# API Playground ## Overview Within the API Playground in the Panther Console, you can try out operations in the GraphQL API and REST API. ### How to access the Playground {% hint style="info" %} You must have the `View API Tokens` permission to access the Playground—see [Panther's Role-Based Access Control](https://docs.panther.com/system-configuration/rbac) documentation for instructions on modifying user roles. {% endhint %} 1. In the upper-right corner of your Panther Console, click the gear icon. 2. In the dropdown menu, click **API Playground**. 3. Using the tabs at the top of the window, select the API set you'd like to test: [GraphQL](https://docs.panther.com/panther-developer-workflows/api/graphql) or [REST](https://docs.panther.com/panther-developer-workflows/api/rest). * The next time you visit the API Playground, you will be taken to whichever API you left off on.\\
Two tabs are shown: GraphQL and REST.
{% hint style="warning" %} Note: * If you have just created an API token, please wait 30-60 seconds for the new token to become available to related distributed AWS services. * For security purposes, the API token will **not** persist in the Playground when you refresh the page or navigate to a different page. You will need to re-enter the API token each time you use the Playground. {% endhint %} ## GraphQL Playground After you enter a valid API Token, click the "play" icon in the upper left corner to force your GraphQL query to run.
The API Playground's default view shows an example query in a code editor on the left. On the right, there is a column labeled Documentation Explorer.
### Documentation Explorer The Documentation Explorer in the Panther Console is one way to examine the Panther API schema. To learn about other ways, including a downloadable schema file, see [Discover the Panther GraphQL schema](https://docs.panther.com/panther-developer-workflows/graphql#discover-the-panther-graphql-schema). See the **Documentation Explorer** on the right side of the Playground. It displays the available queries and mutations, along with descriptions and types on every field and entity:
The image shows the Documentation Explorer that appears on the right side of the API Playground. It has a search field at the top, and a header labeled "Root Types." Under "Root Types," it lists "query: Query" and "mutation: Mutation".
### Writing your own query The autocomplete functionality and the Documentation Explorer assist with writing your own query. Additionally, there are three utility buttons near the top of the page: * **Prettify** to help you format your query according to the GraphQL standards * **Copy** to copy your query in order to paste it to the client that's going to issue the request * **Copy curl** to copy a complete curl operation that you can paste into any UNIX system with the curl command-line tool installed. An example of the curl command that would be copied from the Panther web application: ``` curl 'PANTHER_GRAPHQL_API_URL' \ -H 'Accept-Encoding: gzip, deflate, br' \ -H 'Content-Type: application/json' \ -H 'Accept: application/json' \ -H 'Connection: keep-alive' \ -H 'DNT: 1' \ -H 'Origin: http://{PANTHER_GRAPHQL_API_URL}/public/graphql' \ -H 'X-API-Key: {FAKE_API_KEY_WITH_USER_READ_PERMISSIONS}' \ --data-binary '{"query":"\n # Example query which lists users in your organization\n query Users {\n users {\n\t\t\tgivenName\n familyName\n email\n }\n }","variables":{}}' \ --compressed ``` ## REST Playground Use the REST Playground to explore and try out the Panther [REST API](https://docs.panther.com/panther-developer-workflows/api/rest). ### How to set your API token 1. In the upper-right corner, click **Authorize**.\\
An arrow is drawn to a button labeled "Authorize."
2. In the modal, enter your API key. 3. Click **Authorize**, then **Close**. ### Exploring API groups The API groups are listed first, collected together by URL path for each API. To view additional details for a certain endpoint, including request arguments and an example return payload, click the arrow on the right-hand side of an endpoint's row.
Under a header reading "Panther REST API," a grouping of data model endpoints is shown. There are GET (list), POST, DELETE, GET, and PUT endpoints.
#### Sending requests {% hint style="info" %} To make a successful request, you must have already added your API token in the Playground. See [How to set your API token](#how-to-set-your-api-token), above. {% endhint %} To send a request in the Playground: 1. Within an expanded API endpoint, click **Try it out**. 2. In the **Parameters** section, provide values for required and optional parameters, as you see fit. 3. Click **Execute**.
Within a GET /rules section, a "Try it out" button is circled. Two parameters are shown: cursor, and limit.
### Viewing schemas Below the API groups, the schemas for each data type are listed:
The Schema section showing all the data types grouped by name
To view details of a certain data type, click its row to expand it:
A "RuleAPI.Rule" entity is shown. Part of the JSON body is expanded, while other parts are closed.
These schemas are also visible when [viewing the API groups](#exploring-api-groups). In the **Responses** section, next to **Example Value**, click **Schema**.
Inline schema block in the Responses portion of an API Group, showing the datatype where it is used.