How do I create a RESTful API in PowerShell?

Why oh why would anyone want to do this?

Recently I was building a web front-end in AngularJS and NodeJS, and desperately wanted to use native PowerShell to query Active Directory as well as leverage the get-WMIObject cmdlet to extract data from Microsoft servers in real-time. And while there are PowerShell modules for NodeJS, they are quite limited in what they can do.

So, rather than work with the limited functionality of a NodeJS plugin I decided to build my own RESTful API that would execute any command I want and return the resultant data as JSON objects.

The end result will be a dynamically customizable set of URLs that the API server can interpret, process and return data.


This script (running on server named ‘apiserver’) is going to be set to receive requests in the following format:  http://apiserver:8000/commandtype/parameter1/parameter2

In the specific case of using this API to query any WMI Class on any server, the format is more accurately described as:



So if I wanted to get the win32_bios WMI class data for server DC01, I would issue a GET request to:



Or if I wanted to get data from a different class, like win32_operatingsystem, it would be:


(you see how we should be able to sub-in any win32 class and server name to dynamically get the data we need)


Here is the code to make it happen.  The comments should be self-explanatory (enough for you to be able to modify it to suit your needs):

WARNING – the following code should not be implemented in a production environment without careful consideration of things like:

– Code Injection
– Permissions
– Other scary stuff


To test this out without getting into building a full Javascript front-end, a regular web browser can be used to confirm it’s working as expected. The result should look something like this:

4 Comments How do I create a RESTful API in PowerShell?

    1. Kamal

      I believe you could – it would just be a matter of deconstructing the POSTed data.
      Depending on the use-case, you could potentially just have the data as a series of “sub-folders” in the URL (like the win32_bios calls in the example).

      So long as your receiving code knows how to deconstruct the long URL string http://apiserver:8000/param1/data1/data2/data3/data4… etc you could do it.

      You could/should also add a conditional check in the headers for an originating IP address to limit where you can receive API calls from.


Leave a Reply

Your email address will not be published. Required fields are marked *