The authorization credentials comprise two parts; API key and unique access token. Simply put, all API requests must be accompanied by a combination of API key and your unique access token as authorization credentials.
Whether you access the REST APIs using programming tools such as Postman or ReadyAPI, or you write code that you intend to compile, the full authorization credentials are required for the API to be allowed to be executed.
Note: RemoteSyncAPIKey is needed to enable synchronization between CVA and Velocity / Pulse campaigns. Only the key:token data needs to be supplied in this case.
Obtaining your API Key
The API key is created when the Cyara Portal user credentials are issued and is associated with a specific user. To obtain your API key, do the following:
Procedure
- Log on to Cyara Platform.
- Click Settings > API.
Your API key is available in the Key field and never changes. Treat your API key as you would any other password.
Note: API menu is not available for SSO-enabled users
Generating your Access Token
You can generate the token as often as needed. Each time the token is generated, all prior tokens are invalidated. Tokens do not expire, they are replaced when the token is regenerated. Any applications with authorization credentials embedded in the code must be updated each time the token changes.
To generate an access token, do the following:
Procedure
- Log on to your Cyara Portal.
- Click Settings > API.
- In the Manage Your API Authentication screen, click Generate Token. Save all of the text in the Usage field that populates (excluding the "Authorization:" wording).
- Copy the token and save it somewhere secure. The token will not be displayed once you close the window. However, this does not imply that the token is no longer valid.
Using API Tokens
Prior to sending HTTP request create a Headers object as shown in the example below:
Python:
header = requests.structures.CaseInsensitiveDict()
header["accept"] = "application/json"
header["Content-Type"] = "multipart/form-data"
header["Authorization"] = "ApiKey [enter your key here]"
and add this header in the HTTP Request. Example:
Python:
r=requests.post(url, headers=header, data=f)
Note: If you'd like to see more examples please add a comment to this article below.
Void API Tokens
API Tokens are marked as void after three API calls are made using an invalid Token/Key pair. Tokens currently do not expire automatically after a scheduled period of time. Support for time-constrained tokens will be added in a future release.
Comments
10 comments
I Would like to see more example for this API
Thanks for your feedback! Are you looking for a specific programming language?
Please let us know.
I would like to see more examples for the API we are using Python
Thanks for the feedback! What API examples are you looking for, or was there a specific task you were looking to complete using the Cyara API and a Python script?
Please let me know and I will follow this up with the team.
I am currently looking to migrate from our on-prem cyara instance to a new cloud instance that we have. we currently have approx 11k test cases to migrate as well as something like 60 user accounts that need to be moved over. After looking at the swagger it seems that the import request is limited to about 1k test cases. We currently have an internal tool we have built to export the cyara test case results to a different software the business uses. Is there a way to make this process simple without the need to build out a special tool for it?
I sent you a code example on how to import thousands of test cases using the API. The idea is quite simple: parse it and import individually.
Unfortunately, I couldn't test it with the file as big as yours, but it should work. Please let us know how it goes and we will publish the code in our examples section.
I would like to see more documentation on integrating with your SSO implementation.
Hi Stuart!
SSO is a different topic. I will be happy to help you with it. I will convert your question into the support ticket.
Thanks!
Hi ,
Could you please share the code how Cyara authentication can be done for API requests in powershell. Since when I am trying to use the code as explained in your topic I am getting below error. I have added the code and outcome below for your reference.
powershell code:
Error that is showing when executing above code;
It seems that the error caused not by the authentication, but the way you use the API call. Instead of the AccountID, which is, essentially the customer instance in the Cyara portal, you're trying to use username:
You need to use something like this:
AccountID is the account id in the Cyara portal URL. For example:
Please sign in to leave a comment.