post
/public_api/v1/api_keys/get_api_keys
Get a list of API keys filtered by expiration date, role, or ID.
Required license: Cortex XSIAM Premium or Cortex XSIAM Enterprise or Cortex XSIAM NG SIEM or Cortex XSIAM Enterprise Plus.
Request headers
authorization
String
required
api_key
api_key
Example:
DCdIeow0xm73EwnxjPza1tdHTfZQv2eH7bTKlTPkgBHLj8aSjFzjgTE9bQUK1DidlWLrnYRhaYQ4PCIyNrNJbMUC6DOWi8ANIn1JWpMTE2neGvoDIRsKUbj6pJ1z7Gmr
x-xdr-auth-id
String
required
api_key_id
api_key_id
Example:
2841
x-xdr-timestamp
String
required
timestamp in milliseconds
timestamp in milliseconds
Example:
xXdrTimestamp_example
x-xdr-nonce
String
required
64 byte random string
64 byte random string
Example:
xXdrNonce_example
x-child-tenant-id
String
required
child tenant ID
child tenant ID
Example:
xChildTenantId_example
CLIENT REQUEST
curl -X 'POST'
-H
'Accept: application/json'
-H
'Content-Type: application/json'
-H
'authorization: DCdIeow0xm73EwnxjPza1tdHTfZQv2eH7bTKlTPkgBHLj8aSjFzjgTE9bQUK1DidlWLrnYRhaYQ4PCIyNrNJbMUC6DOWi8ANIn1JWpMTE2neGvoDIRsKUbj6pJ1z7Gmr'
-H
'x-xdr-auth-id: 2841'
-H
'x-xdr-timestamp: xXdrTimestamp_example'
-H
'x-xdr-nonce: xXdrNonce_example'
-H
'x-child-tenant-id: xChildTenantId_example'
'https://api-yourfqdn/public_api/v1/api_keys/get_api_keys'
-d
''
import http.client
conn = http.client.HTTPSConnection("api-yourfqdn")
payload = "{\"request_data\":{\"filters\":[{\"field\":\"expiration\",\"operator\":\"gte\",\"value\":0}]}}"
headers = {
'authorization': "DCdIeow0xm73EwnxjPza1tdHTfZQv2eH7bTKlTPkgBHLj8aSjFzjgTE9bQUK1DidlWLrnYRhaYQ4PCIyNrNJbMUC6DOWi8ANIn1JWpMTE2neGvoDIRsKUbj6pJ1z7Gmr",
'x-xdr-auth-id': "2841",
'x-xdr-timestamp': "SOME_STRING_VALUE",
'x-xdr-nonce': "SOME_STRING_VALUE",
'x-child-tenant-id': "SOME_STRING_VALUE",
'content-type': "application/json"
}
conn.request("POST", "/public_api/v1/api_keys/get_api_keys", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))require 'uri'
require 'net/http'
require 'openssl'
url = URI("https://api-yourfqdn/public_api/v1/api_keys/get_api_keys")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Post.new(url)
request["authorization"] = 'DCdIeow0xm73EwnxjPza1tdHTfZQv2eH7bTKlTPkgBHLj8aSjFzjgTE9bQUK1DidlWLrnYRhaYQ4PCIyNrNJbMUC6DOWi8ANIn1JWpMTE2neGvoDIRsKUbj6pJ1z7Gmr'
request["x-xdr-auth-id"] = '2841'
request["x-xdr-timestamp"] = 'SOME_STRING_VALUE'
request["x-xdr-nonce"] = 'SOME_STRING_VALUE'
request["x-child-tenant-id"] = 'SOME_STRING_VALUE'
request["content-type"] = 'application/json'
request.body = "{\"request_data\":{\"filters\":[{\"field\":\"expiration\",\"operator\":\"gte\",\"value\":0}]}}"
response = http.request(request)
puts response.read_bodyconst data = JSON.stringify({
"request_data": {
"filters": [
{
"field": "expiration",
"operator": "gte",
"value": 0
}
]
}
});
const xhr = new XMLHttpRequest();
xhr.withCredentials = true;
xhr.addEventListener("readystatechange", function () {
if (this.readyState === this.DONE) {
console.log(this.responseText);
}
});
xhr.open("POST", "https://api-yourfqdn/public_api/v1/api_keys/get_api_keys");
xhr.setRequestHeader("authorization", "DCdIeow0xm73EwnxjPza1tdHTfZQv2eH7bTKlTPkgBHLj8aSjFzjgTE9bQUK1DidlWLrnYRhaYQ4PCIyNrNJbMUC6DOWi8ANIn1JWpMTE2neGvoDIRsKUbj6pJ1z7Gmr");
xhr.setRequestHeader("x-xdr-auth-id", "2841");
xhr.setRequestHeader("x-xdr-timestamp", "SOME_STRING_VALUE");
xhr.setRequestHeader("x-xdr-nonce", "SOME_STRING_VALUE");
xhr.setRequestHeader("x-child-tenant-id", "SOME_STRING_VALUE");
xhr.setRequestHeader("content-type", "application/json");
xhr.send(data);HttpResponse<String> response = Unirest.post("https://api-yourfqdn/public_api/v1/api_keys/get_api_keys")
.header("authorization", "DCdIeow0xm73EwnxjPza1tdHTfZQv2eH7bTKlTPkgBHLj8aSjFzjgTE9bQUK1DidlWLrnYRhaYQ4PCIyNrNJbMUC6DOWi8ANIn1JWpMTE2neGvoDIRsKUbj6pJ1z7Gmr")
.header("x-xdr-auth-id", "2841")
.header("x-xdr-timestamp", "SOME_STRING_VALUE")
.header("x-xdr-nonce", "SOME_STRING_VALUE")
.header("x-child-tenant-id", "SOME_STRING_VALUE")
.header("content-type", "application/json")
.body("{\"request_data\":{\"filters\":[{\"field\":\"expiration\",\"operator\":\"gte\",\"value\":0}]}}")
.asString();import Foundation
let headers = [
"authorization": "DCdIeow0xm73EwnxjPza1tdHTfZQv2eH7bTKlTPkgBHLj8aSjFzjgTE9bQUK1DidlWLrnYRhaYQ4PCIyNrNJbMUC6DOWi8ANIn1JWpMTE2neGvoDIRsKUbj6pJ1z7Gmr",
"x-xdr-auth-id": "2841",
"x-xdr-timestamp": "SOME_STRING_VALUE",
"x-xdr-nonce": "SOME_STRING_VALUE",
"x-child-tenant-id": "SOME_STRING_VALUE",
"content-type": "application/json"
]
let parameters = ["request_data": ["filters": [
[
"field": "expiration",
"operator": "gte",
"value": 0
]
]]] as [String : Any]
let postData = JSONSerialization.data(withJSONObject: parameters, options: [])
let request = NSMutableURLRequest(url: NSURL(string: "https://api-yourfqdn/public_api/v1/api_keys/get_api_keys")! as URL,
cachePolicy: .useProtocolCachePolicy,
timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data
let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
if (error != nil) {
print(error)
} else {
let httpResponse = response as? HTTPURLResponse
print(httpResponse)
}
})
dataTask.resume()<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://api-yourfqdn/public_api/v1/api_keys/get_api_keys",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => "{\"request_data\":{\"filters\":[{\"field\":\"expiration\",\"operator\":\"gte\",\"value\":0}]}}",
CURLOPT_HTTPHEADER => [
"authorization: DCdIeow0xm73EwnxjPza1tdHTfZQv2eH7bTKlTPkgBHLj8aSjFzjgTE9bQUK1DidlWLrnYRhaYQ4PCIyNrNJbMUC6DOWi8ANIn1JWpMTE2neGvoDIRsKUbj6pJ1z7Gmr",
"content-type: application/json",
"x-child-tenant-id: SOME_STRING_VALUE",
"x-xdr-auth-id: 2841",
"x-xdr-nonce: SOME_STRING_VALUE",
"x-xdr-timestamp: SOME_STRING_VALUE"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}CURL *hnd = curl_easy_init();
curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "POST");
curl_easy_setopt(hnd, CURLOPT_URL, "https://api-yourfqdn/public_api/v1/api_keys/get_api_keys");
struct curl_slist *headers = NULL;
headers = curl_slist_append(headers, "authorization: DCdIeow0xm73EwnxjPza1tdHTfZQv2eH7bTKlTPkgBHLj8aSjFzjgTE9bQUK1DidlWLrnYRhaYQ4PCIyNrNJbMUC6DOWi8ANIn1JWpMTE2neGvoDIRsKUbj6pJ1z7Gmr");
headers = curl_slist_append(headers, "x-xdr-auth-id: 2841");
headers = curl_slist_append(headers, "x-xdr-timestamp: SOME_STRING_VALUE");
headers = curl_slist_append(headers, "x-xdr-nonce: SOME_STRING_VALUE");
headers = curl_slist_append(headers, "x-child-tenant-id: SOME_STRING_VALUE");
headers = curl_slist_append(headers, "content-type: application/json");
curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers);
curl_easy_setopt(hnd, CURLOPT_POSTFIELDS, "{\"request_data\":{\"filters\":[{\"field\":\"expiration\",\"operator\":\"gte\",\"value\":0}]}}");
CURLcode ret = curl_easy_perform(hnd);var client = new RestClient("https://api-yourfqdn/public_api/v1/api_keys/get_api_keys");
var request = new RestRequest(Method.POST);
request.AddHeader("authorization", "DCdIeow0xm73EwnxjPza1tdHTfZQv2eH7bTKlTPkgBHLj8aSjFzjgTE9bQUK1DidlWLrnYRhaYQ4PCIyNrNJbMUC6DOWi8ANIn1JWpMTE2neGvoDIRsKUbj6pJ1z7Gmr");
request.AddHeader("x-xdr-auth-id", "2841");
request.AddHeader("x-xdr-timestamp", "SOME_STRING_VALUE");
request.AddHeader("x-xdr-nonce", "SOME_STRING_VALUE");
request.AddHeader("x-child-tenant-id", "SOME_STRING_VALUE");
request.AddHeader("content-type", "application/json");
request.AddParameter("application/json", "{\"request_data\":{\"filters\":[{\"field\":\"expiration\",\"operator\":\"gte\",\"value\":0}]}}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);Body parameters
application/json
request_dataobject
filtersarrayAn array of filter fields.
An array of filter fields.
[fieldobject (Enum)
operatorobject (Enum)
valueinteger or array
]
fieldobject (Enum)Identifies the API key field the filter is matching. Filters are based on the following keywords:
expiration: Time the API key expires in epoch milliseconds.roles: The role assigned to the API key at creation.id: API key ID.
Identifies the API key field the filter is matching. Filters are based on the following keywords:
expiration: Time the API key expires in epoch milliseconds.roles: The role assigned to the API key at creation.id: API key ID.
Allowed values:"expiration""roles""id"
operatorobject (Enum)Identifies the comparison operator you want to use for this filter. Valid keywords are:
-
gte / lte operator is used with expiration field (Integer in timestamp epoch milliseconds).
-
contains operator is used with roles field (Array of strings).
-
in operator is used with id field (Array of integers).
Identifies the comparison operator you want to use for this filter. Valid keywords are:
-
gte/lteoperator is used withexpirationfield (Integer in timestamp epoch milliseconds). -
containsoperator is used withrolesfield (Array of strings). -
inoperator is used withidfield (Array of integers).
Allowed values:"gte""lte""contains""in"
valueinteger or arrayValue that this filter must match. The contents of this field will differ depending on the API key field that you specified for this filter:
expiration: Integer representing the number of milliseconds after the Unix epoch, UTC timezone.roles: Array of strings representing the roles in the Cortex XSOAR system.id: Array of integers representing the API key IDs.
Value that this filter must match. The contents of this field will differ depending on the API key field that you specified for this filter:
expiration: Integer representing the number of milliseconds after the Unix epoch, UTC timezone.roles: Array of strings representing the roles in the Cortex XSOAR system.id: Array of integers representing the API key IDs.
REQUEST
{
"request_data": {
"filters": [
{
"field": "expiration",
"operator": "gte",
"value": 1721149909250
}
]
}
}{
"request_data": {
"filters": [
{
"field": "roles",
"operator": "contains",
"value": [
"Public API Action"
]
}
]
}
}{
"request_data": {
"filters": [
{
"field": "id",
"operator": "in",
"value": [
85
]
}
]
}
}Responses
OK
Body
application/json
replyobject
dataarray
[idinteger
creation_timeinteger
created_bystring
user_namestring
rolesarray[string]
security_levelstring
commentobject
expirationinteger
]
idinteger
creation_timeinteger
created_bystring
user_namestring
rolesarray[string]
security_levelstring
commentobject
expirationinteger
filter_countinteger
total_countintegerNote: The total_count value contains all API Keys, including ones that have expired.
Note: The total_count value contains all API Keys, including ones that have expired.
RESPONSE
{
"reply": {
"DATA": [
{
"id": 25,
"creation_time": 1709544947832,
"created_by": "N/A",
"user_name": "Public API - 21",
"roles": [
"default"
],
"security_level": "standard",
"comment": null,
"expiration": 1710149747184
},
{
"id": 24,
"creation_time": 1709544787367,
"created_by": "N/A",
"user_name": "Public API - 21",
"roles": [
"default"
],
"security_level": "standard",
"comment": null,
"expiration": 1710149586852
},
{
"id": 23,
"creation_time": 1709544227320,
"created_by": "N/A",
"user_name": "Public API - 21",
"roles": [
"default"
],
"security_level": "standard",
"comment": null,
"expiration": 1710149026834
}
],
"FILTER_COUNT": 3,
"TOTAL_COUNT": 70
}
}