Public API - Configure Public API permissions (under Integrations). - Administrator Guide - Cortex XSIAM - Cortex

Public API - Configure Public API permissions (under Integrations). - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM 3.x Documentation

Product

Cortex XSIAM

Creation date

2025-07-15

Last date published

2026-06-16

Category

Administrator Guide

Abstract

Configure Public API permissions (under Integrations).

Controls access to API key management for external integrations. This includes creating, viewing, editing, and revoking API keys that allow external systems to interact with Cortex XSIAM in Settings → Configurations → Integrations → API Keys. The Public API permissions also manage access to the Compute Unit Usage page.

Permission	Description	Roles Example
None	The user cannot see the API Keys page or view or manage the Compute Unit Usage page.	SOC Tier-1 Analyst: No need for API or Compute Unit Usage page access.
View	The user can view the list of existing API keys but cannot create, edit, or delete them. The user can view the Compute Unit Usage page, but cannot edit the daily compute unit limit.	SOC Tier-2 and 3 Analysts: May need to verify API integrations. Threat Hunter: Review API integrations for hunting.
View/Edit	The user has full control over API keys, including creating, editing, and deleting them. The user can view the Compute Unit Usage page and edit the daily compute unit limit.	Security Engineer: Develop and manage API integrations. Manage daily usage of compute units.

As API keys are often used to bridge data between modules, consider the following dependencies:

Permission	Permission Level	Reason
Audit	View	Strongly recommended to track API key creation, modification, and deletion events for security compliance.
Integrations	View	Recommended to understand which integrations use API keys for data collection.
Credentials	View	Recommended to view credentials that may be associated with API-based integrations.