The Cortex Cloud Application Security public API for Criteria enables programmatic management of criteria; listing, retrieving, creating, and deleting criteria that define application grouping rules. The criteria API automates workflows, enabling you to integrate criteria lifecycle management into infrastructure-as-code provisioning and organizational onboarding automation.
API prerequisites
Requirement | Description |
|---|---|
API key | A valid Cortex Cloud API key generated from the console |
API key role | The key must have the AppSec Admin role or a custom role with access to ASPM application resources (Criteria and Applications) |
Base URL | The API base URL corresponding to the tenant region |
Authentication | The |
API workflow overview
A standard workflow for managing criteria through the public API follows the sequence below:
Authenticate: Generate a
JWTtoken using the API key credentials.Create: Send a
POSTrequest with the criteria definition (name, type, configuration).List or Get: Retrieve criteria using
GETto verify creation or inspect the current state.Delete: Use
DELETEto remove deprecated criteria to maintain inventory hygiene.
Supported API operations
The API uses the base path /public_api/appsec/v1/application/criteria and supports these operations:
Operation | Method | Endpoint | Description |
|---|---|---|---|
| GET |
| Retrieve all criteria with pagination support |
GET |
| Retrieve a specific criteria by the unique identifier | |
| POST |
| Create a new criteria to automate application grouping and discovery. You can create two types of criteria:
|
| DELETE |
| Delete a criteria by the unique identifier |
Reference
Explore the API for detailed configurations and schemas to manage criteria at scale or as part of automation pipelines.
API documentation: For the complete technical reference, including full request schemas, field validation rules, and authentication, refer to the Cortex Cloud Application Security Criteria API documentation.