Get Started

Accessing the APIs

All features of Container Security are available through REST APIs. An equivalent Rest API request for each tab is provided in the user interface.

In the API response,

Permissions required to use APIs

Role-Based Access Permissions

The Qualys Container Security application uses a Role Based Access Control (RBAC) model to control access to Container Security features. With RBAC, each user is assigned a predefined user role which determines which actions the user can take in the UI and API.

A Manager user (superuser with full permissions and scope) can access the Administration utility to manage users, and manage user roles and permissions. See the Container Security Help to learn more about users and permissions.

API Response When User Does Not Have Permission For Action

When a user makes an API call but doesn’t have the required permission for the action, the user will get a 403 FORBIDDEN error in the response similar to the one shown below. The user will need to reach out to a Manager user to request the permission.

"errorCode" : "403 FORBIDDEN",

"message": "The joe_user user does not have the CS.IMAGE.VIEW permission to perform this operation. Ensure that required permissions are assigned to the user",

"timestamp": 1654169949515

Qualys API URLs

Container Security supports both API server URLs and API gateway URLs for API requests. The Qualys API server or gateway URL you should use for API requests depends on the Qualys platform where your account is located.

Click here to identify your Qualys platform and get the API URL

Authentication for gateway URLs

You must authenticate to the Qualys Cloud Platform using Qualys account credentials (user name and password) and get the JSON Web Token (JWT) before you can start using the Gateway URLs. Use the Qualys Authentication API to get the JWT.

For example,

curl -X POST 
"" -d "username=value1&password=passwordValue&token=true" -H "Content-Type: application/x-www-form-urlencoded"


The following table explains the various components of this request:

Component Description It is the base URL to the Qualys API server where your account is located.
username and password These are the credentials of the user account for Container Security.
token It should be true.
Content-Type It should be "application/x-www-form-urlencoded".

The Authentication API returns a JSON Web Token (JWT) which you can use for authentication during Container Security API calls. The token expires in 4 hours. You must regenerate the token to continue using the Container Security API.

Container Security API documentation for Gateway URLs is available at: https://<Qualys_Gateway_URL>/apidocs/csapi/v1.3. For example, if your account is on US Platform 1:

Where is the Swagger UI?

Click Rest Reference in the “Equivalent REST request” dialog to launch the Swagger UI, where you can try out the Rest APIs.


You can directly access the Swagger UI from the following URL: https://<QualysURL>/csapi/swagger-ui.html

For example, if your account is on US Platform 2:

Do I need to Authenticate to use Swagger?

Authentication to the Qualys Cloud Platform is necessary before you try out the APIs. To get started, click Authorize and provide your username and password.