In order to leverage ThreatSwitch's API, customers must first authenticate with ThreatSwitch via the OAuth 2.0 client credentials grant. This article will explain how to generate the required credentials (Client ID and Client Secret) in ThreatSwitch.
Product Tier Requirements:
Enterprise Tier
API Add-On
Role Requirements:
Administrator
Custom Role with Manage Rights to "API Client Credentials" permissions as follows:
How to generate a Client ID and Client Secret
Navigate to the integrations administration menu: Administration > Integrations > Client Credentials.
Click "New Client Credential"
Select the user who will be programmatically authenticating with ThreatSwitch. If the user is a custom role, we recommend granting this user Manage Import permissions.
Copy and paste the Client ID and Client Secret into a secure location. Please note that once the dialog is closed, you will no longer be able to retrieve your Client Secret. If you lose the Client Secret, you will need to generate a new credentials.
Security Considerations
Client Credentials are automatically tied to the permissions of the user they are associated with. We strongly recommend creating a custom role with only the permissions required for the API integration tasks.
A custom role with "Imports" and "Client Credentials" management permissions should satisfy the most common use case of scheduling data import tasks.
Using Client Credentials
ThreatSwitch's authenticated endpoints can be tested directly through our API Documentation. Once you have retrieved your client credentials you can generate an authorization token from the client credentials "Auth" endpoint.
Once the token is generated you can click the "Authorize" button in the upper right hand corner of the documentation page.
In the active dialog enter the authorization token and click "Authorize".
You're all set to test API requests directly through the documentation page!