Generate and manage API keys in Cortex XSOAR.
The Cortex XSOAR API is organized around REST and uses standard HTTP response codes, authentication, and verbs. The API has predictable resource-oriented URLs, accepts form-encoded request bodies, and returns JSON-encoded responses.
The Cortex XSOAR API enables you to send requests to the Cortex XSOAR server. Through the API, you can create incidents, download files, complete tasks, add widgets, and more. HTTP requests can be sent using any HTTP client. Requests must include the API Key.
Note
The Cortex XSOAR API documentation can be viewed from the API Keys page in the UI.
API Key Permissions
API keys inherit the Roles and Permissions of the user who created the key. Keys can be created from
→ → .API Key Removal
Any user can revoke API Keys via the UI from POST /apikeys/revoke/user/{
. If a user is locked out/disabled or deleted, the API key is revoked.username
}
API Key Expiration
API Keys do not automatically expire.