Make your first API call

Cortex XSOAR 6 API

The following examples vary depending on the type of key you select.

You can test authentication with Advanced API keys using the provided Python 3 example. With Standard API keys, use either the cURL example or the Python 3 example. Don't forget to replace the example variables with your unique API key, API key ID, and FQDN tenant. After you verify authentication, you can begin making API calls.

Create an incident - Standard key cURL example

curl -X POST https://api-company.us.com/xsoar/public/v1/incident 
-H "x-xdr-auth-id:{api_key_id}" 
-H "Authorization:{api_key}" 
-H "Content-Type:application/json" 
--data '{
"details": "My test incident",
"name": "My test incident",
"severity": 2,
"type": "Unclassified"
}'

Standard Key Python 3 Example

import requests
    def test_standard_authentication(api_key_id, api_key):
    headers = {
        "x-xdr-auth-id": str(api_key_id),
        "Authorization": api_key
    }
    parameters = {}
    res = requests.post(url="https://api-company.us.com/xsoar/public/v1/incident",
						headers=headers,
						json=parameters)
    return res

Advanced Key Python 3 Example

import requests

from datetime import datetime, timezone
import secrets
import string
import hashlib
import requests

def test_advanced_authentication(api_key_id, api_key):
   # Generate a 64 bytes random string
    nonce = "".join([secrets.choice(string.ascii_letters + string.digits) for _ in range(64)])
    # Get the current timestamp as milliseconds.
    timestamp = int(datetime.now(timezone.utc).timestamp()) * 1000
    # Generate the auth key:
    auth_key = "%s%s%s" % (api_key, nonce, timestamp)
    # Convert to bytes object
    auth_key = auth_key.encode("utf-8")
    # Calculate sha256:
    api_key_hash = hashlib.sha256(auth_key).hexdigest()
    # Generate HTTP call headers
    headers = {
        "x-xdr-timestamp": str(timestamp),
        "x-xdr-nonce": nonce,
        "x-xdr-auth-id": str(api_key_id),
        "Authorization": api_key_hash
    }
    payload = "{\n  \"details\": \"My test incident\",\n  \"name\": \"My test incident\",\n  \"severity\": 2,\n  \"type\": \"Unclassified\"\n}"
    parameters = {}
    res = requests.post(url="https://api-company.us.com/xsoar/public/v1/incident",
						headers=headers,
						json=parameters)
    return res