Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=API-credential-management-third-party-access

Third-party access via APIs

You can set up third-party read-only API access to your Sophos Central account. For example, you may want to allow a cyber insurance provider to assess and monitor your organization's security posture.

Set up read-only API access

  1. Go to My Products > General Settings > API Credentials Management.

  2. If prompted, accept the Terms of Use Agreement & Privacy Policy. Otherwise, go to the next step.

    API Credentials Terms of Use.

  3. Click Add credential.

  4. On the Add credential dialog, do as follows:

    1. Enter the name of the credential.
    2. (Optional) Enter a description for the credential.
    3. In Role, select Service Principal ReadOnly.
    4. Click Add.

    Service Principal ReadOnly role.

  5. On the API credential summary page, copy the Client ID and Client Secret values.

    Note

    The secret is only shown once. Make sure you keep it somewhere safe.

    API credential summary.

  6. Follow the third party's instructions to securely transfer the API credentials, for example in an HTTPS web form.

    Make sure you use the correct API host for the tenant's data region. See the following section.

Warning

You must delete the credentials as soon as the third-party no longer needs access to your data. You can delete the credentials any time to revoke access.

API hosts for data regions

The following table shows you the corresponding API host for each data region. For more information, see How Our APIs Work.

Data geography Data region API host
United States US (West) https://api-us01.central.sophos.com
United States US (East) https://api-us03.central.sophos.com
EU Ireland https://api-eu01.central.sophos.com
EU Germany https://api-eu02.central.sophos.com
Canada Canada https://api-ca01.central.sophos.com
Australia Australia https://api-au01.central.sophos.com
Japan Japan https://api-jp01.central.sophos.com
Brazil Brazil https://api-br01.central.sophos.com
India India https://api-in01.central.sophos.com

What's shared

The ReadOnly API role can read a range of data, but not add, remove, or change it. Mainly, you're allowing the third party to see:

  • Alerts and events
  • Account health check results
  • Device details
  • Policy configuration

The third party may not look at all the information provided via APIs. Please speak with them to understand exactly what they'll access and how they'll use the data.