posession of .p12 file we will load it on the system. Let's continue the conversation in your ticket.


  • I hope you can help me. I'm getting a '401 Unauthorized' when trying to test the API as the example says.

    Example command:

    curl -i -k -XGET '' -u 'xxxxxxx:zzzzzzzzz'

    • voiceops  You probably have to create a superuser and then stipulate those creds when you make the curl call...  

    • voiceops  Try checking the User Log (Trace > User Log). You should see an error explaining the problem. Could be a user/pass error, could also be that you have yet to define the source IP as a Trusted Host (System > Trusted Hosts)

      • voiceops
      • voiceops
      • 4 yrs ago
      • Reported - view

      Carlos Perez It's working fine now, thanks.

  • Hello,

    Is there a limit on download table size when using format=json?  I to get the following response and a 500 Internal Server Error, even on medium size tables. XML works fine, but requires more more work on non Java clients:


    convert xml2json failed(JAXB)




    • Jeremy Van Bortel We are checking on this, Jeremy. 

    • Carlos Perez This seems to have been resolved somewhere between and  On the device we upgraded last night to, I am able to pull all tables in json format without issue.

  • What is the correct way to pass query string ?
    I try:

    but it doesn't work

    • jhansen Have you tried escaping the special characters? such as alias%20like%20%27 ...

  • Hi, could someone assist me with a request? My purpose is to finish the active calls from a specific resource but I don't know if the syntax is correct, I wouldn't like to make a bad request then terminate all calls from all resources. The TID should be part of the URL params or as payload?


    Example (python):

    requests.get(f'https://{ip}:8888/SSConfig/webresources/delete/active_calls', auth = (config.user, config.psw), params = {'format': 'json'}, verify = False, json = {'orig_tid': 1234})



    url-> https://{ip}:8888/SSConfig/webresources/delete/active_calls

    auth-> user:password

    params-> format=json

    verify-> ignore sertificate

    json-> payload = {'orig_tid': 1234}

    • voiceops 

      This would be the approach:


      curl -u  $USER:$PASS -X GET -o activecall.xml "https://$SYSTEM:8888/SSConfig/webresources/query/active_calls?queryString=dnis%20like%20%27%2519177%25%27"

      In bold can change from a like to an equals statement. For example orig_tid="1234". You will need to escape the = and ". Let us know if this does the trick for you.

      • voiceops
      • voiceops
      • 3 yrs ago
      • Reported - view

      Carlos Perez Hi, Carlos. It works fine but it gives me active calls, what would be the URL to terminate a call? "delete/active_calls"?

    • voiceops 

      I was looking to do the same thing. Using the CSV example my file had one entry.

      cat mycall.csv

      Curl -k -u myuser:mypwd -X DELETE -k -T mycall.csv "https://host:8888/SSConfig/webresources/delete/active_calls

      It returns a 200 OK in response to the curl request

      The SIP BYE is sent in both directions from the INX. The reason says 'Q.850;cause=16;text="Manual Deletion"

      I found this url helpful to make the queries.


    • Jeff Anderson After further review at this time only CSV and XML is supported. We will put in a feature request to support JSON. JSON only downloads calls but doesn't work to delete active calls.

  • How do I use this for update/delete resourceblock, do you have a curl example ?

    I managed to download the resourceblock table with GET, but I can't update it or delete it. I keep getting "400 fail - failed\nnull"

    Do I need to use POST, PUT or GET? the curl example would be great!


    • Jorge Cuevas The guide has been updated with all of this information. Thanks for your feedback.

  • How do I need to authenticate for POST requests? BasicAuth is not working

    • voiceops were you able to figure this out? BasicAuth (user:pass) is what's supported. We have re-vamped this guide.

  • Just wanted to let you know there's a typo in the "List of Commands" table. 
    The "Query" action should be "query" :)

    Like 1
Like2 Follow
  • 1 mth agoLast active
  • 30Replies
  • 1748Views
  • 12 Following