REST API

The REST API plugin exposes Power Studio control over HTTP for trusted systems such as Bitfocus Companion, internal automation tools or custom studio integrations.

The default port is 9876. Authentication can use Basic authentication or current-user based behavior, depending on the station configuration.

The plugin includes an embedded Swagger UI for technical testing and discovery. Use it only on trusted networks and preferably from an administrator workstation.

When To Use It

Use the REST API when another trusted system needs to read Power Studio status or trigger supported actions, for example:

• a Stream Deck or Bitfocus Companion setup in the studio;
• an internal automation tool on the station network;
• a monitoring panel that reads playout, cart, recorder or Mix Editor status;
• a controlled integration that updates tracks or playlist data.

Do not use the REST API as a public web API. It is intended for trusted station networks, managed VPN connections and systems you administer.

Configure Safely

1. Open Options and Settings > Plugins.
2. Select REST API Server plugin.
3. Configure the port.
4. Configure authentication.
5. Add allowed IP addresses where possible.
6. Add CORS origins only for trusted browser-based clients.
7. Enable the plugin.
8. Restart Power Studio.

Do not expose the REST API directly to the public internet. Use it on trusted station networks only.

Security Checklist

Before enabling the plugin in production:

• decide which computer is allowed to host the API;
• choose whether the client will use the currently logged-in Power Studio user or Basic authentication;
• add allowed IP addresses where possible;
• add CORS origins only for browser-based clients you trust;
• test with a user account that has only the permissions the integration needs;
• document which external systems are allowed to connect.

Power Studio permissions still matter. If a user is not allowed to operate a function in Power Studio, an external control path should not be treated as a way around that permission.

Check The Connection

After restarting, test from the client system that will use the API. Confirm the exact actions that need to work, such as player control, cart control, playlist control, Mix Editor control and Recorder control.

The API can be used for operational control and administrative workflows, including:

• Playout player and cart player control.
• Setting visible playlist items as next.
• Mix Editor transport and voice-tracking control.
• Recorder transport and recording control.
• Creating or updating tracks from an external system.
• Adding lines to a playlist from an external system.
• Looking up the running application version for diagnostics.

Only enable the API endpoints needed by the station workflow. A remote control system should run on the studio LAN or over a managed VPN, and the administrator should document which external systems are allowed to connect.

Swagger UI

Open the Swagger UI from the API host to inspect the available routes, request models and response models. With the default port, the local URL is:

http://localhost:9876/swagger-ui

Use Swagger UI for technical testing before building buttons or scripts around an endpoint. Test from the same computer or network segment that the real client will use.

Example Checks

These examples assume the API runs on the local computer with the default port. If Basic authentication is enabled, include the configured username and password in the client.

Check the application version:

Invoke-RestMethod -Uri 'http://localhost:9876/api/application/version'

Check total status:

Invoke-RestMethod -Uri 'http://localhost:9876/api/status/total'

Check playout status:

Invoke-RestMethod -Uri 'http://localhost:9876/api/playout'

Trigger Mix Editor play:

Invoke-RestMethod -Method Post -Uri 'http://localhost:9876/api/mixeditor/play'

Use command endpoints only after confirming the user permissions and current screen state allow the action. A command can be accepted by the HTTP route but still have no operational effect when the current Power Studio state does not allow that action.

Authentication Behavior

With Basic authentication disabled, REST API actions use the permissions of the user currently logged into Power Studio. If no user is logged in, protected control actions fail with HTTP 401.

With Basic authentication enabled, the client can send a username and password. Some operational actions still require a Power Studio user session because they control the active user interface and current workstation state.

For Companion installations, keep the authentication model simple. Either run Companion on the trusted studio network with current-user authorization, or configure Basic authentication deliberately and test every required action.

Troubleshooting

If the client cannot connect:

• confirm the REST API plugin is enabled and Power Studio has been restarted;
• confirm the client uses the configured port, usually 9876;
• check Windows Firewall or network rules between the client and the Power Studio computer;
• check allowed IP addresses in the plugin settings;
• open Swagger UI locally on the Power Studio computer to confirm the API host is running.

If commands do not work:

• confirm a Power Studio user is logged in when the station uses current-user authorization;
• confirm the user has permission for the requested action;
• check whether the relevant screen or workflow is in a state where the command can run;
• test the same action manually in Power Studio before troubleshooting the API client;
• check whether Basic authentication settings in the client match the plugin configuration.

Related Topics

• Bitfocus Companion
• Users And Permissions
• Playout
• Mix Editor And Voice Tracking
• Recorder