Cloud App Security provides programmatic access through Cloud App Security Automation and Integration Representational State Transfer (REST) APIs, allowing customers to obtain certain product service data and perform operations on email messages and email accounts as necessary. This offers automated capabilities to help the security team of your organization improve their efficiency and effectiveness with which they can investigate, detect, and respond to security issues.
Cloud App Security supports the following types of APIs:
Log retrieval: gets security event logs from Cloud App Security to your Security Information and Event Management (SIEM) or syslog platform for further threat detection and security analytics.
Threat investigation: sweeps email messages in protected mailboxes for those that match meta information search criteria to investigate and understand the impact of detections.
Threat mitigation: performs operations on email messages and user accounts to remediate or prevent your email service from further security attacks.
Using these APIs may potentially expose sensitive information. Therefore, to ensure that only trusted applications can use the APIs, generate an authentication token that the trusted applications send with API requests. Cloud App Security verifies the validity of all API requests from third-party applications and systems using the token information and returns the requested data to them.
Perform the following steps to properly utilize the Cloud App Security REST APIs:
Create an authentication token on the Cloud App Security administrator console and fill the token in the header of the request to the intended API.
For more information, see Generating an Authentication Token.
Create a valid API request that consists of a method, a URL, a request header, a list of request parameters, and optionally a request body.
For more information, see the following topics:
Verify whether Cloud App Security accepted the API request.
For more information, see API Responses.