Authentication Details

About Authentication

OAuth2 protocol is used to authorize Refresh/Access tokens. To obtain the API, you should generate a refresh token and then request an access token using the /v1/auth/token endpoint. The refresh token will be valid for 6 months, whereas the access token will be available for 2 hours. After getting the access token, add Authorization: Bearer {accessToken} to the header to request access to the below endpoints.

📘

Authentication

/v1/auth/token endpoint is used for getting access token.

All the Picus API endpoints(except create token endpoint) are used with a single authentication.

Step 1 - Getting Refresh Token

The refresh token can be generated from app.picussecurity.com > Settings > Rest API Token.

  • You should click Settings button and select "Rest API Token" menu item.

  • For creating new refresh token, you can click "Generate Token" button and view refresh token.
    Also you can re-generate or delete the refresh token.

2764

Step 2 - Getting Access Token

You can get the access token via request to /v1/auth/token endpoint.
Check the request example below:

curl --location --request POST 'https://api.picussecurity.com/v1/auth/token' \
--header 'Content-Type: application/json' \
--data-raw '{"refresh_token":"copy to refresh token getting by settings / rest api token"}'
{
  "token":"access token will be here", //access token
  "expire_at":1654518145155 //when access token will be expired
}

Step 3 - Request Endpoints with Access Token

The Picus Rest API endpoints can be requested with access token. You should add Authorization header and put access token with Bearer prefix. You can check the example below:

curl --location --request GET 'https://api.picussecurity.com/v1/simulations' \
--header 'Authorization: Bearer access_token' \
Authorization: Bearer access_token