Manage API keys - Administrator Guide

Manage API keys - Administrator Guide - Cortex CLOUD

Cortex Cloud Posture Management Documentation

Product

Cortex Cloud Application Security > Cortex CLOUD

License

Cloud Posture Management

Creation date

2025-01-22

Last date published

2026-06-04

How to create an API key

Select Settings → Configurations → Integrations → API Keys → New Key.
In the Role tab, perform for the following:
1. Under Security Level, select the type of API Key you want to generate: Advanced or Standard. The Advanced API key hashes the key using a nonce, a random string, and a timestamp to prevent replay attacks. cURL does not support this but it is suitable with scripts.
2. Under Role, select the desired level of access for this key. You can select from predefined roles or custom roles. Roles are available according to what was defined in either the Cortex Gateway or Cortex Cloud Access Management. You can view the configuration of the role selected by expanding the sections under Components. For more information, see Assign user roles and groups.
3. (Optional) Under Comment, provide a comment that describes the purpose of the API key.
4. (Optional) If you want to define a time limit on the API key authentication, select Enable Expiration Date, and select the expiration date and time. You can track the expiration date of each API key in the API Keys page. In addition, Cortex Cloud displays a API Key Expiration notification in the Notification Center one week and one day prior to the defined expiration date.

(Optional) To configure and manage granular scoping for Scope-Based Access Control (SBAC), click the Scope tab, and under Scope Definition, expand the scoping areas that you want to grant the user role access to for this API by clicking the chevron icon (>) beside the scoping area title. The following table explains the options available to configure:

Important

Before configuring, ensure that you review Understand scoping in the Manage user scope section.

Scoping Area	Granular Scoping Configurations
Assets	Set the Scope by selecting one of the following: No assets: No asset is accessible. All assets: Defines access to all assets. Select asset groups: Defines access to the specific assets associated with the Asset Groups selected, and to view all their related cases, issues, and findings for these specific assets and Asset Groups. Under Select asset groups, define the specific asset groups that you want to grant access. Only Asset Groups relevant for scoping are listed, which are asset groups that are using only the asset attributes listed in Manage user scope (under Understand scoping → Scoping Areas → Assets). The scoping of assets also affects the scoping of cases, issues, and findings. Note Visibility of Security domain Issues that refer to assets with agents is controlled by the Endpoints scoping configuration.
Cases and Issues	Set the Scope by selecting one of the following: No cases and issues: Defines access to no cases and issues. All cases and issues: Defines access to all cases and issues. Users can view cases or issues referencing assets within their scope. Use the Assets section to define which assets are in scope. Select domains: Defines access to the domains selected to view their related cases and issues. Under Select domains, define the specific domains that you want to grant access. Users can only view cases or issues referencing assets and endpoints within their scope. Use the Assets section to define which assets are in scope. When selecting All cases and issues or Select domains, you can separately configure access to issues and cases that lack an asset reference or where the referenced asset is not in All Assets and All Endpoints inventories. To provide access, select the Allow access to cases and issues that are not referencing known assets or endpoints checkbox. Once selected, you can specifically control which users have access to issues and cases that lack Affected Assets (as seen in the issue’s panel) and Assets (as seen in the case's panel), or where the listed assets are not part of the Asset or Endpoint inventories. When the assets listed are not part of the inventories, the asset string is typically non-clickable. In some cases, such as for identity-related issues, assets may open a dedicated User Risk View, which differs from the standard inventories panels. In the Issues and Cases tables, such items can be identified by empty values in the following columns: Asset IDs, Target Agent Identifier, and Source Agent Identifier.
Endpoints	Set the Scope by selecting one of the following: No endpoints: Defines access to no endpoints with no ability to view their related agent management and enterprise policies. All endpoints: Defines access to all endpoints with the ability to view their related agent management and enterprise policies. This configuration can impact the visibility of related Security domain Cases and Issues, but will not affect asset visibility. Select specific (at least one required): Defines specific access to all endpoint groups by selecting Endpoint Groups or all endpoint tags by selecting Endpoint Tags to view their related agent management and enterprise policies. This configuration can impact the visibility of related Security domain Cases and Issues, but will not affect asset visibility.

Scoping Area

Granular Scoping Configurations

Assets

Set the Scope by selecting one of the following:

No assets: No asset is accessible.
All assets: Defines access to all assets.
Select asset groups: Defines access to the specific assets associated with the Asset Groups selected, and to view all their related cases, issues, and findings for these specific assets and Asset Groups. Under Select asset groups, define the specific asset groups that you want to grant access. Only Asset Groups relevant for scoping are listed, which are asset groups that are using only the asset attributes listed in Manage user scope (under Understand scoping → Scoping Areas → Assets).

The scoping of assets also affects the scoping of cases, issues, and findings.

Note

Visibility of Security domain Issues that refer to assets with agents is controlled by the Endpoints scoping configuration.

Cases and Issues

Set the Scope by selecting one of the following:

No cases and issues: Defines access to no cases and issues.
All cases and issues: Defines access to all cases and issues. Users can view cases or issues referencing assets within their scope. Use the Assets section to define which assets are in scope.
Select domains: Defines access to the domains selected to view their related cases and issues. Under Select domains, define the specific domains that you want to grant access.
Users can only view cases or issues referencing assets and endpoints within their scope. Use the Assets section to define which assets are in scope.

When selecting All cases and issues or Select domains, you can separately configure access to issues and cases that lack an asset reference or where the referenced asset is not in All Assets and All Endpoints inventories. To provide access, select the Allow access to cases and issues that are not referencing known assets or endpoints checkbox. Once selected, you can specifically control which users have access to issues and cases that lack Affected Assets (as seen in the issue’s panel) and Assets (as seen in the case's panel), or where the listed assets are not part of the Asset or Endpoint inventories. When the assets listed are not part of the inventories, the asset string is typically non-clickable. In some cases, such as for identity-related issues, assets may open a dedicated User Risk View, which differs from the standard inventories panels. In the Issues and Cases tables, such items can be identified by empty values in the following columns: Asset IDs, Target Agent Identifier, and Source Agent Identifier.

Endpoints

Set the Scope by selecting one of the following:

No endpoints: Defines access to no endpoints with no ability to view their related agent management and enterprise policies.
All endpoints: Defines access to all endpoints with the ability to view their related agent management and enterprise policies. This configuration can impact the visibility of related Security domain Cases and Issues, but will not affect asset visibility.
Select specific (at least one required): Defines specific access to all endpoint groups by selecting Endpoint Groups or all endpoint tags by selecting Endpoint Tags to view their related agent management and enterprise policies. This configuration can impact the visibility of related Security domain Cases and Issues, but will not affect asset visibility.

Important

By default, Enable Scope Based Access Control is disabled in Settings → Configurations → General → Server Settings, and granular scoping is not enforced. Before enabling SBAC, we recommend that an administrator or a user with Access Management permissions first ensures that the users, user groups, and API Keys defined in Cortex Cloud are granted the required access by assigning the relevant scopes. For more information, see Manage user scope.

Click Generate to generate the API key.
Copy the generated API key and click Done.
Important
You will not be able to view the API key again after you complete this step. Ensure that you copy the API key before closing the notification.

Actions available on API Keys

Below are some of the main pivot (right-click) options for actions available on each API key listed in the API Keys table. Only tasks that need further explanation are explained below.

Action	Description
View Examples	Copies the Python 3 example, so you can edit it to set up your own API calls.
Copy text to clipboard / Copy entire row	Copies the value of an API setting, such as the ID, to the clipboard by right-clicking the setting and selecting Copy text to clipboard. You can copy all the settings of an API key by right-clicking and selecting Copy entire row.
Filter API keys	Filters the API keys by selecting one of the filter options, such as Show rows 30 days prior to.... You can then adjust the filter options to filter the API keys according to all the available fields.