Skip to main content

Netskope Help

API Tokens

Netskope Cloud Exchange exposes a REST API to enable nearly every equivalent GUI command to be programmatically triggered. However, each REST API call requires valid credentials. Users who are given API access will be able to create a Client ID and Client Secret. Note, this is NOT the same API token that you use for communicating with your Netskope tenant.

You can create API tokens by going to Settings > Users and clicking on the API Tokens tab.

image13.png
  1. API access user can create new API tokens by clicking Create new token, which opens a form to create new tokens at the same credentialed level as the user has in the GUI.

  2. API access user can copy the Client Secret using the copy button, and Client ID and Client Secret can be used to access Cloud Exchange APIs.

    image51.png
  3. Users can fill in a description and expiry days for the token.

image14.png

After the tokens are created, copy them and return to the Configure New Tenant page. Please note, a v1 token is required for adding a Netskope tenant in Cloud Exchange but will not be used if a v2 endpoint is available.

The Cloud Exchange platform v1REST API support is as follows:

REST API v1Endpoint

Permission

Log Shipper (CLS)

Ticket Orchestrator (CTO)

Threat Exchange (CTE)

User Risk Exchange (URE)

App Risk Exchange (ARE)

Notes

Token Generated and Not Expired

(all)

x

Required for sharing file hashes

You can use the iterator API endpoint by enabling the toggle button Use Iterator Endpoint. The toggle button will only be accessible if you have a provided a v2 token. If you opt for the Iterator API endpoints, all the Threat IoCs, Alerts, and Events will be fetched by the Iterator API endpoints. You have to provide access to the above mentioned API endpoints while generating the v2 API token.

V2 Endpoint Scopes

Create a V2 token with these endpoint scopes.

REST API v2 Netskope Endpoint

Privilege Level

Log Shipper (CLS)

Ticket Orchestrator (CTO)

Threat Exchange (CTE)

User Risk Exchange (URE)

App Risk Exchange (ARE)

Notes

/api/v2/events/data/alert

Read

o

o

CE 3.0-4.0; phasing out

/api/v2/events/data/application

Read

o

CE 3.0-4.0; phasing out

/api/v2/events/data/audit

/api/v2/events/data/infrastructure

Read

Read

o

o

CE 3.0-4.0; phasing out

CE 3.0-4.0; phasing out

/api/v2/events/data/network

Read

o

CE 3.0-4.0; phasing out

/api/v2/events/data/page

/api/v2/events/dataexport/events/alert

/api/v2/events/dataexport/events/application

Read

Read

Read

o

x

x

x

CE 3.0-4.0; phasing out CE 4.0+

CE 4.0+

/api/v2/events/dataexport/events/audit

Read

x

CE 4.0+

/api/v2/events/dataexport/events/connection

/api/v2/events/dataexport/events/incident

Read

Read

x

x

CE 4.0+

CE 4.0+

/api/v2/events/dataexport/events/infrastructure

Read

x

CE 4.0+

/api/v2/events/dataexport/events/network

Read

x

CE 4.0+

/api/v2/events/dataexport/events/page

/api/v2/policy/urllist/file

Read

Read + Write

x

x

CE 4.0+

CE 3.0+

/api/v2/policy/urllist

Read + Write

x

CE 3.0+

/api/v2/policy/urllist/deploy

Read + Write

x

CE 3.0+

/api/v2/incidents/uba/getuci

/api/v2/ubadatasvc/user/uci

Read + Write

Read + Write

x

x

CE 3.0+

CE 3.0+

/api/v2/services/cci/app

Read

x

CE 4.0+

/api/v2/services/cci/domain

/api/v2/services/cci/tags

Read

Read

x

x

CE 4.0+

CE 4.0+

"o" signifies this endpoint is being phased out.