API Credentials Management

You can manage and add credentials for your sub-estates.

Restriction You must be an Enterprise Super Admin to manage and add API credentials.

You can use Sophos APIs to manage users, endpoints, alerts, and security settings. You can also perform forensic analysis.

We use roles to allow you to control what API users can do. You assign a role to a set of API credentials when you create them. This controls what users using those credentials can do.

Roles with management permissions allow users to use APIs to do the following:

  • Query, create, update, and delete users and user groups.
  • Query and deal with alerts.
  • Query endpoints and perform actions on them, such as run a scan.
  • View and change endpoint protection global settings.

Roles with forensic permission allow users to use the API to run predefined or custom Live Discover queries on selected endpoints.

Note The first time you click API Credentials Management you must read and accept the terms and conditions of use.

To add credentials, do as follows:

  1. Go to Settings & Policies > API Credentials Management.
  2. Click Add Credential and give the credential a name and description.
  3. Choose which role you want to assign. Choose from the following roles:
    • Service Principal Super Admin: Users with this role can perform all API operations with full CRUD (Create Read Update Delete) capabilities and have access to queries.
    • Service Principal Management: Users with this role can view and manage admins, roles, endpoints, and security policies but can't run or view queries.
    • Service Principal Forensics: Users with this role can create, view, run, and delete Live Discover queries.
    • Service Principal Active Directory Sync: Users with this role can perform Active Directory synchronization. They can't do anything else.

    We recommend giving API users and applications only the level of access they need. You should keep their access as specific as possible.

    API Credentials
  4. Click Add.

    This generates the credential, together with a Client ID and a Client Secret.

  5. Copy the Client ID and Client Secret.
    Note You can only see the Client Secret once.

To delete an API credential, select it in API Credentials Management and click Delete.