POST /WinCC/REST/Tags/ReadMultiple
"TagNames": ["Tank_Level", "Pump_Status", "Temperature"]
| Aspect | Recommendation | |--------|----------------| | Encryption | Always use HTTPS with a valid certificate (avoid self-signed in production). | | Authentication | Prefer token-based over basic auth; implement short token expiry. | | Network | Place WinCC server in a protected OT network; use a reverse proxy or VPN for external access. | | Permissions | Grant minimum necessary rights to REST API users (e.g., read-only if possible). | | Audit | Enable WinCC audit trail to log API writes. | | Rate limiting | WinCC does not enforce by default – implement at client or firewall level to avoid overload. |
The WinCC REST API is not a full replacement for OPC UA. OPC UA provides data modeling (nodes, methods, historical access), pub/sub, and proven industrial reliability. The REST API is best viewed as a supplemental convenience layer — not a core SCADA interface.
Furthermore, Siemens’ strategic direction is WinCC Unified, which embraces modern web standards (JavaScript, WebSockets, OAuth2). The REST API in WinCC Professional feels like a bridge to help existing customers survive until their next migration. wincc rest api
url = f"wincc_hostapi_base?tagName=tag_name"
try: # Send GET Request with Basic Auth response = requests.get( url, auth=(username, password), verify=False # Set to True if you have valid CA certificates )
if response.status_code == 200:
data = response.json()
print(f"Tag: tag_name")
print(f"Value: data.get('value')")
print(f"Quality: data.get('quality')")
print(f"Timestamp: data.get('timestamp')")
else:
print(f"Error: response.status_code")
print(response.text)
except Exception as e: print(f"Connection failed: e") POST /WinCC/REST/Tags/ReadMultiple
| Problem | Likely Cause | Solution |
|---------|--------------|----------|
| 401 Unauthorized | Wrong user/password or missing role | Assign "REST API access" role in WinCC User Administrator. |
| 404 Not Found | Wrong endpoint or API version | Check /swagger endpoint; use /api/v1/... as base. |
| 403 Forbidden | User lacks tag read/write permission | Grant tag-specific permissions in WinCC. |
| Connection refused | REST API not enabled or wrong port | Verify runtime settings and firewall rules. |
| Slow response | Large tag list or high-frequency polling | Use bulk read endpoints; reduce polling rate. |
What can you actually do with the WinCC REST API? The typical feature set includes: "TagNames": ["Tank_Level", "Pump_Status", "Temperature"]
| Feature | Description | Method Example |
| :--- | :--- | :--- |
| Read Tag Value | Fetch current value of a single or multiple data points (datapoints). | GET /api/dp/$dpName |
| Write Tag Value | Send a command to change a setpoint or control a valve. | PUT /api/dp/$dpName (Body: "value": 50) |
| Get Alarm List | Retrieve active or archived alarms/events. | GET /api/alerts/active |
| Acknowledge Alarm | Confirm an alarm from a remote dashboard. | POST /api/alert/$alertId/acknowledge |
| Query Archive Data | Retrieve historical trends for a time range. | GET /api/history/$dpName?start=...&end=... |
| User Authentication | Log in/out, check permissions. | POST /api/auth/login |
| Browse Data Points | Discover the tag structure dynamically. | GET /api/dp/browse?path=System1. |
The responses are typically clean JSON, making integration with modern JavaScript frameworks (React, Angular, Vue) or Python analytics scripts trivial.
Security is paramount in OT environments. The WinCC REST API does not allow anonymous access by default.