API Tokens

REST API operations for api tokens

Overview

Use these API operations to interact with API tokens in Panther. An API token can rotate itself using the POST api-tokens/self/rotate endpoint.

To call the API, see the How to use the Panther REST API instructions—including directions for how to invoke it directly from this documentation page.

Required permissions

For GET operations, your API token must have the Read API Token Info permission.
For POST and DELETE operations, your API token must have the Manage API Tokens permission.

Operations

Create an api token

post

Authorizations

X-API-KeystringRequired

Body

allowedCIDRBlocksstring[]Optional

The set of CIDR blocks that are allowed to use this API token. If empty, all CIDR blocks are allowed

namestringRequired

The name of the token

Responses

200

OK response.

application/json

allowedCIDRBlocksstring[]Optional

The set of CIDR blocks that are allowed to use this API token. If empty, all CIDR blocks are allowed

createdAtstringRequired

Time when the API token was created

expiresAtstringOptional

Time when the API token will expire. Will be null if the token is non-expiring

idstringRequired

The unique identifier of the token

lastUsedAtstringOptional

The last time this token was used to authenticate

namestringRequired

The name of the token

rotatedAtstringOptional

Time when the API token was rotated

updatedAtstringOptional

Time when the API token was updated

valuestringOptional

The API token value, only populated during create and rotate actions

400

bad_request: Bad Request response.

application/json

post

/api-tokens

POST /api-tokens HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 74

{
  "allowedCIDRBlocks": [
    "text"
  ],
  "name": "text",
  "permissions": [
    "AlertModify"
  ]
}

{
  "allowedCIDRBlocks": [
    "text"
  ],
  "createdAt": "text",
  "createdBy": {
    "id": "user",
    "type": "text"
  },
  "expiresAt": "text",
  "id": "text",
  "lastUsedAt": "text",
  "name": "text",
  "permissions": [
    "AlertModify"
  ],
  "rotatedAt": "text",
  "updatedAt": "text",
  "updatedBy": {
    "id": "user",
    "type": "text"
  },
  "value": "text"
}

Get an api token

get

Authorizations

X-API-KeystringRequired

Path parameters

idstringRequired

ID of the api token. Note: if self is provided, the current api token will be returned

Responses

200

OK response.

application/json

allowedCIDRBlocksstring[]Optional

The set of CIDR blocks that are allowed to use this API token. If empty, all CIDR blocks are allowed

createdAtstringRequired

Time when the API token was created

expiresAtstringOptional

Time when the API token will expire. Will be null if the token is non-expiring

idstringRequired

The unique identifier of the token

lastUsedAtstringOptional

The last time this token was used to authenticate

namestringRequired

The name of the token

rotatedAtstringOptional

Time when the API token was rotated

updatedAtstringOptional

Time when the API token was updated

valuestringOptional

The API token value, only populated during create and rotate actions

400

bad_request: Bad Request response.

application/json

404

not_found: Not Found response.

application/json

get

/api-tokens/{id}

GET /api-tokens/{id} HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Accept: */*

{
  "allowedCIDRBlocks": [
    "text"
  ],
  "createdAt": "text",
  "createdBy": {
    "id": "user",
    "type": "text"
  },
  "expiresAt": "text",
  "id": "text",
  "lastUsedAt": "text",
  "name": "text",
  "permissions": [
    "AlertModify"
  ],
  "rotatedAt": "text",
  "updatedAt": "text",
  "updatedBy": {
    "id": "user",
    "type": "text"
  },
  "value": "text"
}

Update an api token

post

Authorizations

X-API-KeystringRequired

Path parameters

idstringRequired

ID of the api token. Note: if self is provided, the current api token will be updated

Body

allowedCIDRBlocksstring[]Optional

The set of CIDR blocks that are allowed to use this API token. If empty, all CIDR blocks are allowed

namestringRequired

The name of the token

Responses

200

OK response.

application/json

allowedCIDRBlocksstring[]Optional

The set of CIDR blocks that are allowed to use this API token. If empty, all CIDR blocks are allowed

createdAtstringRequired

Time when the API token was created

expiresAtstringOptional

Time when the API token will expire. Will be null if the token is non-expiring

idstringRequired

The unique identifier of the token

lastUsedAtstringOptional

The last time this token was used to authenticate

namestringRequired

The name of the token

rotatedAtstringOptional

Time when the API token was rotated

updatedAtstringOptional

Time when the API token was updated

valuestringOptional

The API token value, only populated during create and rotate actions

400

bad_request: Bad Request response.

application/json

404

not_found: Not Found response.

application/json

post

/api-tokens/{id}

POST /api-tokens/{id} HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 74

{
  "allowedCIDRBlocks": [
    "text"
  ],
  "name": "text",
  "permissions": [
    "AlertModify"
  ]
}

{
  "allowedCIDRBlocks": [
    "text"
  ],
  "createdAt": "text",
  "createdBy": {
    "id": "user",
    "type": "text"
  },
  "expiresAt": "text",
  "id": "text",
  "lastUsedAt": "text",
  "name": "text",
  "permissions": [
    "AlertModify"
  ],
  "rotatedAt": "text",
  "updatedAt": "text",
  "updatedBy": {
    "id": "user",
    "type": "text"
  },
  "value": "text"
}

delete api token

delete

Authorizations

X-API-KeystringRequired

Path parameters

idstringRequired

ID of the api token to delete. Note: if self is provided, the current api token will be deleted

Responses

204

No Content response.

400

bad_request: Bad Request response.

application/json

404

not_found: Not Found response.

application/json

delete

/api-tokens/{id}

DELETE /api-tokens/{id} HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Accept: */*

No content

List api tokens

get

Authorizations

X-API-KeystringRequired

Responses

200

OK response.

application/json

nextstringOptional

Pagination token for the next page of results

get

/api-tokens

GET /api-tokens HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Accept: */*

200

OK response.

{
  "next": "text",
  "results": [
    {
      "allowedCIDRBlocks": [
        "text"
      ],
      "createdAt": "text",
      "createdBy": {
        "id": "user",
        "type": "text"
      },
      "expiresAt": "text",
      "id": "text",
      "lastUsedAt": "text",
      "name": "text",
      "permissions": [
        "AlertModify"
      ],
      "rotatedAt": "text",
      "updatedAt": "text",
      "updatedBy": {
        "id": "user",
        "type": "text"
      },
      "value": "text"
    }
  ]
}

Rotate an api token. If self is provided the current token will be rotated

post

Authorizations

X-API-KeystringRequired

Path parameters

idstringRequired

ID of the api token to rotate. Note: if self is provided, the current api token will be rotated

Responses

200

OK response.

application/json

allowedCIDRBlocksstring[]Optional

The set of CIDR blocks that are allowed to use this API token. If empty, all CIDR blocks are allowed

createdAtstringRequired

Time when the API token was created

expiresAtstringOptional

Time when the API token will expire. Will be null if the token is non-expiring

idstringRequired

The unique identifier of the token

lastUsedAtstringOptional

The last time this token was used to authenticate

namestringRequired

The name of the token

rotatedAtstringOptional

Time when the API token was rotated

updatedAtstringOptional

Time when the API token was updated

valuestringOptional

The API token value, only populated during create and rotate actions

400

bad_request: Bad Request response.

application/json

403

forbidden: Forbidden response.

application/json

404

not_found: Not Found response.

application/json

post

/api-tokens/{id}/rotate

POST /api-tokens/{id}/rotate HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Accept: */*

{
  "allowedCIDRBlocks": [
    "text"
  ],
  "createdAt": "text",
  "createdBy": {
    "id": "user",
    "type": "text"
  },
  "expiresAt": "text",
  "id": "text",
  "lastUsedAt": "text",
  "name": "text",
  "permissions": [
    "AlertModify"
  ],
  "rotatedAt": "text",
  "updatedAt": "text",
  "updatedBy": {
    "id": "user",
    "type": "text"
  },
  "value": "text"
}

PreviousAlert Context Tags NextCorrelation Rules

Last updated 11 days ago

Was this helpful?

hashtagOverview

hashtagRequired permissions

hashtagOperations

hashtagCreate an api token

hashtagGet an api token

hashtagUpdate an api token

hashtagdelete api token

hashtagList api tokens

hashtagRotate an api token. If self is provided the current token will be rotated

Overview

Required permissions

Operations

Create an api token

Get an api token

Update an api token

delete api token

List api tokens

Rotate an api token. If self is provided the current token will be rotated