- In Cortex, navigate to Settings > Configurations > Integrations > API Keys > New Key.
- In the Role tab, perform the following:
- Under Security Level, select the type of API Key you want to generate: Advanced or Standard. The Advanced API key hashes the key using a nonce, a random string, and a timestamp to prevent replay attacks. cURL does not support this but it is suitable with scripts.
- Under Role, select the desired level of access for this key. You can select from predefined roles or custom roles. Roles are available according to what was defined in either the Cortex Gateway or Cortex XSIAM Access Management. You can view the configuration of the role selected by expanding the sections under Components. For more information, see Assign user roles and groups.
- (Optional) Under Comment, provide a comment that describes the purpose of the API key.
- (Optional) If you want to define a time limit on the API key authentication, select Enable Expiration Date, and select the expiration date and time. You can track the expiration date of each API key in the API Keys page. In addition, Cortex XSIAM displays a API Key Expiration notification in the Notification Center one week and one day prior to the defined expiration date.
- (Optional) To configure and manage granular scoping for Scope-Based Access Control (SBAC), click the Scope tab, and under Scope Definition, expand the scoping areas that you want to grant the user role access to for this API by clicking the chevron icon (>) beside the scoping area title. For more information, see Manage API keys.
- Generate the API Key.
- Copy the API key, and then click Close. This value represents your unique
Authorization:{key}.
warning You will not be able to view the API Key again after you complete this step. Ensure that you copy it before closing the notification.