Skip to main content

Tenant Onboarding and agent install

Thread needs solution
Posts: 1
Comments: 0


We are a small msp provider with approx 350+ customers each have their own tenant managed by us.


We want to create a python script for automation task. To simplify.

1) Create Customer (tenant)

2) Assign services/offerings/application as per our standard rule (which doesn't change)

3) activate the user via setting the password

4) Generate Agent token from inside the customer tenant and use that for agent installation script.


Currently we are able to

1) Login with admin than fetch partnet_tenant_id f'{base_url}/idp/token

2) Create customer - url = f'{datacenter_url}/api/2/tenants'

payload = json.dumps({

  "name": "API001",

  "parent_id": partner_tenant_id,

  "kind": "customer"


#GET customer_tenant_id from output.

3)Get offerings from existing production tenant f'{datacenter_url}/api/2/tenants/{tenant_id}/offering_items', 

4) Set the offering.  Now here is the issue.

5) Activate the account with password (yet not done)

We are unable to get the proper result for setting the exact configuration as the existing tenant / customer.

How we can achieve that ?

We observed that  the Services -> Cyber Protect -> Protection per workload/per gigabyte doesn't get selected.

How to select per gigabyte from protection ?

Also how I can copy the offerings/application/services to new customer from previous working sample customer


0 Users found this helpful
Acronis engineer
Posts: 0
Comments: 84

Hello Bilal,

Thank you for submitting your request.

There is certain design behavior limitation which remained from the Legacy editions management.

GET /api/2/tenants/{tenant_id}/offering_items will only fetch legacy OIs (such should not exist anymore in your tenants), or OIs where the "edition" is null, such is the Local Storage for example. You should append the "edition" filter parameter with value either "pck_per_workload" or "pck_per_gigabyte" depending of the edition which you need to enable on the customer tenant, like:

GET /api/2/tenants/{tenant_id}/offering_items?edition=pck_per_workload
GET /api/2/tenants/{tenant_id}/offering_items?edition=pck_per_gigabyte
GET /api/2/tenants/{tenant_id}/offering_items?edition=* will fetch all the existing OIs from all editions

The reason for "We observed that  the Services -> Cyber Protect -> Protection per workload/per gigabyte doesn't get selected." is that without the specified edition, the default call without this parameter will not include them.

Please, refer to this documentation for everything about editions, offering items and usage metric and the prefixes that append to each value name in our API for the certain edition:…

I would suggest that you also fetch the list of offering items with:
GET /api/2/tenants/{partner_tenant_id}/offering_items/available_for_child?edition={edition}

Take the JSON payload from the response and reuse it in the PUT /api/2/tenants/{customer_tenant_id}/offering_items request when enabling the services and offering items on the customer tenant. This will guarantee you that you will only attempt to enable those offering items that are already enabled and available on the partner parent tenant and receive no errors in case you try to enable something missing for the customer. Note that you will need to change the main object "items" from the GET request to "offering_items" for the PUT request.

One more thing, if there are multiple storage type offering items (where you have "infra_id" and "pg_base_storage" / "pw_base_storage"), since we support only a single storage per customer tenant, make sure to either remove the extra items, or set them with "status": 0 in the PUT request. Select the storage which you desire to be used by this customer. Or you will get a failing response stating that there is already a storage enabled for the selected location (first item will pass, the next will fail as the first is enabled, and cancel the whole PUT operation). Storage details can be checked with GET /api/2/infra/{infra_id} endpoint.

If you have a standard rule and same setup for all tenants into your hierarchies you can skip the GET calls, and simply store predefined JSON payloads with ready set of OIs for the PUT call.

"Also how I can copy the offerings/application/services to new customer from previous working sample customer" - I am not sure I clearly understand this step, perhaps the suggested steps above already cover the answer, please clarify if not.

For the User management, please take a look at the correspondent folder in our public Postman collections:…

There are several things you'll need to do along with creation and activation of the user, like setting roles to the user so this user can access the services. Main user account roles:…

For the password activation method, use this request:…

It will directly set password, and activate the user with no further email notifications received, make sure to store the password and if needed share it with your customer. A password cannot be changed via public API, user itself should request new password from the "Forgot password?" page and change it via the assigned email once password change link is received, this can't be done via public API.

The last part, the Agent registration token and Agent installment is not done via API, only generating a registration token uses the API, but the rest requires additional approach. I suggest that you create a separate script for this operation. Please, have a look at our public Blog articles on this topic, you'll find all the necessary there:…………

Feel free to share your additional comments and questions if there is anything unclear.

Thank you!