As we reach the end of September 2024, ThreadFix version 3.x on-premises has officially reached its End-of-Life. Therefore, there is no longer support or updates for this version of the product. We have fully transitioned our product and development teams to focus ThreadFix SaaS and migrating all customers over from the on-premises versions. Our Customer Success and Support teams are here to help you in migrating to ThreadFix SaaS and maximizing the value you see from this improved offering from Coalfire. This is the next phase of ThreadFix and our team is looking forward to continuing to support you on this journey.

API Authentication 3.X

API Keys must be created before they can be Authenticated. For more information on the creation process please see the API Keys guide.

Authenticating API 3.X

For new endpoints, as of 3.1, users must make an additional request to get a JWT POST request to /auth/apikey. Note this value expires, but can be used to make requests to endpoints by supplying an authorization header as a bearer token with the JWT value.

/auth/apikey

Descriptor

Value

HTTP Method

POST

Description

This method returns a JWT for the user to use when authenticating to new 3.X endpoints

Version Introduced

3.0


Request Header Parameters

Parameter

Value

Required

Description

api-version

String

Yes

The version of the API to use - ‘latest’ returns the current version

apikey

UUID

Yes

User’s API Key

 

Sample Call:

curl --insecure -X POST -H 'apikey: <API Key>' -H 'api-version: latest' -H "Content-type: application/json" 'https://localhost/auth/apikey'

 

Sample Output:

{ "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJoOHNKWXNYVm5WeGx5OE5KR0F5UklZQ2NHM1R0eXg0QyJ9.Q9C0UvroXGRJ1lmU7btPuMiIX4ACHv1o8tcOr5irA1Y" }

www.threadfix.it | www.coalfire.com
Copyright © 2024 Coalfire. All rights reserved.

This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.