API Tokens
Netskope Cloud Exchange exposes a REST API to enable nearly every equivalent GUI command to be programmatically triggered. However, each REST API call requires valid credentials. Users who are given API access will be able to create a Client ID and Client Secret. Note, this is NOT the same API token that you use for communicating with your Netskope tenant.
You can create API tokens by going to Settings > Users and clicking on the API Tokens tab.
![]() |
API access user can create new API tokens by clicking Create new token, which opens a form to create new tokens at the same credentialed level as the user has in the GUI.
API access user can copy the Client Secret using the copy button, and Client ID and Client Secret can be used to access Cloud Exchange APIs.
Users can fill in a description and expiry days for the token.
![]() |
After the tokens are created, copy them and return to the Configure New Tenant page. Please note, a v1 token is required for adding a Netskope tenant in Cloud Exchange but will not be used if a v2 endpoint is available.
The Cloud Exchange platform v1REST API support is as follows:
REST API v1Endpoint | Permission | Log Shipper (CLS) | Ticket Orchestrator (CTO) | Threat Exchange (CTE) | User Risk Exchange (URE) | App Risk Exchange (ARE) | Notes |
---|---|---|---|---|---|---|---|
Token Generated and Not Expired | (all) | x | Required for sharing file hashes |
You can use the iterator API endpoint by enabling the toggle button Use Iterator Endpoint. The toggle button will only be accessible if you have a provided a v2 token. If you opt for the Iterator API endpoints, all the Threat IoCs, Alerts, and Events will be fetched by the Iterator API endpoints. You have to provide access to the above mentioned API endpoints while generating the v2 API token.
V2 Endpoint Scopes
Create a V2 token with these endpoint scopes.
REST API v2 Netskope Endpoint | Privilege Level | Log Shipper (CLS) | Ticket Orchestrator (CTO) | Threat Exchange (CTE) | User Risk Exchange (URE) | App Risk Exchange (ARE) | Notes |
---|---|---|---|---|---|---|---|
/api/v2/events/data/alert | Read | o | o | CE 3.0-4.0; phasing out | |||
/api/v2/events/data/application | Read | o | CE 3.0-4.0; phasing out | ||||
/api/v2/events/data/audit /api/v2/events/data/infrastructure | Read Read | o o | CE 3.0-4.0; phasing out CE 3.0-4.0; phasing out | ||||
/api/v2/events/data/network | Read | o | CE 3.0-4.0; phasing out | ||||
/api/v2/events/data/page /api/v2/events/dataexport/events/alert /api/v2/events/dataexport/events/application | Read Read Read | o x x | x | CE 3.0-4.0; phasing out CE 4.0+ CE 4.0+ | |||
/api/v2/events/dataexport/events/audit | Read | x | CE 4.0+ | ||||
/api/v2/events/dataexport/events/connection /api/v2/events/dataexport/events/incident | Read Read | x x | CE 4.0+ CE 4.0+ | ||||
/api/v2/events/dataexport/events/infrastructure | Read | x | CE 4.0+ | ||||
/api/v2/events/dataexport/events/network | Read | x | CE 4.0+ | ||||
/api/v2/events/dataexport/events/page /api/v2/policy/urllist/file | Read Read + Write | x | x | CE 4.0+ CE 3.0+ | |||
/api/v2/policy/urllist | Read + Write | x | CE 3.0+ | ||||
/api/v2/policy/urllist/deploy | Read + Write | x | CE 3.0+ | ||||
/api/v2/incidents/uba/getuci /api/v2/ubadatasvc/user/uci | Read + Write Read + Write | x x | CE 3.0+ CE 3.0+ | ||||
/api/v2/services/cci/app | Read | x | CE 4.0+ | ||||
/api/v2/services/cci/domain /api/v2/services/cci/tags | Read Read | x x | CE 4.0+ CE 4.0+ |
"o" signifies this endpoint is being phased out.