Description: Enabling the API allows you to automate Canary Configs, Manage Alerts, Mass Create Canarytokens, and much much more (without even having to log in to your Console)! This covers API keys constrained to a specific flock. For API Keys with global access across the Console, see the Global API Keys.
- Our API documentation can be found here
- We also have a bunch of scripts we've written on our GitHub page here
API-Key Types: When creating a new Flock API key, you'll need to chose its type:
- Read-Only API keys can only view data in its flock,
- Analyst API keys can view data and also acknowledge, unacknowledged and delete alerts in its flock,
- Admin API keys has full privileges and can execute any API operation on its flock.
The Console supports the creation of multiple API Keys for easy key rotation and using separate keys for different operations. For instance an Analyst key can be used by a SIEM to read and clear alerts and an Admin key by folks responsible for managing the Console and birds.
Note: Your Console and the API strictly support communicating using TLS 1.2 or higher. Attempting to query your Console with TLS 1.1 or lower will lead to a failure.
Note: We also maintain a Python wrapper for the API. The documentation for the Python wrapper is hosted here.
Follow the steps below to enable the API and generate an API token:
Log in to your Console.
Click on the Gear Icon and then Global Settings.
Click on API and Enable API from the menu.
You will need your Auth Token and Domain Hash when using the API - let's do a quick Ping Test to ensure everything is working - Ping Test found here
Domain Hashis the unique hash identifying your Console when using the API.
Default API Keyis the specific key we are going to use.
Auth Tokenis the API key that you'll need to use in order to make calls to your API - you can use the copy option to copy the auth token.
That's it, you're done ;-)