The Code42 API gives access to the expansive data of our Insider Risk Management (IRM) solution. The API can be used by integrators to pull this IRM data into other tools your security teams may already be using like Security Information and Event Management (SIEM) and Security Orchestration Automation and Response (SOAR) tools. These integrations can be used to build powerful workflows to help your company detect, respond and mitigate insider threats.
The Incydr product supports an access control feature called “API clients”. These clients use OAuth 2.0 and the principle of the least privilege to provide a secure and convenient way to integrate with our API. API clients decouple user accounts from service accounts, so you don’t have to worry about breaking your integrations when your developer leaves.
Oauth 2.0 primer
OAuth 2.0 is a framework comprising a number of different industry-adopted standards focused on authorization. This means OAuth 2.0 is primarily intended to convey what a particular actor in the system is allowed to do (authorization), rather than validate who that actor is (authentication).
Code42 API clients use the OAuth 2.0 client credentials grant. This authorization flow results in an access token that will be redeemed to call APIs.
API clients are valuable over user account credentials because they enable least privilege delegation. This delegated authorization is a central theme of OAuth 2.0. As the owner of the resource, you are in control of what has access and how much access it has.
Consider a user account like yours with access to all these Code42 features. An integration may only need a few of these. Using API clients reduces the risk should the wrong hands get access to your API client credentials.
API clients in practice
Code42’s API clients are built to allow integrators to safely and quickly build secure integrations by following least privilege and industry-standard authorization practices.
Creating an API client
Creating an API client is done through the Code42 administration console.
The API client should be given a descriptive name to differentiate it from other integrations. Then comes the important choice of authorization to grant this API client. It helps to first know what your integration will do and what APIs it needs to access. This authorization can always be modified later on or even entirely revoked.
The end result of creating an API client is to acquire a clientId and secret. These will be used in the next step, getting an access token.
Creating an access token
OAuth 2.0 revolves around the use of access tokens. These are cryptographically signed pieces of data given to you by the authorization server which you can pass into API calls to authorize. As mentioned before, the authorization flow API clients use is referred to as the client credentials flow. Here’s what it looks like:
Once your integration has the access token it’s ready to call the APIs!
Calling APIs with the access token
The access token is referred to as a bearer token since the fact that an API caller is bearing that token is sufficient for them to be authorized. For this reason, it’s very important to keep the API client’s credentials private, especially the client secret.
It’s also important to keep the bearer access tokens secret since those alone can provide API access. The access tokens Code42 issues for API clients have a short lifetime so even if they are leaked they provide a very narrow window of opportunity.
Using the access token only requires that you put the token in the ‘Authorization’ HTTP header of your request like so:
'Authorization: Bearer <access token>'
Getting started on integrations
Code42’s API clients provide a secure and convenient way for your integrations to access our APIs. Through integrations between Incydr and the rest of your tech stack, you can build a seamless Insider Risk Management ecosystem.
Here are some great resources to help you with getting started creating your integrations:
Subscribe to our blog to learn about more updates on our technology, and visit this page if you’d like a deeper dive into how Code42 approaches the principle of least privilege.
Code42 Developer Portal
The Code42 Developer Portal is the place to start as an integrator. Here you can find links to our API documentation that we’ve built to make the integration even easier.