Generating an Authentication Token

The authentication token must be included in the Authorization field of your request header. Make sure you have obtained the authentication token from the Cloud App Security management console before creating your request.

  1. Log on to the Cloud App Security management console.
  2. Go to Administration > Automation and Integration APIs.
  3. Click Add, and then select the target that you want to create an authentication token for.

    You can create more than one authentication token for external applications to use, but only one authentication token for Apex One as a Service.

    A maximum of 20 authentication tokens in total is supported.

  4. On the Add Authentication Token for <Target Name> screen that appears, specify a name and optionally a description for the token.

    The name cannot exceed 128 characters and the description cannot exceed 1,024 characters.

  5. Select at least one API type to which the authentication token applies.

    The Log Retrieval and Threat Investigation APIs apply only to the selected targets in enabled Cloud App Security policies.

  6. Perform the following:

    If you select...

    Do the following...

    User account under Threat Mitigation

    Click Click here to provide your Microsoft Office 365 Global Administrator credentials to grant permission to obtain user account related data.

    Email message and user account under Intelligent Investigation

    Click Click here to provide your Microsoft Office 365 Global Administrator credentials to grant permission to access user profiles and mailboxes.
    Note:

    The authentication token can be created successfully without performing authorization, but the corresponding APIs cannot work properly due to lack of full permission to access service data. Trend Micro recommends that you complete the required authorization either during the token creation or immediately after the token is created.

  7. Click Create Token.

    The generated token is displayed on the Automation and Integration APIs screen.

  8. Optionally perform the following as necessary:
    Option Description

    Edit an authentication token

    1. Click the name of the authentication token.

    2. On the screen that appears, edit the name or description.

    3. Select or unselect the check boxes to change the API type.

      Note:

      For certain API types, you also need to perform authorization.

    4. Click Update.

      Modifying only the name or description does not change the token itself. Modifying the API type changes the token. Performing authorization for an already selected API during token creation does not change the token.

    Delete an authentication token

    Select the token and click Delete.

    Any subsequent API request message that contains the deleted authentication token will fail.

    Refresh an authentication token

    Select the token and click Refresh.

    Typically, 10 days before the authentication token expires, Cloud App Security sends an alert email message to your mailbox.

    An authentication token is valid for 365 days since being generated. After the expiration time, the token becomes invalid. Any subsequent API request message that contains the invalid authentication token will fail. You can choose to delete the current token and add a new one, or select the invalid token and refresh it.

    The token itself will change after it is refreshed.

Fill the authentication token in the Authorization field of the API request header in the following format: Bearer <authentication token>.

For more information, see Understanding the Request Header.

Parent topic: Getting Started with Cloud App Security APIs