How to have Milestone Smart Client react to a generic event triggered via REST API

General
1

Hi,

for our use-case we determine whether an inmate in a us prison has a critical health condition and share this event with milestone.

Example flow: Inmate in a large facility is experiencing a heart attack, we recognise this and want to focus on a camera that might monitor the concerned inmate.

To test this I managed to configure Milestone XProtect Management Client 2025 R3 in the following manner:

  1. Two “simulated cameras” utilising StableFPS that point to a jpeg file of AI generated inmates.
    1. Camera 1 shows a picture of an AI generated gentleman reading
    2. Camera 2 shows a picture of an AI generated gentleman sleeping (using /camers REST API I noted down the guid of this camera)
  2. A generic event named: ReassuranceHealthEvent - via REST API /eventTypes I noted down the guid of this event
  3. A rule that I hoped would trigger the camera to be visible in the “Focus“ monitor - Monitor 1 (See Screenshot ReassuranceHealthAlarm Rule below)
  4. A Smart Wall with 2 Monitors.
    1. Monitor 1 will serve as the “focus” monitor where I would like to display an inmate if their medical condition needs to be checked
    2. Monitor 2 will serve as a generic view where all the inmates within a facility can be observed (See Screenshot smart client - All)

Triggering the event:

curl --insecure --request POST "https://api.milestone.<our domain>.com/api/rest/v1/events" --header "Authorization: Bearer <Token>", -–header "Content-Type: application/json" --data '{"type": "d80917bd-0eeb-4cd0-8777-4e9c14e9ed11","datatype": "none", "tag": "igor was here", "source": "cameras/f5609e9d-7fb4-4d8f-8a92-303639b0f8cc"'

Problem:

  • Nothing happens - no displaying of the sleeping inmate on Monitor 1
  • The event is not visible in the /events endpoint
  • The event is not visible in Alarm Manager even when data source is of type event

Please advise / query if in need of more info

Thank you

Screenshot smart client - All:

image
image1920×1162 220 KB

2

Screenshot ReassuranceHealthAlarm Rule

image
image1920×1534 351 KB

3

Follow up info: When I explore the trigger request I am getting a 403..

curl -v --insecure --request POST “https://api.<domain>.com/api/rest/v1/events” --header “Accept: application/json” --header “Authorization: Bearer <Token>” --header “Content-Type: application/json” --data ‘{“type”: “d80917bd-0eeb-4cd0-8777-4e9c14e9ed11”, “datatype”: “none”, “tag”: “reassurance”, “source”: “cameras/f5609e9d-7fb4-4d8f-8a92-303639b0f8cc”}’
Note: Unnecessary use of -X or --request, POST is already inferred.

Host api.domain.com:443 was resolved.

IPv6: (none)

IPv4: 188.89.219.21

Trying 188.89.219.21:443…

Connected to api.<domain>.com (ip) port 443

ALPN: curl offers h2,http/1.1

(304) (OUT), TLS handshake, Client hello (1):

(304) (IN), TLS handshake, Server hello (2):

(304) (IN), TLS handshake, Unknown (8):

(304) (IN), TLS handshake, Certificate (11):

(304) (IN), TLS handshake, CERT verify (15):

(304) (IN), TLS handshake, Finished (20):

(304) (OUT), TLS handshake, Finished (20):

SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256 / [blank] / UNDEF

ALPN: server accepted http/1.1

Server certificate:

subject: CN=api.domain.com

start date: Apr 21 09:53:32 2026 GMT

expire date: Jul 20 09:53:31 2026 GMT

issuer: C=US; O=Let’s Encrypt; CN=E7

SSL certificate verify ok.

using HTTP/1.x

POST /api/rest/v1/events HTTP/1.1
Host: api.domain.com
User-Agent: curl/8.7.1
Accept: application/json
Authorization: Bearer <Token>
Content-Type: application/json
Content-Length: 148

upload completely sent off: 148 bytes
< HTTP/1.1 403 Forbidden
< Server: openresty
< Date: Wed, 06 May 2026 11:01:32 GMT
< Content-Length: 0
< Connection: keep-alive
< X-Powered-By: ASP.NET
<

Connection #0 to host api.domain.com left intact

This is how I try to login: (from events api docs)
curl --insecure --request POST “``https://api.<domain>.com/api/IDP/connect/token”``
–header “Content-Type: application/x-www-form-urlencoded”
–data-urlencode “grant_type=password”
–data-urlencode “username=<username>”
–data-urlencode “password=<password>”
–data-urlencode “client_id=GrantValidatorClient”

Decoded token:
{“iss”:“``http://gametower/IDP",“nbf”:1778065466,“iat”:1778065466,“exp”:1778069066,“aud”:[“managementserver”,“http://gametower/IDP/resources”],“scope”:[“managementserver”],“amr”:[“pwd”],“client_id”:“GrantValidatorClient”,“sub”:“15E48A9C-FB73-4577-AC12-459E601F0EBE”,“auth_time”:1778065466,“idp”:“local”,“name”:“Igor”,“updated_at”:“1777903652”,“jti”:"439FB2A6B87A96C3E707BDAC807FCA96”%

4

Generic events are probably not the best match for this type of REST based integration.

Why: Generic Events were invented to let the Event Server translate an incoming raw TCP/UDP string into an event (pattern matching on a “data source”). See the Generic Events overview and samples “TriggerGenericEvent / TriggerGenericEventStream”.

So if your plan is: REST call → event → rule → Smart Client action, I strongly recommend switching to either:

  • User-defined event (simple “signal”), or

  • Analytics event (best if you also need payload/data or richer routing).

This aligns with how the Events REST API is intended to be used. Events REST API reference (authorization/generatorSubtype note)

1 Like
5

@Bo_Ellegard_Andersen , thanks for pointing out the incorrect use of Generic Events, I indeed did not notice that part in the documentation

With a custom analytics event:

  • Using a rule I managed to point monitor1 to camera2 (sleeping) when the analytics event uses camera2
  • Using an alarm definition I managed to trigger an alarm based on this event + focus on camera2

Last part of the puzzle: My alarm definition has instructions specified. However these do not show up on Smart Client

Triggered alarm:

image
image1466×1628 315 KB

6

Alarm definition:

image
image1920×1223 336 KB

7

I have a strong feeling this is a know issue and a patch exists. Please apply the newest patches to the system and client. If it does not help please let me know the version of the XProtect VMS and the Smart Client used.