262-299-4600 • Email us

Public API

We offer a free REST API as part of your licensing. You can use the API to get your data into to your SIEM (security information and event management) system, such as Splunk or Power BI. Or you can offload the data into your own backend or integrate seamlessly into your ticketing system. You can read all data you can see in the portal and approve or deny requests through the API.





Pull (API) versus Push (WebHooks)

There are two ways you can get a copy of your data from us. The most typical way to get data is for you to call our public API in interval to download data (pull from your side). You can also subscribe to WebHooks (Push from our side).

WebHooks

The advantage of WebHooks is that you get your data in real-time instead of pulling data in intervals. The drawback is that you have to have a public webserver to retrieve the data and you would still need the API to approve requests. There are also many SaaS systems that allow you to integrate with WebHooks - such as getting notified in Teams or Slack by pointing a WebHook from Admin By Request to such system. WebHooks and public API have the same data structure. The difference is only in the delivery model - Push vs Pull. You configure WebHooks in your settings under Settings -> Data -> WebHooks.

API

If you use the API instead of WebHooks, you must first enable the API and set up an API key. This is done by logging into your portal account and navigating to Settings -> Data -> API. You can use the copy icon to the right of the api key to copy it to the clipboard.

Rest API portal settings

Authentication

You can authenticate in two ways when consuming the API:
  • Send the api key as a header named "apikey" - see screenshot further down
  • Use standard basic authentication and send api key as the password (username is ignored)
Please refer to the API Query from PowerShell or API Query from Power BI blog for further screenshots and description of this procedure.


Quota

These quota rules are enforced to avoid flooding the API. If quotas are passed, access will automatically be blocked for your tenant until next business day.
  • Daily quota: 100,000 API calls

Data

Data are returned in json format and standard http status codes apply (e.g. 200 = OK, 404 = Not Found, 500 = Server error). The ambition is to keep the structures as similar as possible to how they appear in the portal. If you need to do initial investigation or data mining, you can easily extract the data using postman. All you have to do is add the basic authentication password or add the apikey under "headers" and call an url, as shown below. Click one of the buttons for documentation and url to call of the APIs.

Auditlog API
Requests API
Inventory API
Events API
PIN Code API


Emptying requests from an external system

If you need to empty the requests queue to an external system and approve or deny requests from there, you can download this step-by-step guide that explains this specfic use-case of the API. Note that if you use ServiceNOW, you do not need to use the API. We do have a native app for this scenario, please refer to this page for more information.


Rest API portal settings





LATEST CYBERSECURITY BLOGS

Admin Persona 1 of 5: The 'Pop'

A disruptive scenario of high volume, unpredictability, and urgency - here's how it can play out with and without Admin By Request.

Privileged Access Management Just Got Personal

The terms ‘use case’ or ‘usage scenario’ are cold and soulless words and not a good representation of the type of work we do here. Introducing ‘Usage Persona’: a more human approach to use case scenarios.

Venus Ransomware Hits Healthcare

Initial infection via RDP, killing 39 processes, deleting event logs, then encryption - but all stages of the Venus ransomware attack can be prevented with the right tools.