Use the following Qualys API Conventions to implement Qualys Endpoint Security API. In this section, the API Conventions include:
The Qualys API URL you should use for API requests depends on the Qualys platform where your account is located. Click here to identify your Qualys platform and the API URL and replace the URL with the appropriate server URL for your account.
This documentation uses the API gateway URL for Qualys US Platform 1 (https://gateway.qg1.apps.qualys.com) in sample API requests.
To find the API server URL for your account, log in to your Qualys account and go to Help > About.
The Qualys Endpoint Detection and Response API uses the following framework.
Request URL
The URL for making API requests has the following structure:
https://<baseurl>/<module>/<object>/<object_id>/<operation>
where the components are described as follows:
|
<baseurl> |
The Qualys API server URL that you should use for API requests depends on the platform where your account is located. |
|
<module> |
The API module. For the Administration API, the module is: "am". |
|
<object> |
The module-specific object. |
|
<object_id> |
(Optional) The module-specific object ID, if appropriate. |
|
<operation> |
The request operation, such as count and search. |
You must authenticate to the Qualys Enterprise TruRisk™ Platform using your Qualys account credentials (user name and password) and get the JSON Web Token (JWT) before you can use the Administration APIs. Use Qualys Authentication to get the JWT.
For example,
curl -X POST "<qualys_base_url>/auth" -u <username>-p <password> -H "Content-Type: application/x-www-form-urlencoded" -d
where,
<qualys_base_url> is the base URL to the Qualys API server where your account is located. To identify your Qualys platform and get the API URL, visit: Identify your Qualys platform.Curl is a multi-platform command-line tool for transferring data using multiple protocols. It is supported on many systems, including Windows, Unix, Linux, and Mac. In this document, Curl is used in the examples to build Qualys API requests using the HTTP over SSL (HTTPS) protocol, which is required.
Want to learn more? Visit https://curl.haxx.se/
The following Curl options are used according to different situations:
| Option | Description |
| -G | The GET method is required for all EDR API requests |
| -H “Authorization: Bearer” |
This option provides a custom HTTP request header parameter for authentication. Provide the JSON Web Token (JWT) received from Qualys authentication API in the following format: Authorization: Bearer <token> For information about Qualys authentication API, see Authentication. |
| --data-urlencode | Used to encode spaces and special characters in the URL/Parameter values. |
The following sample shows a typical Curl request using the above-mentioned options and how they interact.
curl -G "<qualys_base_URL>/ioc/events" -H "Authorization: Bearer <token>"