Help Center
News
Indusface
Help Center
News
Indusface
AppTrana
Indusface WAS
Indusface WAS MSSP
WAS MSSP Consultant
Additional Resources
Zero-Day Vulnerability Reports
Security Bulletins
AppTrana API Integration
AppTrana API Access via Token-Based Authentication API Request to Purge CDN DataUpdate Origin Server Address through API CallAPI Request to Blacklist IPs
Release Notes

AppTrana API Access via Token-Based Authentication

AppTrana now supports a token-based authentication method for secure, programmatic access to its APIs. This method uses Client Credentials (API ID and Key) configured under Settings > SIEM Integration > API Integration tab. 

Step 1: Generate Access Token

Use your API ID and Key as client_id and client_secret to fetch an OAuth 2.0 token.

Endpoint

HTTP Method: Post 

POST https://tas.indusface.com/wafportal/rest/siem/v1/getAuthToken

 Request (cURL)

curl --request POST \
--url https://tas.indusface.com/wafportal/rest/siem/v1/getAuthToken \
--header "Content-Type: application/x-www-form-urlencoded" \
--data "client_id=<API_ID>&client_secret=<API_KEY>&grant_type=client_credentials"

Sample Response:

{
"access_token": "lpOtq1pRe0QgV5qvPaRDgRugBQrstYYv",
"token_type": "Bearer",
"expires_in": 86288
}

The token is valid for approximately 24 hours. More details.

Step 2: Use Token in API Requests

Once you receive the access token, pass it as a Bearer token in the Authorization header of your API requests.

Get All Websites

Use the below endpoint to get information about all the sites added to your account.

Endpoint:

GET https://tas.indusface.com/wafportal/rest/v2/website/get-websites

Request:

curl --request GET \
--url https://tas.indusface.com/wafportal/rest/v2/website/get-websites \
--header "Authorization: Bearer lpOtq1pRe0QgV5qvPaRDgRugBQrstYYv" \
--header "Content-Type: application/json" \
--data '{}'

Example: Blacklist an IP

Endpoint:

POST https://tas.apptrana.com/wafportal/rest/settings/blacklistIpList

Request:

curl --location "https://tas.apptrana.com/wafportal/rest/settings/blacklistIpList" \
--header "Authorization: Bearer lpOtq1pRe0QgV5qvPaRDgRugBQrstYYv" \--header "Content-Type: application/json" \
--data '{
"websiteIds": [12345, 7373],
"ips": ["192.168.1.100"]
}'

 

  • Keep your API ID and API Key confidential.
  • You may reuse the token across APIs until it expires (~24 hours).
  • If your IP is not allowed in the connector settings, authentication will fail.

For questions or feedback, please contact us at support@indusface.com

Was this helpful?

Powered by Product Fruits