On This Page
SecureCloud APIs
Overview
SecureCloud provides a means of extracting data and changing settings outside of the product UI through REST APIs. They can be run interactively from the API homepage, or from any other source. When run interactively, the API call requires a valid API access key or user/password that have sufficient permissions for the operation requested and appropriate parameters where required. When run from any other source, the API access key is the only method available.
What Can I Do Here?
View the API Structure
The APIs are grouped by functionality. Click on the desired API to view its structure.
Cloud Accounts
Actions and data retrieval related to your SecureCloud public cloud accounts
- Return a list of all public cloud accounts monitored by SecureCloud
- Define a new public cloud account to SecureCloud
- Change a public cloud account definition in SecureCloud
- Delete a public cloud account definition from SecureCloud
- Return a list of all public cloud account credentials defined in SecureCloud
- Define a new set of public cloud account credentials to SecureCloud
- Change a set of public cloud account credentials defined in SecureCloud
- Delete a set of public cloud account from SecureCloud
Assets
Data retrieval related to your SecureCloud public cloud account assets
- Return a list of all public cloud assets monitored by SecureCloud
- Return properties of a specific public cloud asset monitored by SecureCloud
- Return network details of a specific public cloud asset monitored by SecureCloud
Public Cloud Policy
Actions and data retrieval related to your SecureCloud public cloud policy
- Return a list of all SecureCloud public cloud policy rules
- Replace the entire SecureCloud public cloud policy with new rules
CVE
Actions related to CVEs for SecureCloud assets
-
Add CVE vulnerabilities
Reports
Metrics and statistics
- Return the number of monitored cloud accounts and services by vendor
Run APIs
Before you can run any APIs interactively, you need to authenticate using either an API Access Key or a user/password that have the permissions required to execute the action specified by the API. Once authenticated, you can run any API that the API access key allows, without authenticating again. Using user/password will time out after a period of inactivity.
Authenticate Access Permission
- Go to your API homepage - How do I Get Here?
-
In Account, enter the name your SecureCloud account, When you are logged in, it appears in your current URL as indicated by {Account} below.
-
Click Authorize. The Available Authorizations window appears. There are two ways to authenticate - using an API access key or user/password:
-
Authenticate using an API access key
- Paste your API access key in Value and click on Authorize. If the authentication is successful, the status 'Authorized' appears and the Authorize button changes to Logout.
- Click the Close button to return to the API homepage. You can return and log out whenever you need by clicking again on the Authorize button from the API homepage.
-
Authenticate using User/Password
- Enter user name (email) and password and click on Authorize. If the authentication is successful, the status 'Authorized' appears and the Authorize button changes to Logout.
- Click Close to return to the API homepage. You can return and log out whenever you need by clicking again on the Authorize button from the API homepage.
- Ignore the fields Client credentials location, client_id, client_secret.
-
Test the API in the API Homepage
If the API you want to run is for a specific resource, you will need to first run the API that list all the resources and identify the appropriate resource ID, name or other identifier(s) from the list.
- Click the desired API.
- Click Try it out.
- If the API is for a specific resource (e.g. update, delete operations), enter the desired resource ID or other required identifier(s) obtained previously from the list of all resources.
- If the API requires parameters (e.g. add, update operations), modify the parameter values displayed under Request body.
- Click Execute. The curl command, request URL and the server response appear.
Running the API from a Program
When making the API call from anywhere outside of the SecureCloud API homepage, from a program or command line, a valid API access key is required. This can be a permanent key created in API Access Keys or a temporary one created as described below.
Create a Temporary API Access Key
-
Make the following API call
POST https://{Account}.securecloud.tufin.io/api/rome/tokenwith body property x-www-form-urlencoded and
with parameters:
- username: Your SecureCloud user name (email)
- password: Password for the username
- grant_type: Password (fixed value, as written)
- client_id: Express (fixed value, as written)
Example:
The response will be received in field 'key', in the parameter 'access-token'
Run the API from a Program or Command Line
-
Make the API call with header 'Authorization: Bearer $(APIAccessKey}', where APIAccessKey is the temporary access key created above or a permanent access key created in the UI.
Example using Postman:
Example with command line
curl -X 'GET' \ 'https://generic-bank.securecloud.tufin.io/api/v1/iris/conf/accounts' \ -H 'accept: application/json' \ -H 'Authorization: Bearer iOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJ...-H 'accept: application/json' \
When you make the API call in the API homepage, the curl command appears in the output. You can copy/paste it to the desired location.
Example:
How Do I Get Here?
To get the API homepage, click the ? help icon that appears at the top of every screen > API documentation,
or edit your SecureCloud account URL, replacing everything after 'tufin.io/' with 'api-documentation' and paste it in a new browser tab/window.
