What you have is an undocumented API designed to be used only by the Web Reports UI. While there is nothing stopping you from using it, it may change at any time and HCL will not offer any guarantee it won’t disappear in the next release.
With that being said, @Scott did do an awesome job of documenting the API using what he observed via the Web Reports UI XHR calls in his Feb 2018 post and should you wish to leverage this technique (again, with the major cavate that it may change/disappear tomorrow) I would say have fun
One additional thing to note: when you provide a username/password in the URL, you are causing an authentication lookup on each and every query. While a few here and there won’t cause any trouble, if you are performing hundreds or using an LDAP account things can start to bog down. You might want to use the following flow in any multi-query scripts:
- Login to Web Reports (using Username/Password) and obtain a session cookie
- Send that session cookie along with your queries (but do not use the username/password arguments in the URL)
- If the server responds back to your query with an updated session cookie, throw away the previous one and use the new cookie in the next query.
- If after X queries or Y minutes you get an HTTP 401 to your queries, goto #1.
Depending upon your scripting language and/or method of calling the URL, there will be different methods you can use for this. Most tools and functions today allow you to maintain state between calls either in a session variable or cookie file. Look at your documentation for the method/switch.
For example, using PowerShell:
# Initial call to login
Invoke-RestMethod -Uri https://web_reports_login_url -SessionVariable WR_SESSION
# Subsequet calls
Invoke-RestMethod -Uri https://web_reports/json/computers?.. -WebSession $WR_SESSION