API Keys - Administrator Guide - 6.10 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Cortex XSOAR
Creation date
Last date published
Administrator Guide

Generate and manage API keys in Cortex XSOAR.

The Cortex XSOAR API is organized around REST and uses standard HTTP response codes, authentication, and verbs. The API has predictable resource oriented URLs, accepts form encoded request bodies, and returns JSON encoded responses.

The Cortex XSOAR API enables you to send requests to the Cortex XSOAR server. Through the API, you can create incidents, download files, complete tasks, add widgets, and more. HTTP requests can be sent using any HTTP client. Requests must include the API Key.


View the Cortex XSOAR API Guide or download from the API Keys page in the UI.

API Key Permissions

API keys inherit the roles and permissions of the user who created the key. If the user's roles or permissions are changed, those changes are applied to the API keys created by the user. Keys can be created from SettingsIntegrationsAPI Keys.

From Cortex XSOAR v6.8, you can restrict who can create API keys. Navigate to SettingsUsers and Roles Roles. To restrict a role from creating or revoking API Keys, change the API Keys setting to Read instead of Read/Write.

API Key Removal

Any user with read/write permissions for API Keys can revoke API Keys via the UI from SettingsIntegrationsAPI Keys. Users can also revoke API Keys by sending POST /apikeys/revoke/user/{username}. If a user is locked out/disabled or deleted, the API key is revoked.

API Key Expiration

API Keys do not automatically expire.