As we reach the end of September 2024, ThreadFix version 3.x on-premises has officially reached its End-of-Life. Therefore, there is no longer support or updates for this version of the product. We have fully transitioned our product and development teams to focus ThreadFix SaaS and migrating all customers over from the on-premises versions. Our Customer Success and Support teams are here to help you in migrating to ThreadFix SaaS and maximizing the value you see from this improved offering from Coalfire. This is the next phase of ThreadFix and our team is looking forward to continuing to support you on this journey.
API Keys 3.X
You will learn
How to create Global User API Keys for users.
Prerequisites
Audience: IT Professional or End User
Difficulty: Basic
Time needed: Approximately 5 minutes
Tools required: N/A
API Keys
Similar in function to the individual API keys users can generate in the Manage Users page, ThreadFix allows for the global generation of API keys. The API key provides authentication when a user is working with ThreadFix from the command-line and in other instances where the ThreadFix API is accessed, such as any plug-ins that require API access. The system uses the user’s assigned roles to authorize actions for the key. On this page, ThreadFix displays API keys that created per-user as well as API keys without assigned users.
To create a new API Key, click on Global from the Navigation sidebar, then click on Administration and select the API Keys page.
To create a new API key for a user, click the Add New Key button.
This brings up the modal dialog for key creation. Type in a few letters of the user’s name, and a drop-down list appears of all users whose username contains those characters. Select the desired user, optionally add any notes about the key, and click the Create Key button.
ThreadFix displays a success banner including the API Key at the top of the interface. If a registered user was entered, the key will automatically use the named user’s roles to authorize actions with this key.
Edit/Delete API Key
Using the Edit/Delete button, users can edit the API Key via the Edit Key modal or then use the Delete button to remove the key.
Note the key was delete as shown below.
Warning: When a users SAML status has been revoked, any associated API keys will remain active until they are manually deleted by a ThreadFix administrator.
Please note the Restricted column has been deprecated and will be removed in a future release. API keys with a Restricted designation will not be supported.
Table of Contents
- 1 You will learn
- 1.1 Prerequisites
- 1.2 API Keys
- 1.2.1 Edit/Delete API Key
- 2 Table of Contents
www.threadfix.it | www.coalfire.com
Copyright © 2024 Coalfire. All rights reserved.
This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.