Skip to content

How to generate the Sophos Linux Sensor package repository API token

Prerequisites

SLS is available to new and existing customers with one of the following qualifying product licenses:

  • Intercept X Advanced for Server with XDR
  • Central Managed Detection and Response Essential Server
  • Central Managed Detection and Response Complete Server

Restriction

SLS isn't available with evaluation licenses.

SLS is licensed per device. However, your Sophos Central Devices view and license count won't reflect your SLS instances. You also won't see your SLS devices in Server Protection. This is because SLS can send detection details and alerts to, but isn't managed by, Sophos Central.

Overview

To generate the Sophos Linux Sensor (SLS) package repository API token, you need to do the following:

  1. Create a service principal
  2. Use the service principal credentials to request an SLS package repository API token

Create a service principal in Sophos Central

SLS needs API credentials created by a SuperAdmin in a Sophos Central Admin dashboard. You must configure this in a Sophos Central Admin dashboard and not in a Partner or Enterprise dashboard.

Before you can generate an SLS package repository token you will need to create a service principal. A service principal is a set of credentials that can be used to authenticate and call APIs. You need to have the Super Admin role to do this. To create a service principal, do the following:

  1. Sign in to Sophos Central.
  2. Go to Global Settings > Administration > API Credentials Management.
  3. Click Add Credential.
  4. Enter a Credential name.
  5. Select Service Principal Super Admin for the Role.
  6. Click Add.

  7. Copy your Client ID and Client Secret. You need this information in the following section.

    Copy your Client ID and Client Secret.

    Warning

    For security purposes, the Client Secret cannot be shown again. It is your responsibility to store your client ID and secret securely. If you lose the Client Secret, you must create a new service principal.

Generate an SLS package repository API token

Once you have your service principal API credentials, you can use them to request an SLS package repository access token. To generate an SLS package repository API token, do the following:

Note

The following commands work in a Linux command prompt. To run them in Windows, you will need Windows Subsystem for Linux (WSL). See Install Linux on Windows with WSL.

  1. From a command line prompt, run the following command, replacing {client-id} with the client_id from the previous step, and {client-secret} with the client_secret from the previous step:

    curl -sS -XPOST -H "Content-Type:application/x-www-form-urlencoded" -d "grant_type=client_credentials&client_id={client-id}&client_secret={client-secret}&scope=token" https://id.sophos.com/api/v2/oauth2/token

    A successful API response looks like this example:

    {
"access_token": "{jwt}",
"errorCode": "success",
"expires_in": 3600,
"message": "OK",
"refresh_token": "{token}",
"token_type": "bearer",
"trackingId": "{uuid}"
}

    Tip

    Note the very long string that makes up the {jwt} value in the API response. You need it for all following API calls.

  2. After you've obtained your access token, you need to find your tenant ID. Run the following command, replacing {jwt} with your access_token from the previous step:

    curl -XGET -H "Authorization: Bearer {jwt}" https://api.central.sophos.com/whoami/v1

    A successful API response looks like this example:

    {
    "id": "{tenant-id}",
    "idType": "tenant",
    "apiHosts": {
        "global": "https://api.central.sophos.com",
        "dataRegion": "https://api-us03.central.sophos.com"
    }
}

    Tip

    Note the string that makes up the {tenant-id} value in the API response. You need it for the following API call and after installation.

    You can also find your tenant ID in Sophos Central. Go to Account name > Support settings and note the unique ID for your Sophos Central account. This is your tenant ID.

  3. Run the following command to get your SLS repository token, replacing {jwt} with your access_token and {tenant-id} with your id from the previous steps:

    curl -sS -XPOST -H "Authorization: Bearer {jwt}" -H "Content-Type: application/json" -H "X-Tenant-ID: {tenant-id}" --data '{"label":"SLS Token","type":"sophosLinuxSensor","expiresAt":"2099-06-15T13:21:54.858Z"}' https://api.central.sophos.com/accounts/v1/access-tokens

    Note

    The label value lets you change the name of the token. The expiresAt value is optional and lets you choose when the token expires. If you enter a value for expiresAt that exceeds the expiry date of your server license, it's adjusted to match the expiry date of your server license. See Access Token Management API Guide.

    A successful API response looks like this example:

    {
    "id": "{transaction-id}",
    "token": "{LINUX_REPO_API_KEY}",
    "type": "sophosLinuxSensor",
    "label": "SLS Token",
    "createdAt": "2022-07-06T18:30:24.340Z",
    "expiresAt": "2022-12-02T00:00:00.000Z",
    "url": "https://packages.sophos.com",
    "createdBy": {
        "id": "{user-id}",
        "type": "service",
        "accountType": "tenant",
        "accountId": "{tenant-id}"
    }
}

  4. Note the {LINUX_REPO_API_KEY} string in the response above. It starts with "SLS-". This is your Sophos Linux Sensor package repository access token. You will need this for installation.

You are now ready to install and update SLS from the Sophos Linux Sensor package repository.

More information