API Authentication
We support the following two methods for API Authentication:
API Authentication with User Credentials
Passwordless API Authentication
API Authentication with User Credentials
You must authenticate to the Qualys Cloud Platform using Qualys account credentials (user name and password) and get the JSON Web Token (JWT) before you can start using the GAV/CSAM APIs. Use the Qualys Authentication API to get the JWT.
Sample: Example
curl -X POST https://gateway.qg1.apps.qualys.com/auth
-d "username=value1&password=passwordValue&token=true"
-H "Content-Type: application/x-www-form-urlencoded"
Here, gateway.qg1.apps.qualys.com is the base URL to the Qualys API server where your account is located.
- Username and password are the credentials of the user account for which you want to fetch GAV/CSAM data.
- Token should be true.
- Content-Type should be "application/x-www-form-urlencoded"
The Authentication API returns a JSON Web Token (JWT) that you can use for authentication during GAV/CSAM calls. The token expires in 4 hours, and you must regenerate it to continue using the GAV/CSAM API.
Passwordless API Authentication
To provide a smooth and seamless API experience, we support the password-less API authentication. Along with traditional authentication method described in API Authentication with User Credentials, you can explore the Identity Provider (IdP) based passwordless API Authentication with its inherent benefits.
Required Permissions for Executing the API
Manager Users automatically have full permissions to execute the API.
For other user, follow these steps:
- Go to the Administration Module.
- Search for the user and open Quick Actions.
- Navigate to Roles and Scopes and enable the API Access checkbox.
- Next, go to the VMDR Module and search for the same user.
- Open Quick Actions and, under the User Role section, enable the API checkbox.
API authentication does not support SSO (Single Sign-On). If SSO is enabled for the user, it must be turned off to allow API access.