Authenticating to Endpoint Security

Creating a user account on the Endpoint server

The Endpoint Security API can be accessed using basic auth or an API token. Both methods will require an administrator to create a user role in the Endpoint Agent. To create the user, the admin will need to login to the Endpoint Agent server's CLI and issue the following commands:

fireeye-01b750 > en
fireeye-01b750 # configure terminal
fireeye-01b750 (config) # username api_user_one role [api_admin | api_analyst]
fireeye-01b750 (config) # username api_user_one password this_is_the_password

Basic Auth

To authenticate via basic auth, the user will need to base64 encode their username and password concatenated by a colon ":". The following snippet demonstrates how to do this on OS X via the command line:

echo "username:password" | openssl enc -base64

To authenticate an API call with basic auth, add the following header to each request.

'Authorization' : 'Basic dXNlcm5hbWU6cGFzc3dvcmQK'

Since the base64 encoded string can easily be decoded, this method is highly insecure to be used on an open network. This method should only be used for debugging and development purposes when the connection between the server and the client is trusted.

API Token

You can use the GET hx/api/v3/token endpoint to generate an API token that can be used to authenticate requests. Simply provide the basic auth header to the /token endpoint and you will receive the API token in the response header named X-FeApi-Token.

Here is an example cURL request demonstrating this action.

curl --location --request GET 'https://{{hx_host}}:{{hx_port}}/hx/api/v3/token' \
--header 'Authorization: Basic YWRtaW46YWRtaW4='

To use the token, simply add the following header to each request:

'X-FEAPI-TOKEN': '<your token here>'

An example cURL request looks like this.

curl --location --request GET 'https://{{hx_host}}:{{hx_port}}/hx/api/v3/version' \
--header 'X-FeApi-Token: {{fe_api_token}}'

The token expires after 2.5 hours or after 15 minutes of inactivity. Use token-based authentication for scripts with many consecutive or concurrent operations.