Panther API
Interact with Panther entities using the REST and GraphQL APIs
Last updated
Was this helpful?
Interact with Panther entities using the REST and GraphQL APIs
Last updated
Was this helpful?
Panther offers a and a . You can use the in the Panther Console to explore both APIs. Before making API calls, you will need to .
Discover the , and the .
The Panther APIs support an ever-growing set of operations that allow you to build your security workflows:
In the upper right corner of your Panther Console, click the gear icon. In the dropdown menu, click API Tokens.
Click Create an API Token.
If a token already exists, click Create New Token.
Provide a Name, then choose the permissions you'd like to grant this token.
You can find required permissions for each operation on each entity's page.
See the .
In the IP Restrictions section, in the CIDR Blocks field, enter one or more IP addresses to which you'd like to restrict usage of the token, if any.
Enter the IP address(es) in CIDR notation, e.g., 10.0.0.0/8 or 8.8.8.8/32.
If no IP addresses are specified, the token will be usable by any IP address.
Click Create API Token.
You will see a success screen that displays the value of the API token. Copy the API token and store it in a secure location, as it will not be displayed again.
Optionally .
After generating an API token, you can validate that it's working in either the API Playground or using PAT:
To test your API token in the API Playground in the Panther Console:
On the API token creation success screen, click Give it a go on our Playground.
At the bottom-left corner of the Playground screen, locate the REQUEST HEADERS tab. Under this tab, change the default value of the X-API-Key header from <ENTER_YOUR_KEY_HERE> to the value of your API token.
In the upper left corner, press the "play" icon to run the test.
API tokens are used to authenticate against and authorize access to Panther’s public API. As with username and password credentials, you should store API tokens securely to protect them from bad actors. Rotating your tokens periodically may lessen the likelihood of them being compromised. The Center for Internet Security (CIS) and National Institute of Standards and Technology (NIST) recommend rotating API tokens every 90 days.
You can rotate an API token in your Panther Console or by calling Panther's API itself. Once you've rotated your token, the previous one is no longer valid.
Rotate an API token in the Panther Console
To rotate your API token in the Panther Console:
In the upper right corner of your Panther Console, click the gear icon, then API Tokens.
Locate the token you'd like to rotate. In the upper right corner of its tile, click the three dots icon, then Rotate.
You must to perform this test.
To test your API token using in the CLI:
On the confirmation modal that pops up, click Continue.
The modal will display your new API token. You will only see this once, so be sure to copy and store it in a secure location.
You can rotate your API tokens using the Panther REST API. An API token rotates itself using the POST api-tokens/self/rotate endpoint. Learn more on .
You can rotate your API tokens using the Panther GraphQL API, with the rotateAPIToken operation. Learn more about how to use this endpoint on .
Visit the Panther Knowledge Base to that answer frequently asked questions and help you resolve common errors and issues.
