Generate and manage API keys in Cortex XSOAR.
The Cortex XSOAR API is organized around REST and uses standard HTTP response codes, authentication, and verbs. The API has predictable resource-oriented URLs, accepts form-encoded request bodies, and returns JSON-encoded responses.
The Cortex XSOAR API enables you to send requests to the Cortex XSOAR server. Through the API, you can create incidents, download files, complete tasks, add widgets, and more. HTTP requests can be sent using any HTTP client. Requests must include the API Key.
Note
The Cortex XSOAR API documentation can be viewed from the API Keys page in the UI.
API Key Permissions
API keys inherit the Roles and Permissions of the user who created the key. Keys can be created from
→ → .From Cortex XSOAR v6.8, you can restrict who can create API keys. Navigate to Read instead of Read/Write.
→ → . To restrict a role from creating or revoking API Keys, change the API Keys setting toAPI Key Removal
Any user with read/write permissions for API Keys can revoke API Keys via the UI from POST /apikeys/revoke/user/{
. If a user is locked out/disabled or deleted, the API key is revoked.username
}
API Key Expiration
API Keys do not automatically expire.