Qualys User Account

Authentication to your Qualys account with valid Qualys credentials is required for making Qualys API requests to the Qualys API servers.

The application must authenticate using Qualys account credentials (user name and password) as part of the HTTP request. The credentials are transmitted using the “Basic Authentication Scheme” over HTTPS.

For information, see the “Basic Authentication Scheme” section of RFC #2617:

http://www.faqs.org/rfcs/rfc2617.html

The exact method for implementing authentication will vary according to which programming language is used.

The allowed methods, POST and/or GET, for each API request are documented with each API call in this user guide.

Sample request: basic authentication

curl -u "USERNAME:PASSWORD" -<qualys_base_url>/qps/rest/3.0/count/was/webapp>

Token-based Authentication

Qualys WAS APIs support token-based authentication. Token-based authentication provides secure access to WAS APIs. 

Perform the following steps to set up token-based authentication:

  1. In the WAS application user interface, navigate to My Profile > Auth ID Client Management.
  2. Create a user-level client to generate the Client ID and Client Secret Key. Refer to the Create User-level Client section to learn more. 
  3. Generate the JWT token using the authentication API (/auth/oidc). Refer to the Generate Token for User Level Client section to learn more.

    The WAS APIs only support the user-level client creation. Use only the /auth/oidc API to generate the authentication token.

  4. Access the WAS APIs using the generated JWT token.
Sample: OIDC Authentication for WAS APIsSample: OIDC Authentication for WAS APIs

The following sample illustrates using a JWT Token generated by OIDC authentication to access the WAS APIs.

API Request

 
    curl --location '<qualys_base_url>/qps/rest/3.0/count/was/webapp/' \
    --header 'Content-Type: application/xml' \
    --header 'Authorization: Bearer $token' \
    --header 'request-source: gateway' \

API Response

 
    <?xml version="1.0" encoding="UTF-8"?>
    <ServiceResponse
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/webapp.xsd">
      <responseCode>SUCCESS</responseCode>
      <count>0</count>
    </ServiceResponse>

 

© 2025 Qualys, Inc. All rights reserved. Privacy Policy.