The Synology REST API – Not much documentation, but a lot of possibilities

Recently I created a new Synology Chrome plugin to keep track of what my Synology NAS was doing and how much of it’s resources it was using. Since I was having issues with high CPU usage and disk usage (not healthy for it’s lifespan), I decided I wanted to keep a closer eye.

But logging into, over the net, to a NAS that is using 100% of all it’s resources does not give quick responses. So every step took ages: loading the login page, logging in, looking at the resources, … 

I figured that there had to be a quicker way to get to the data I wanted to see, so I started to look online for the JSON API. But all I found was a PDF to talk to the File Station, which just wasn’t what I was looking for. All the other API’s aren’t documented unfortunately, but it did get me on my way since it had one important piece of information: how to authenticate and get a session going.


Authentication is actually quite simple, but to keep it secure it is better to have SSL enabled and to use HTTPS. Because the password will be sent over in clear-text!

Sending a request like this:

/webapi/auth.cgi?api=SYNO.API.Auth&version=3&method=login&account=admin&passwd=1234 5&session=FileStation&format=cookie 

will result in a JSON response:

{ sid: “ohOCjwhHhwghw” }

Once that is done it is possible to send any other request to the web api. It just takes time to figure out which ones to call…

Discovering the services

Now that we are authenticated we need to start looking for the information and what requests to send to get it. In my examples I will be using Google Chrome for easy default developer tools.

The first thing that needs to be done is to log in to the web-interface of Synology. Since there the information that is handled, is delivered through Ajax calls using the internal API. And that is also the API that is publically available.

In this example we go to the resource monitor:

Synology Resource Monitor
All the information on this screen is updated real-time, but how is that done? The only technology on the web that can do something like that is async http web requests. So it’s time to open the developer tools and look at the network traffic to see what’s really going on.
Chrome network tab on Synology
On the ‘Network‘ tab of chrome we can see a lot of calls happening to ‘polling.cgi‘ and ‘_______________________________________________________entry.cgi‘. These are the async calls happening to the system to update the current screen. And the great thing is is that they are part of the public webapi, so they can also be called externally.

Having a closer look at the response of the request we can see that it contains all the information about the NAS we need:

Synology JSON responsone to entry.cgi
The only thing to keep in mind is that ‘entry.cgi‘ is an endpoint that can return a lot of different types of data, so it also requires parameters to filter it out. To figure out how they are named, look at the network tab in the development tools’s post data / headers:

Synology request headers
With this information I hope you can figure out how to access the public web-api that Synology provides without the need of any documentation. You can access quite a lot of it, if you know where to look!

Share this post

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.