We offer a free REST API as part of your licensing. You can use the API to get your data into to your SIEM (security information and event management) system, such as Splunk or Power BI. Or you can offload the data into your own backend or integrate seamlessly into your ticketing system. You can read all data you can see in the portal and approve or deny requests through the API.
Pull (API) versus Push (WebHooks)
There are two ways you can get a copy of your data from us. The most typical way to get data is for you to call our public API in interval to download data (pull from your side). You can also subscribe to WebHooks (Push from our side).
The advantage of WebHooks is that you get your data in real-time instead of pulling data in intervals. The drawback is that you have to have a public webserver to retrieve the data and you would still need the API to approve requests. There are also many SaaS systems that allow you to integrate with WebHooks – such as getting notified in Teams or Slack by pointing a WebHook from Admin By Request to such system. WebHooks and public API have the same data structure. The difference is only in the delivery model – Push vs Pull. You configure WebHooks in your settings under Settings -> Data -> WebHooks.
If you use the API instead of WebHooks, you must first enable the API and set up an API key. This is done by logging into your portal account and navigating to Settings -> Data -> API. You can use the copy icon to the right of the api key to copy it to the clipboard.
You can authenticate in two ways when consuming the API:
- Send the api key as a header named “apikey” – see screenshot further down
- Use standard basic authentication and send api key as the password (username is ignored)
Please refer to the API Query from PowerShell blog for further screenshots.
These quota rules are enforced to avoid flooding the API. If quotas are passed, access will automatically be blocked for your tenant until next business day.
- Daily quota: 100,000 API calls
Data are returned in json format and standard http status codes apply (e.g. 200 = OK, 404 = Not Found, 500 = Server error). The ambition is to keep the structures as similar as possible to how they appear in the portal. If you need to do initial investigation or data mining, you can easily extract the data using postman. All you have to do is add the basic authentication password or add the apikey under “headers” and call an url, as shown below. Click one of the buttons for documentation and url to call of the APIs.
Emptying requests from an external system
If you need to empty the requests queue to an external system and approve or deny requests from there, you can download this step-by-step guide that explains this specific use-case of the API. Note that if you use ServiceNOW, you do not need to use the API. We do have a native app for this scenario, please refer to this page for more information.