VRM API v2 Documentation

This document provides an brief overview of available endpoints and their parameters. The API is a basic REST API. The API accepts JSON as request body (not form data, just plain JSON). Use something like Postman to fiddle around with it.

Table of contents


To be able to authenticate to the Victron VRM API it is required you have an active account (the same account can be used as you would normally use for the VRM-dashboard). To login you need a valid email address and password. When the credentials are valid, a web-token will be generated which will then be required for subsequent calls to the api. If the token expires, an error message will be returned, which therefore means you have to request a new token with the original login-credentials.

Base URL

The base URL of the API is:


Authentication endpoints

The authentication endpoints include the only endpoints in the API for which no authorization header is required to access them.


Username and password

POST /v2/auth/login
    "username": "john@example.com",
    "password": "secret-passw0rd"

Or, if a SMS authentication token is required:

    "username": "john@example.com",
    "password": "secret-passw0rd",
    "sms_token": "12345678"

When logging in a token is issued which may be used to authorize further requests by including it in the "X-Authorization" request header as follows:

X-Authorization: Bearer {token}

Access token

When using personal access tokens (accesstokens), you have a token that can authenticate against the VRM API without the need of requesting a bearer token. Authentication with such an access token can be done as following:

X-Authorization: Token <your-personal-access-token>

Login as demo

GET /v2/auth/loginAsDemo
Issues an token for accessing the API as the VRM demo user (userid: 22). The demo user has limited access (not all endpoints work for the demo login, e.g. diagnostics is not working) to a few demo installations.


POST /v2/auth/logout
Accessing this endpoint with a token set in the Authorization header will blacklist the token at the server side for further use.