API Authentication 3.X
API Keys must be created before they can be Authenticated. For more information on the creation process please see the API Keys guide.
Authenticating API 3.X
For new endpoints, as of 3.1, users must make an additional request to get a JWT POST request to /auth/apikey. Note this value expires, but can be used to make requests to endpoints by supplying an authorization header as a bearer token with the JWT value.
/auth/apikey
Descriptor | Value |
|---|---|
HTTP Method | POST |
Description | This method returns a JWT for the user to use when authenticating to new 3.X endpoints |
Version Introduced | 3.0 |
Request Header Parameters
Parameter | Value | Required | Description |
|---|---|---|---|
api-version | String | Yes | The version of the API to use - ‘latest’ returns the current version |
apikey | UUID | Yes | User’s API Key |
Sample Call:
curl --insecure -X POST -H 'apikey: <API Key>' -H 'api-version: latest' -H "Content-type: application/json" 'https://localhost/auth/apikey'
Sample Output:
{
"token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJoOHNKWXNYVm5WeGx5OE5KR0F5UklZQ2NHM1R0eXg0QyJ9.Q9C0UvroXGRJ1lmU7btPuMiIX4ACHv1o8tcOr5irA1Y"
}Table of Contents
www.threadfix.it | www.coalfire.com
Copyright © 2024 Coalfire. All rights reserved.
This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.