Skip to main content

Create an API only user (Preview) Hosted customers only

Create an API user account that you can use for all plugins or integrations.

Note

This procedure is for hosted customers who have role-based access turned on.

If you are an on-premises customer or do not have role-based access turned on, use this Create API user procedure.

Best practice: Add a user account that's only purpose is for use with plugins and integrations. Doing so avoids a situation where a user leaves and you delete that user's account. The deletion of that account would result in breaking the plugins and integrations that you use.

An API only account does not receive email notifications, even if the notification settings are turned on.

Before you begin

  • API users can access Contrast's REST API but cannot log in to the Contrast web interface.

  • If you configured your organization to use SAML-based single sign-on (SSO), you can still create an API user.

  • Access control guidelines:

    • If you have role-based access control turned on and you need an API only user to run scripts that pull data, the View application action should be sufficient.

    • If you have role-based access control turned on and you need an API only user to remediate vulnerabilities, add applications to Contrast, or run scans, the Edit application action should be sufficient.

    • If you are using role-based access control, assign the user access groups that include the relevant applications and projects to the API only user.

    • Avoid assigning Administrator actions to an API only user. Administrator actions and roles provide additional permissions that an API only user doesn't usually need.

Steps

  1. From the user menu, select Organization settings.

  2. Select Access control.

  3. Select the Users tab.

  4. Select Add user.

    AddUserButtonEN.png
  5. Enter the user's first name, last name, and email address.

  6. Select the API access option.

    Image shows the API only option selected.
  7. Select Add.

  8. In the Users list, verify you see the new user with the API label in the Type column.

    ApiOnly.png
  9. To use the API access account, get the connection strings:

    1. In the Users list, select the API icon This feature is for hosted customers only. in the Type column and copy the Service key and Authorization Header.

      The Service key is unique to each individual user. The value of the Authorization Header contains base64(username:service_key).

      Other keys, such as the Organization ID and API key are shared across all users.

    2. Use these credentials when you use a Contrast API.