As we reach the end of September 2024, ThreadFix version 3.x on-premises has officially reached its End-of-Life. Therefore, there is no longer support or updates for this version of the product. We have fully transitioned our product and development teams to focus ThreadFix SaaS and migrating all customers over from the on-premises versions. Our Customer Success and Support teams are here to help you in migrating to ThreadFix SaaS and maximizing the value you see from this improved offering from Coalfire. This is the next phase of ThreadFix and our team is looking forward to continuing to support you on this journey.
API Authentication 3.X
API Keys must be created before they can be Authenticated. For more information on the creation process please see the API Keys guide.
Authenticating API 3.X
For new endpoints, as of 3.1, users must make an additional request to get a JWT POST request to /auth/apikey
. Note this value expires, but can be used to make requests to endpoints by supplying an authorization header as a bearer token with the JWT value.
/auth/apikey
Descriptor | Value |
---|---|
HTTP Method | POST |
Description | This method returns a JWT for the user to use when authenticating to new 3.X endpoints |
Version Introduced | 3.0 |
Request Header Parameters
Parameter | Value | Required | Description |
---|---|---|---|
api-version | String | Yes | The version of the API to use - ‘latest’ returns the current version |
apikey | UUID | Yes | User’s API Key |
Â
Sample Call:
curl --insecure -X POST -H 'apikey: <API Key>' -H 'api-version: latest' -H "Content-type: application/json" 'https://localhost/auth/apikey'
Â
Sample Output:
{
"token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJoOHNKWXNYVm5WeGx5OE5KR0F5UklZQ2NHM1R0eXg0QyJ9.Q9C0UvroXGRJ1lmU7btPuMiIX4ACHv1o8tcOr5irA1Y"
}
Table of Contents
www.threadfix.it | www.coalfire.com
Copyright © 2024 Coalfire. All rights reserved.
This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.