API Authentication

We support the following two methods for API Authentication:

API Authentication with User Credentials

You must authenticate to the Qualys Cloud Platform using Qualys account credentials (user name and password) and get the JSON Web Token (JWT) before you can start using the Integration APIs. Use the Qualys Authentication API to get the JWT.

Sample: Example

curl -X POST https://gateway.qg1.apps.qualys.com/auth 
-d "username=value1&password=passwordValue&token=true" 
-H "Content-Type: application/x-www-form-urlencoded"

Here, gateway.qg1.apps.qualys.com is the base URL to the Qualys API server where your account is located.

Username and password are the credentials of the user account for which you want to fetch Integration data.
Token should be true.
Content-Type should be "application/x-www-form-urlencoded"

The Authentication API returns a JSON Web Token (JWT) that you can use for authentication during Integration API calls. The token expires in 4 hours, and you must regenerate it to continue using the Integration API.

Password-less API Authentication

To provide a smooth and seamless API experience, we support the password-less API authentication. Along with traditional authentication method described in API Authentication with User Credentials, you can explore the Identity Provider (IdP) based passwordless API Authentication with its inherent benefits.

We are currently supporting OpenID Connect (OIDC) password-less API Authentication. To learn more about API Authentication using OIDC, refer to Password-less Authentication using OIDC.