Description: Enabling the API allows you to change Canary Configs, Manage Alerts, Mass Create Canarytokens, Manage Users, Create Flocks, and much much more (without even having to log in to your Console)! This covers Global API keys which have Console-wide API access. For API access constrained to flocks, see the Flock API keys.
- Our API documentation can be found here
- We also have a bunch of scripts we've written on our GitHub page here
API-Key Types: When creating a new Global API key, you'll need to chose its type:
- Read-Only API keys can only view data across the Console,
- Analyst API keys can view data across the Console and also acknowledge, unacknowledged and delete alerts,
- Admin API keys have full privileges and can execute any API operation on the Console.
The Console supports the creation of multiple API Keys for easy key rotation and using separate keys for different operations. For instance an Analyst key can be used by a SIEM to read and clear alerts and an Admin key by folks responsible for managing the Console and birds.
Note: Your Console and the API strictly support communicating using TLS 1.2 or higher. Attempting to query your Console with TLS 1.1 or lower will lead to a failure.
Note: We also maintain a Python wrapper for the API. The documentation for the Python wrapper is hosted here.
Follow the steps below to enable the API and generate an API token:
Log in to your Console.
Click on the Gear Icon and then Global Settings.
Click on API and Enable API from the menu.
You will need your Auth Token and Domain Hash when using the API - let's do a quick Ping Test to ensure everything is working - Ping Test found here
Domain Hashis the unique hash identifying your Console when using the API.
Default API Keyis the specific key we are going to use.
Auth Tokenis the API key that you'll need to use in order to make calls to your API - you can use the copy option to copy the auth token.
That's it, you're done ;-)