Support Generating Standing API Tokens

Products Privilege Secure Ideas
,
1

What is a one sentence summary of your feature request?

Please allow users/admins to create standing API tokens to make automation of tasks within Netwrix via the API simpler.

Please describe your idea in detail. What is your problem, why do you feel this idea is the best solution, etc.

The ability to grant a standing API token from within the platform would greatly reduce the overhead involved in creating automations revolving around the Netwrix platform. Currently, if you want to create an automation, you would need to create a new user (eating a license), and handle the login flow in your script to get a valid token which can become complicated when dealing with external identity providers. Giving customers the ability to create a standing API token will remove the requirement of dealing with the authentication flow and will greatly reduce the friction of interacting with the API.

How do you currently solve the challenges you have by not having this feature?

Currently, to avoid dealing with complicated authentication flows involving external identity providers, the easiest method of getting an API key for your session is to simply login to the web portal, open dev tools, and copy your token out. This has drawbacks as this token is rotating rather frequently, causing you to consistently keep a web page open refreshing your token.

2

Hey David,

Thanks for reaching out. Are you familiar with application users? They allow for certificate/API Key authentication and should work similarly to your suggestion.

See: Netwrix Documentation

1 Like
3

Ah, I had not seen this before, thank you for the information! Since the documentation you linked is a bit sparse in detail, can you confirm if application users consume a license? Additionally, can you confirm how authentication with the API key is performed; IE: is the API token simply used in the authorization header value, or does it need to be exchanged at the /signInBody endpoint for a bearer token?

4

More information will be coming soon. I have examples on how to use these, I just need to clean them up and provide troubleshooting.

1 Like
5

Yeah, I should probably remove this suggestion as the functionality exists in the application users. Thanks for replying to this topic as well as the API documentation one though.

1 Like
6

Thanks for jumping in Kevin. I had this on my list of to do’s as well but mine are currently in a similar state as yours.

7

No worries, this is exactly why we have the already-exists tag! :slight_smile: