π€ Authentication
The SecTrail CM API uses Bearer token-based authentication. To use the API endpoints, you must first obtain an access token.
Creating an API Userβ
Before you start using the API, you should create a user with API role:
Stepsβ
- Navigate to Users > Local Users in the SecTrail CM interface
- Create a new user
- Assign the API role to the user
- Save the username and password
tip
Use strong passwords for API users and store these credentials securely.
Obtaining an Authentication Tokenβ
After creating your API user, you need to obtain an authentication token.
Endpointβ
POST /api/login
Request Bodyβ
{
"username": "api-user",
"password": "your-secure-password"
}
Responseβ
{
"user": "apiuser",
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGci..."
}
Example cURL Commandβ
curl -X POST https://your-sectrailcm-server/api/login \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "username=api-user&password=your-secure-password"
Using the Tokenβ
You must use the obtained authentication token in the Authorization header for all your API requests:
curl -X GET https://your-sectrailcm-server/api/endpoint \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
Token Expirationβ
- Authentication tokens expire after a certain period
- When your token expires, you need to obtain a new token
- The response contains the username (
user) and access token (access_token) information
Security Recommendationsβ
- Never store tokens in your source code
- Use environment variables or a secure vault
- Secure all API requests by using HTTPS
- Renew tokens regularly
- Grant only necessary permissions to API users