As we reach the end of September 2024, ThreadFix version 3.x on-premises has officially reached its End-of-Life. Therefore, there is no longer support or updates for this version of the product. We have fully transitioned our product and development teams to focus ThreadFix SaaS and migrating all customers over from the on-premises versions. Our Customer Success and Support teams are here to help you in migrating to ThreadFix SaaS and maximizing the value you see from this improved offering from Coalfire. This is the next phase of ThreadFix and our team is looking forward to continuing to support you on this journey.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 10 Next »

API Keys must be created before they can be Authenticated. For more information on the creation process please see the API Keys guide.

Authenticating Legacy API 2.X

For 2.X/ 3.0 endpoints, users must make a request to the desired endpoint with an additional header of "Authorization" set to the string "APIKEY " concatenated with the user's API key.

The following is an example of what an Authorization value might be set to:

APIKEY r31OPbW9LEAYnnAskBjYRACYmF2mGOmWgQAKmtPYE5YY

Authenticating API 3.1 +

For new endpoints as of 3.1, users must make an additional request to get a JWT POST request to /auth/apikey. Note this value expires, but can be used to make requests to 3.1 endpoints by supplying an authorization header as a bearer token with the JWT value.

/auth/apikey

Descriptor

Value

HTTP Method

POST

Description

This method returns a JWT for the user to use when authenticating to new 3.X endpoints

Version Introduced

3.0


Request Header Parameters

Parameter

Value

Required

Description

api-version

String

Yes

The version of the API to use - ‘latest’ returns the current version

apikey

UUID

Yes

User’s API Key

Sample Call:

curl --insecure -X POST -H 'apiKey: <API Key>' -H 'api-version: latest' -H "Content-type: application/json" 'https://localhost/auth/apikey'

Sample Output:

{
    "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJoOHNKWXNYVm5WeGx5OE5KR0F5UklZQ2NHM1R0eXg0QyJ9.Q9C0UvroXGRJ1lmU7btPuMiIX4ACHv1o8tcOr5irA1Y"
}

Table of Contents

  • No labels

[www.threadfix.it] | [www.coalfire.com]
Copyright © 2024 Coalfire. All rights reserved.

This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.