Get Started with Qualys Flow APIs
This help is intended for application developers who use the Qualys QFlow APIs.
Qualys API Framework
Learn the basics about making API requests. The base URL depends on the platform where your Qualys account is located.
The Qualys QFlow API uses the following framework.
Request URLRequest URL
The URL for making API requests respects the following structure:
https://<baseurl>/<module>/<object>/<object_id>/<operation>
Refer to the following table for the field description.
| Field | Description |
|---|---|
|
<baseurl> |
The Qualys API server URL that you should use for API requests depends on the platform where your account is located. The base URL for Qualys US Platform 1 is: https://gateway.qg1.apps.qualys.com For documentation purposes, we use <qualys_base_url>. |
|
<module> |
The API module. For the QFlow API, the module is: QFlow. |
|
<object> |
The module-specific object. |
|
<object_id> |
(Optional) The module-specific object ID, if appropriate. |
|
<operation> |
The request operation, such as count. |
Qualys API Gateway URL
The Qualys API URL you should use for API requests depends on the Qualys Enterprise TruRisk platform.
Click here to identify your Qualys platform and get the API URL
This documentation uses the API gateway URL for <qualys_base_url> in sample API requests. If you are on another platform, replace this URL with the appropriate gateway URL for your account.
Introduction to QFlow API Paradigm
Get tips on using the Curl command-line tool to make API requests. Every API request must authenticate using a JSON Web Token (JWT) obtained from the Qualys Authentication API.
Follow the instructions specified below to authenticate yourself for executing Qualys Flow APIs.
Permissions
To make calls using the QFlow API, you must have API Access permission in your role.
You can give permission to access API from the Administration module while creating a role or editing the role.
- Navigate to the Administration application > Role Management > Edit Role > Role Details.
- In the Permissions tab, select API Access from Select how users would access this application section.
-
Select QFlow from Modules.
-
Select QFlow Permissions and click Save.
For more details on role creation, refer to the Online Help of Administration module.
API Rate Limits
The Qualys API enforces limits on the API calls a customer can make based on their subscription settings.
Rate Limit per Subscription: It defines the maximum number of API calls allowed per subscription within a 60-second window. The limit is 500 requests per 60 seconds.
Get API Notifications
Subscribe to our API Notifications RSS Feeds for announcements and the latest news.