Managing access keys to the public API of SDMC

SDMC features a public API allowing to interrogate your SDMC server via your own orchestration tools, e.g. to extract its administration logs.

To authorize these queries, you must provide keys to third party tools.

The administrator must have the Managing API keys permission. For more information, refer to the section Managing administrators in SDMC.

The API keys menu of the SDMC console allows viewing the API keys generated for a company account, creating some and also revoking them by deleting them. Once generated in SDMC, you can no longer view the value of the keys. Ensure they are stored in a secured location.

By default, API keys expire after one year.

WARNING
An API key grants administration privileges directly on the SDMC server. To prevent security vulnerabilities, ensure that the workstations from which requests are sent through the SDMC API are safe and located within a restricted administration perimeter, such as a dedicated administration network.

To see examples on how to use the API with keys, refer to https://github.com/stormshield/sds-sample-api.

For more general information about the SDMC API and its use, refer to the API documentation.

  1. Select the API keys menu on the left.
    This menu appears only if you have the Managing API keys administration permission.
  2. Click on Add at the top on the right.
  3. Enter a name for the key in alphanumeric characters. Name must not be longer than 200 characters.
  4. Click on Add.
    The API key zone indicates the character string matching the key.
  5. Click on Copy and paste this string in a secure location. This step is essential if you wish to use the key, as it will no longer be displayed after this for security reasons.
  6. Click on Close to go back to the API keys window.
    The imported certificate then appears in the list. It will be valid for a year and its expiration date appears. The window shows all the keys generated for your company account.
  1. Select the API keys menu on the left.
  2. Click on to the right of the key you wish to revoke.
  3. Click on Remove definitely.

Queries possible via the SDMC API are documented in this page. More precisely you can use these queries to extract the administration logs from the server.