Skip to content

Create an API User account

An API User account is used by Sophos Central to communicate with Autotask.

To create an API User account, do as follows:

  1. Sign in to Autotask.
  2. Hover over the Autotask icon and go to Admin > Resources (Users).
  3. In Resources, hover over New and select New API User.
  4. In Add API User, under General, enter details in the required fields.

    1. Enter a username and password that Sophos Central will use to access Autotask.


      Make a note of these because you will need these later.

    2. Click Active.

  5. Under Security Level, select API User (system).

  6. Under Credentials, click Generate Key.
  7. Under Credentials, click Generate Secret.

    Autotask credentials.

  8. Under API Tracking Identifier, click Integration Vendor. In the box below, select Sophos Central - Security.

  9. Under Line of Business, select the following and move them into the Associated column:

    • General > IT Services
    • General > Software Development

    Line of Business.

  10. Check that Resource can view items with no assigned Line of Business is selected.

  11. Click Save & Close. The account is added to the list of resources.

    Save API user.

Turn on webhooks

When you create an API user account, you must turn on webhooks so the API user can create and manage webhooks.

To turn on webhooks, do as follows:

  1. In Autotask, hover over the Autotask icon and go to Admin > Company Settings & Users > Resources/Users (HR) > Security > Security Levels.
  2. In Security Levels, expand the Other section.
  3. Select Webhooks and enter the maximum number of webhooks the API user can create during the lifespan of the account.
  4. Click Save & Close.

Before changing the API user for the Autotask integration, make sure the credentials of the previous API user remain active. This way, the integration can automatically remove the webhook that's associated with the previous API user.

When you change the API user for the Autotask integration, this automatically creates a new webhook using the new API user's credentials and will remove the old webhook. If the webhook isn't automatically removed, you must manually remove the webhook created for the previous API user.

To manually remove the old webhook, reactivate the previous API user that's associated with the old webhook and delete the webhook by calling the Autotask API.

For more information on webhooks, see Webhooks.

After creating an API user account, you must turn on the Sophos Central - Security integration vendor. See Turn on the “Sophos Central - Security” integration vendor.