API Tokens

REST API operations for api tokens

Overview

The /api-tokens REST API operations are in open beta starting with Panther version 1.112, and are available to all customers. Please share any bug reports and feature requests with your Panther support team.

Use these API operations to interact with API tokens in Panther. An API token can rotate itself using the POST api-tokens/self/rotate endpoint.

To call the API, see the How to use the Panther REST API instructions—including directions for how to invoke it directly from this documentation page.

Required permissions

For GET operations, your API token must have the Read API Token Info permission.
For POST and DELETE operations, your API token must have the Manage API Tokens permission.

Operations

Create an api token

post

Authorizations

Body

allowedCIDRBlocksstring[]Optional

The set of CIDR blocks that are allowed to use this API token. If empty, all CIDR blocks are allowed

namestringRequired

The name of the token

Responses

200

OK response.

application/json

400

bad_request: Bad Request response.

application/json

post

POST /api-tokens HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 74

{
  "allowedCIDRBlocks": [
    "text"
  ],
  "name": "text",
  "permissions": [
    "AlertModify"
  ]
}

{
  "allowedCIDRBlocks": [
    "text"
  ],
  "createdAt": "text",
  "createdBy": {
    "id": "user",
    "type": "text"
  },
  "expiresAt": "text",
  "id": "text",
  "lastUsedAt": "text",
  "name": "text",
  "permissions": [
    "AlertModify"
  ],
  "rotatedAt": "text",
  "updatedAt": "text",
  "updatedBy": {
    "id": "user",
    "type": "text"
  },
  "value": "text"
}

Get an api token

get

Authorizations

Path parameters

idstringRequired

ID of the api token. Note: if self is provided, the current api token will be returned

Responses

200

OK response.

application/json

400

bad_request: Bad Request response.

application/json

404

not_found: Not Found response.

application/json

get

GET /api-tokens/{id} HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Accept: */*

{
  "allowedCIDRBlocks": [
    "text"
  ],
  "createdAt": "text",
  "createdBy": {
    "id": "user",
    "type": "text"
  },
  "expiresAt": "text",
  "id": "text",
  "lastUsedAt": "text",
  "name": "text",
  "permissions": [
    "AlertModify"
  ],
  "rotatedAt": "text",
  "updatedAt": "text",
  "updatedBy": {
    "id": "user",
    "type": "text"
  },
  "value": "text"
}

Update an api token

post

Authorizations

Path parameters

idstringRequired

ID of the api token. Note: if self is provided, the current api token will be updated

Body

allowedCIDRBlocksstring[]Optional

The set of CIDR blocks that are allowed to use this API token. If empty, all CIDR blocks are allowed

namestringRequired

The name of the token

Responses

200

OK response.

application/json

400

bad_request: Bad Request response.

application/json

404

not_found: Not Found response.

application/json

post

POST /api-tokens/{id} HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 74

{
  "allowedCIDRBlocks": [
    "text"
  ],
  "name": "text",
  "permissions": [
    "AlertModify"
  ]
}

{
  "allowedCIDRBlocks": [
    "text"
  ],
  "createdAt": "text",
  "createdBy": {
    "id": "user",
    "type": "text"
  },
  "expiresAt": "text",
  "id": "text",
  "lastUsedAt": "text",
  "name": "text",
  "permissions": [
    "AlertModify"
  ],
  "rotatedAt": "text",
  "updatedAt": "text",
  "updatedBy": {
    "id": "user",
    "type": "text"
  },
  "value": "text"
}

delete api token

delete

Authorizations

Path parameters

idstringRequired

ID of the api token to delete. Note: if self is provided, the current api token will be deleted

Responses

204

No Content response.

400

bad_request: Bad Request response.

application/json

404

not_found: Not Found response.

application/json

delete

DELETE /api-tokens/{id} HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Accept: */*

No content

List api tokens

get

Authorizations

Responses

200

OK response.

application/json

get

GET /api-tokens HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Accept: */*

200

OK response.

{
  "next": "text",
  "results": [
    {
      "allowedCIDRBlocks": [
        "text"
      ],
      "createdAt": "text",
      "createdBy": {
        "id": "user",
        "type": "text"
      },
      "expiresAt": "text",
      "id": "text",
      "lastUsedAt": "text",
      "name": "text",
      "permissions": [
        "AlertModify"
      ],
      "rotatedAt": "text",
      "updatedAt": "text",
      "updatedBy": {
        "id": "user",
        "type": "text"
      },
      "value": "text"
    }
  ]
}

Rotate an api token. If self is provided the current token will be rotated

post

Authorizations

Path parameters

idstringRequired

ID of the api token to rotate. Note: if self is provided, the current api token will be rotated

Responses

200

OK response.

application/json

400

bad_request: Bad Request response.

application/json

403

forbidden: Forbidden response.

application/json

404

not_found: Not Found response.

application/json

post

POST /api-tokens/{id}/rotate HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Accept: */*

{
  "allowedCIDRBlocks": [
    "text"
  ],
  "createdAt": "text",
  "createdBy": {
    "id": "user",
    "type": "text"
  },
  "expiresAt": "text",
  "id": "text",
  "lastUsedAt": "text",
  "name": "text",
  "permissions": [
    "AlertModify"
  ],
  "rotatedAt": "text",
  "updatedAt": "text",
  "updatedBy": {
    "id": "user",
    "type": "text"
  },
  "value": "text"
}

PreviousAlert Comments NextData Models

Last updated 4 months ago

Was this helpful?