diff --git a/Makefile b/Makefile
index 691d6f73c..35a68e6d9 100644
--- a/Makefile
+++ b/Makefile
@@ -428,6 +428,7 @@ prepare_test_server:
ETCDEFAULTDIR=`pwd`/e2e-tests/conf/def
#@cp -f e2e-tests/index.* e2e-tests/conf/
@cp -f $(SRCMANAGERDIR)/site/htdocs/manager* e2e-tests/conf/manager
+ @cp -f $(SRCMANAGERDIR)/site/htdocs/api* e2e-tests/conf/manager
@cp -f $(SRCPORTALDIR)/site/htdocs/index* e2e-tests/conf/portal
@cp e2e-tests/persistent/5efe8af397fc3577e05b483aca964f1b e2e-tests/conf/persistents
@cp e2e-tests/saml-sp.xml e2e-tests/conf/site/saml-sp.xml
diff --git a/_example/etc/manager-apache2.4.conf b/_example/etc/manager-apache2.4.conf
index 62841e33d..bccef04fe 100644
--- a/_example/etc/manager-apache2.4.conf
+++ b/_example/etc/manager-apache2.4.conf
@@ -99,3 +99,76 @@
# Uncomment this if site if you use SSL only
#Header set Strict-Transport-Security "max-age=15768000"
+
+# API virtual host (manager.__DNSDOMAIN__)
+
+ ServerName api.__DNSDOMAIN__
+ LogLevel notice
+ # See above to set LLNG user id in Apache logs
+ #CustomLog __APACHELOGDIR__/manager.log llng
+ #ErrorLog __APACHELOGDIR__/lm_err.log
+
+ # Uncomment this if you are running behind a reverse proxy and want
+ # LemonLDAP::NG to see the real IP address of the end user
+ # Adjust the settings to match the IP address of your reverse proxy
+ # and the header containing the original IP address
+ #
+ #RemoteIPHeader X-Forwarded-For
+ #RemoteIPInternalProxy 127.0.0.1
+
+
+ # FASTCGI CONFIGURATION
+ # ---------------------
+
+ # 1) URI management
+ RewriteEngine on
+
+ # For performances, you can delete the previous RewriteRule line after
+ # puttings html files: simply put the HTML results of differents modules
+ # (configuration, sessions, notifications) as manager.html, sessions.html,
+ # notifications.html and uncomment the 2 following lines:
+ # DirectoryIndex manager.html
+ # RewriteCond "%{REQUEST_URI}" "!\.html(?:/.*)?$"
+
+ # REST URLs
+ RewriteCond "%{REQUEST_URI}" "!^/(?:static|doc|lib|javascript|favicon).*"
+ RewriteRule "^/(.+)$" "/api.fcgi/$1" [PT]
+
+ # 2) FastCGI engine
+
+ # You can choose any FastCGI system. Here is an example using mod_fcgid
+ # mod_fcgid configuration
+ FcgidMaxRequestLen 2000000
+
+ SetHandler fcgid-script
+ Options +ExecCGI
+ header unset Lm-Remote-User
+
+
+ # If you want to use mod_fastcgi, replace lines below by:
+ #FastCgiServer __MANAGERSITEDIR__/manager.fcgi
+
+ # GLOBAL CONFIGURATION
+ # --------------------
+
+ DocumentRoot __MANAGERSITEDIR__
+
+
+ Require all granted
+
+
+ AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css
+ SetOutputFilter DEFLATE
+ BrowserMatch ^Mozilla/4 gzip-only-text/html
+ BrowserMatch ^Mozilla/4\.0[678] no-gzip
+ BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
+ SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
+
+
+ Header append Vary User-Agent env=!dont-vary
+
+
+
+ # Uncomment this if site if you use SSL only
+ #Header set Strict-Transport-Security "max-age=15768000"
+
diff --git a/_example/etc/manager-apache2.X.conf b/_example/etc/manager-apache2.X.conf
index 614c311f7..e5cd66229 100644
--- a/_example/etc/manager-apache2.X.conf
+++ b/_example/etc/manager-apache2.X.conf
@@ -118,3 +118,83 @@
# Uncomment this if site if you use SSL only
#Header set Strict-Transport-Security "max-age=15768000"
+
+# API virtual host (manager.__DNSDOMAIN__)
+
+ ServerName api.__DNSDOMAIN__
+ LogLevel notice
+ # See above to set LLNG user id in Apache logs
+ #CustomLog __APACHELOGDIR__/manager.log llng
+ #ErrorLog __APACHELOGDIR__/lm_err.log
+
+ # Uncomment this if you are running behind a reverse proxy and want
+ # LemonLDAP::NG to see the real IP address of the end user
+ # Adjust the settings to match the IP address of your reverse proxy
+ # and the header containing the original IP address
+ #
+ #RemoteIPHeader X-Forwarded-For
+ #RemoteIPInternalProxy 127.0.0.1
+
+
+ # FASTCGI CONFIGURATION
+ # ---------------------
+
+ # 1) URI management
+ RewriteEngine on
+
+ # For performances, you can delete the previous RewriteRule line after
+ # puttings html files: simply put the HTML results of differents modules
+ # (configuration, sessions, notifications) as manager.html, sessions.html,
+ # notifications.html and uncomment the 2 following lines:
+ # DirectoryIndex manager.html
+ # RewriteCond "%{REQUEST_URI}" "!\.html(?:/.*)?$"
+
+ # REST URLs
+ RewriteCond "%{REQUEST_URI}" "!^/(?:static|doc|lib|javascript|favicon).*"
+ RewriteRule "^/(.+)$" "/api.fcgi/$1" [PT]
+
+ # 2) FastCGI engine
+
+ # You can choose any FastCGI system. Here is an example using mod_fcgid
+ # mod_fcgid configuration
+ FcgidMaxRequestLen 2000000
+
+ SetHandler fcgid-script
+ Options +ExecCGI
+ header unset Lm-Remote-User
+
+
+ # If you want to use mod_fastcgi, replace lines below by:
+ #FastCgiServer __MANAGERSITEDIR__/manager.fcgi
+
+ # GLOBAL CONFIGURATION
+ # --------------------
+
+ DocumentRoot __MANAGERSITEDIR__
+
+
+ = 2.3>
+ Require all granted
+
+
+ Order Deny,Allow
+ Allow from all
+
+ Options +FollowSymLinks
+
+
+ AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css
+ SetOutputFilter DEFLATE
+ BrowserMatch ^Mozilla/4 gzip-only-text/html
+ BrowserMatch ^Mozilla/4\.0[678] no-gzip
+ BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
+ SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
+
+
+ Header append Vary User-Agent env=!dont-vary
+
+
+
+ # Uncomment this if site if you use SSL only
+ #Header set Strict-Transport-Security "max-age=15768000"
+
diff --git a/_example/etc/manager-apache2.conf b/_example/etc/manager-apache2.conf
index 540557cbc..00cb4aa81 100644
--- a/_example/etc/manager-apache2.conf
+++ b/_example/etc/manager-apache2.conf
@@ -102,3 +102,77 @@
# Uncomment this if site if you use SSL only
#Header set Strict-Transport-Security "max-age=15768000"
+
+# API virtual host (api.__DNSDOMAIN__)
+
+ ServerName api.__DNSDOMAIN__
+ LogLevel notice
+ # See above to set LLNG user id in Apache logs
+ #CustomLog __APACHELOGDIR__/manager.log llng
+ #ErrorLog __APACHELOGDIR__/lm_err.log
+
+ # Uncomment this if you are running behind a reverse proxy and want
+ # LemonLDAP::NG to see the real IP address of the end user
+ # Adjust the settings to match the IP address of your reverse proxy
+ # and the header containing the original IP address
+ #
+ #RemoteIPHeader X-Forwarded-For
+ #RemoteIPInternalProxy 127.0.0.1
+
+
+ # FASTCGI CONFIGURATION
+ # ---------------------
+
+ # 1) URI management
+ RewriteEngine on
+
+ # For performances, you can delete the previous RewriteRule line after
+ # puttings html files: simply put the HTML results of differents modules
+ # (configuration, sessions, notifications) as manager.html, sessions.html,
+ # notifications.html and uncomment the 2 following lines:
+ # DirectoryIndex manager.html
+ # RewriteCond "%{REQUEST_URI}" "!\.html(?:/.*)?$"
+
+ # REST URLs
+ RewriteCond "%{REQUEST_URI}" "!^/(?:static|doc|lib|javascript|favicon).*"
+ RewriteRule "^/(.+)$" "/api.fcgi/$1" [PT]
+
+ # 2) FastCGI engine
+
+ # You can choose any FastCGI system. Here is an example using mod_fcgid
+ # mod_fcgid configuration
+ FcgidMaxRequestLen 2000000
+
+ SetHandler fcgid-script
+ Options +ExecCGI
+ header unset Lm-Remote-User
+
+
+ # If you want to use mod_fastcgi, replace lines below by:
+ #FastCgiServer __MANAGERSITEDIR__/manager.fcgi
+
+ # GLOBAL CONFIGURATION
+ # --------------------
+
+ DocumentRoot __MANAGERSITEDIR__
+
+
+ Order Deny,Allow
+ Allow from all
+
+
+ AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css
+ SetOutputFilter DEFLATE
+ BrowserMatch ^Mozilla/4 gzip-only-text/html
+ BrowserMatch ^Mozilla/4\.0[678] no-gzip
+ BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
+ SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
+
+
+ Header append Vary User-Agent env=!dont-vary
+
+
+
+ # Uncomment this if site if you use SSL only
+ #Header set Strict-Transport-Security "max-age=15768000"
+
diff --git a/lemonldap-ng-manager/MANIFEST b/lemonldap-ng-manager/MANIFEST
index cb250062d..903ca16b8 100644
--- a/lemonldap-ng-manager/MANIFEST
+++ b/lemonldap-ng-manager/MANIFEST
@@ -7,6 +7,9 @@ eg/manager.psgi
KINEMATIC.md
lib/Lemonldap/NG/Manager.pm
lib/Lemonldap/NG/Manager/2ndFA.pm
+lib/Lemonldap/NG/Manager/Api.pm
+lib/Lemonldap/NG/Manager/Api/2F.pm
+lib/Lemonldap/NG/Manager/Api/Providers.pm
lib/Lemonldap/NG/Manager/Attributes.pm
lib/Lemonldap/NG/Manager/Build.pm
lib/Lemonldap/NG/Manager/Build/Attributes.pm
@@ -40,6 +43,7 @@ site/coffee/notifications.coffee
site/coffee/sessions.coffee
site/coffee/viewDiff.coffee
site/coffee/viewer.coffee
+site/htdocs/api.fcgi
site/htdocs/manager.fcgi
site/htdocs/manager.psgi
site/htdocs/static/bwr/angular-animate/angular-animate.js
@@ -213,6 +217,7 @@ site/templates/viewDiff.tpl
site/templates/viewer.tpl
t/02-HTML-template.t
t/03-HTML-forms.t
+t/04-hello-api.t
t/05-rest-api.t
t/06-rest-api.t
t/07-utf8.t
diff --git a/lemonldap-ng-manager/site/htdocs/api.fcgi b/lemonldap-ng-manager/site/htdocs/api.fcgi
new file mode 100755
index 000000000..67d37b8d8
--- /dev/null
+++ b/lemonldap-ng-manager/site/htdocs/api.fcgi
@@ -0,0 +1,12 @@
+#!/usr/bin/perl
+
+use Plack::Handler::FCGI;
+use Lemonldap::NG::Manager;
+
+# Roll your own
+my $server = Plack::Handler::FCGI->new();
+$server->run(
+ Lemonldap::NG::Manager->run(
+ { enabledModules => "api", protection => "none" }
+ )
+);