Using the Panther API

Docs Home Panther.com Release Notes Demo Request
Search…
This page assumes that you've already generated an API Token to interact with the API and that you've already experimented with it in the Playground.
This page contains instructions on how to invoke the API, and common operations and end-to-end examples. 
For information specific to alerting or data lake operations, please see the documentation pages: Alerts & Errors | Data Lake Queries​
Prerequisites
To invoke the API using an HTTP curl operation, you will need the following information:
The GraphQL endpoint to hit
The GraphQL API endpoint is tied to your Panther domain and the API URL format is https://api.{YOUR_PANTHER_DOMAIN}/public/graphql. 
For example, if your Panther domain is https://acme.runpanther.net, then your GraphQL API URL is https://api.acme.runpanther.net/public/graphql.
The auth-related header
The auth-related header is called X-API-Key and its value should always be a valid API Token that you generated through the Panther UI.
A GraphQL query
The GraphQL query differs from use case to use case. Please refer to our schema discoverability page or our common operations for more on this topic.
​
Invoking the API
There are two ways to invoke a GraphQL-over-HTTP API:
Manually construct an HTTP call
Install and use a GraphQL Client to abstract the transport-related complexities (recommended)
Option 1: Manually Constructing HTTP Calls
An example request:
1
curl 'YOUR_PANTHER_GRAPHQL_API_URL' \
2
-H 'Content-Type: application/json' \
3
-H 'X-API-Key: {YOUR_API_KEY}' \
4
-d '{"query":"\n query Foo {\n alerts {\n edges {\n node {\n id\n }\n }\n }\n }","variables":{}}' 
Copied!
The query above returns the first page of all of your Panther alerts. If it's the first time you're using GraphQL, please note the following:
There's only one endpoint.
The HTTP operation is always a POST.
The API operations are defined in POST's body.
The body of the POST operation always contains the following keys:
query - a GraphQL string defining the GraphQL operation that should be executed
variables - an optional set of variables that will be passed along to the query
operationName - an optional "nickname" for this operation
You must always select a set of fields to return (if the operation returns data.)
Note: The only thing that would change from one GraphQL operation to another is the body of the HTTP POST.
Option 2: Installing and Using GraphQL Clients (Recommended)
While all GraphQL operations are essentially simple HTTP calls, the advantage of using a GraphQL client is that it is more user-friendly.
We recommend using:
​graphql-request for your NodeJS projects
​gql for your Python projects
​go-graphql-client for your Go projects
Below you'll find some examples of how you would construct a GraphQL query to fetch the first page of alerts in your system:
NodeJS
Python
Golang
1
// npm install graphql graphql-request
2
​
3
import { GraphQLClient, gql } from 'graphql-request';
4
​
5
const client = new GraphQLClient(
6
 'YOUR_PANTHER_API_URL', 
7
 { headers: { 'X-API-Key': 'YOUR_API_KEY' } 
8
});
9
​
10
// `PaginateAlerts` is a nickname for the operation
11
const query = gql` 
12
 query PaginateAlerts {
13
 alerts {
14
 edges {
15
 node {
16
 id
17
 title
18
 severity
19
 status
20
 }
21
 }
22
 pageInfo {
23
 hasNextPage
24
 endCursor
25
 }
26
 }
27
 }
28
`;
29
​
30
client.request(query).then((data) => console.log(data));
Copied!
1
# pip install gql aiohttp
2
​
3
from gql import gql, Client
4
from gql.transport.aiohttp import AIOHTTPTransport
5
​
6
transport = AIOHTTPTransport(
7
 url="YOUR_PANTHER_API_URL",
8
 headers={"X-API-Key": "YOUR_API_KEY"}
9
)
10
​
11
client = Client(transport=transport, fetch_schema_from_transport=True)
12
​
13
# `PaginateAlerts` is a nickname for the operation
14
query = gql(
15
 """
16
 query PaginateAlerts {
17
 alerts {
18
 edges {
19
 node {
20
 id
21
 title
22
 severity
23
 status
24
 }
25
 }
26
 pageInfo {
27
 hasNextPage
28
 endCursor
29
 }
30
 }
31
 }
32
 """
33
)
34
​
35
result = client.execute(query)
36
print(result)
Copied!
1
package main
2
​
3
import (
4
 "context"
5
 "fmt"
6
 "github.com/hasura/graphql"
7
)
8
​
9
// Strongly-typed languages don't pair well with GraphQL
10
var query struct {
11
 Alerts struct {
12
 Edges []struct {
13
 Node struct {
14
 Id graphql.String
15
 Title graphql.String
16
 Severity graphql.String
17
 Status graphql.String
18
 }
19
 }
20
 PageInfo struct {
21
 HasNextPage graphql.Boolean
22
 Cursor graphql.String
23
 }
24
 }
25
}
26
​
27
client := graphql.
28
 NewClient("YOUR_PANTHER_API_URL", nil).
29
 WithRequestModifier(func(req *http.Request) {
30
 req.Header.Set("X-API-KEY", "YOUR_API_KEY")
31
 })
32
​
33
if err := client.Query(context.Background(), &query, nil); err != nil {
34
 // Handle error
35
}
36
​
37
fmt.Println(query.Alerts.PageInfo.HasNextPage)
38
​
Copied!
You can find all available operations of the API, as well as detailed end-to-end examples in the subpages of the current page. For a high level list, check out our supported operations.
​
Getting your Panther Version
1
query PantherVersion {
2
 generalSettings {
3
 pantherVersion
4
 }
5
}
Copied!
API Playground
Alerts & Errors
Last modified 29d ago
Copy link
Contents
Prerequisites
Invoking the API