Panther API

Use Panther's GraphQL API for alert, role, and user management, and data lake querying


Panther offers a REST API and a GraphQL-over-HTTP API. You can use the API Playground in the Panther Console to explore both APIs. Before making API calls, you will need to generate an API token.

Discover the REST API schema here, and the GraphQL schema here.

Supported operations

The Panther APIs support an ever-growing set of operations that allow you to build your security workflows:

How to create a Panther API token

After you have successfully created an API token, remember to periodically rotate it. See instructions for token rotation in Rotating API tokens, below.

  1. In the upper right corner of your Panther Console, click the gear icon. In the dropdown menu, click API Tokens.

    • If a token already exists, click Create New Token.

  2. Provide a Name, then choose the permissions you'd like to grant this token.

  3. In the IP Restrictions section, in the CIDR Blocks field, enter one or more IP addresses to which you'd like to restrict usage of the token, if any.

    • Enter the IP address(es) in CIDR notation, e.g., or

    • If no IP addresses are specified, the token will be usable by any IP address.

  4. Click Create API Token.

    • You will see a success screen that displays the value of the API token. Copy the API token and store it in a secure location, as it will not be displayed again.

How to test your Panther API token

There may be a propagation delay of 30 to 60 seconds after adding an API token.

After generating an API token, you can test to verify that it works as expected:

  1. On the API token creation success screen, click the link that says Give it a go on our Playground.

  2. Locate the REQUEST HEADERS tab at the bottom-left corner of the Playground screen. Under this tab, change the default value of the X-API-Key header from <ENTER_YOUR_KEY_HERE> to the value of your API token.

  3. In the upper left corner, press the "play" icon to run the test.

Rotating API tokens

API tokens are used to authenticate against and authorize access to Panther’s public API. As with username and password credentials, you should store API tokens securely to protect them from bad actors. Rotating your token periodically may lessen the likelihood of it being compromised. The Center for Internet Security (CIS) and National Institute of Standards and Technology (NIST) recommend rotating API tokens every 90 days.

You can rotate your API token either in your Panther Console, or by calling Panther's API itself. Once you've rotated your token, the previous one is no longer valid.

Rotate an API token in the Panther Console

To rotate your API token in the Panther Console:

  1. In the upper right corner of your Panther Console, click the gear icon, then API Tokens.

  2. Locate the token you'd like to rotate. In the upper right corner of its tile, click the three dots icon, then Rotate.

Troubleshooting the Panther APIs

Visit the Panther Knowledge Base to view articles about the Panther APIs that answer frequently asked questions and help you resolve common errors and issues.

Last updated