As of December 31st, 2023 ThreadFix 2.X has reached End of Life and is no longer supported. For any further information please contact the Success and Implementation team.
API Authentication
API Keys must be created before they can be Authenticated. For more information on the creation process please see the API Keys guide.
Authenticating 2.X API
For 2.X endpoints, users must make a request to the desired endpoint with an additional header of "Authorization" set to the string "APIKEY " concatenated with the user's API key.
The following is an example of what an Authorization value might be set to:
APIKEY r31OPbW9LEAYnnAskBjYRACYmF2mGOmWgQAKmtPYE5YY
/auth/apikey
Descriptor | Value |
|---|---|
HTTP Method | POST |
Description | This method returns a JWT for the user to use when authenticating to 2.X endpoints |
Request Header Parameters
Parameter | Value | Required | Description |
|---|---|---|---|
api-version | String | Yes | The version of the API to use - ‘latest’ returns the current version |
apikey | UUID | Yes | User’s API Key |
Sample Call:
curl --insecure -X POST -H 'apikey: <API Key>' -H 'api-version: latest' -H "Content-type: application/json" 'https://localhost/auth/apikey'
Sample Output:
{
"token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJoOHNKWXNYVm5WeGx5OE5KR0F5UklZQ2NHM1R0eXg0QyJ9.Q9C0UvroXGRJ1lmU7btPuMiIX4ACHv1o8tcOr5irA1Y"
}Table of Contents
www.threadfix.it | www.coalfire.com
Copyright © 2024 Coalfire. All rights reserved.
This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.