The authorization credentials comprise two parts; API key and unique access token. Simply put, all API requests must be accompanied by a combination of API key and your unique access token as authorization credentials.
Whether you access the REST APIs using programming tools such as Postman or ReadyAPI, or you write code that you intend to compile, the full authorization credentials are required for the API to be allowed to be executed.
Note: RemoteSyncAPIKey is needed to enable synchronization between CVA and Velocity / Pulse campaigns. Only the key:token data needs to be supplied in this case.
Obtaining your API Key
The API key is created when the Cyara Portal user credentials are issued and is associated with a specific user. To obtain your API key, do the following:
- Log on to Cyara Platform.
- Click Settings > API.
Your API key is available in the Key field and never changes. Treat your API key as you would any other password.
Note: API menu is not available for SSO-enabled users
Generating your Access Token
You can generate the token as often as needed. Each time the token is generated, all prior tokens are invalidated. Tokens do not expire, they are replaced when the token is regenerated. Any applications with authorization credentials embedded in the code must be updated each time the token changes.
To generate an access token, do the following:
- Log on to your Cyara Portal.
- Click Settings > API.
- In the Manage Your API Authentication screen, click Generate Token. Save all of the text in the Usage field that populates (excluding the "Authorization:" wording).
- Copy the token and save it somewhere secure. The token will not be displayed once you close the window. However, this does not imply that the token is no longer valid.
Using API Tokens
Prior to sending HTTP request create a Headers object as shown in the example below:
header = requests.structures.CaseInsensitiveDict()
header["accept"] = "application/json"
header["Content-Type"] = "multipart/form-data"
header["Authorization"] = "ApiKey [enter your key here]"
and add this header in the HTTP Request. Example:
r=requests.post(url, headers=header, data=f)
Note: If you'd like to see more examples please add a comment to this article below.
Void API Tokens
API Tokens are marked as void after three API calls are made using an invalid Token/Key pair. Tokens currently do not expire automatically after a scheduled period of time. Support for time-constrained tokens will be added in a future release.