Skip to main content

Netskope Help

Get Client Data

This endpoint returns information related to the Netskope Client.

Request Endpoint

Valid query parameters are:






Required. The token obtained from the REST API page in the Netskope UI ( Settings > Tools > Rest API v1) is required. We recommend that you place the token in the body of the request, not in the endpoint URL.


Valid query on the various fields.

This acts as a filter on all the entries in the database.


Positive integer less than 10000

REST API responses can return up to 10000 events in a single response. You can use pagination to retrieve more results.


Positive integer

Skip over some of the events (useful for pagination in combination with limit).


The query fields for this endpoint are slightly different from the others. The way to figure it out is to first get a list of clients, see the data returned, and then figure out the query accordingly.

Example Client Data Request
POST https://<tenant-name>
    "token": "f32a973eddd7bc1602fc0f48dc0a",
    "query": "host_info"} 

Hostname is returned as follows:

     "_id": ,
     "device_id": ,
        "device_make": ,
        "device_model": ,
        "hostname": ,
        "os": ,
        "actor": ,
        "event": ,
        "status": ,
        "_id": ,
        "client_version": ,
        "device_classification_status": ,
           "actor": ,
           "event": ,
           "status": ,
        "user_source": ,
        "userkey": ,

So the query for a particular host should like host_info.hostname eq 'xxx' or host_info.hostname eq 'yyy'.

The backend returns the status of many fields as numeric values. In the UI they are converted to readable text, but not in the REST API. The mappings are provided below:

"device_classification_status": {
    "managed": 0,
    "unmanaged": 1,
    "unknown": 2
"last_event": {
    "status": {
        "Disabled": 0,
        "Enabled": 1,
        "Uninstalled": 2
    "event": {
        "Installed": 0,
        "Tunnel Up": 1,
        "Tunnel Down": 2,
        "Tunnel down due to Secure Forwarder": 3,
        "Tunnel down due to config error": 4,
        "Tunnel down due to error": 5,
        "User Disabled": 6,
        "User Enabled": 7,
        "Admin Disabled": 8,
        "Admin Enabled": 9,
        "Uninstalled": 10,
        "Installation Failure": 11
        "User": 0,
        "Admin": 1,
        "System": 2
"user_source": {
    "Directory": 0,
    "Manual": 1
"host_info": {
    os: {
        "Windows": 0,
        "Mac": 1,
        "Android": 3,
        "Windows Server": 4

The hierarchy is important, so to query for last events the query should be last_events.status = 0 to find the Disabled events.