How to authenticate to the Enterprise API in the CSPM platform
TABLE OF CONTENTS
- Introduction
- Aqua CSPM platform
- Aqua CSPM API vs. Aqua Enterprise API (Workload Protection)
- SSO Authentication
- How to collect the token from CSPM API to authenticate with Enterprise API (Workload Protection)
- How to connect to Enterprise API (Workload Protection) using the Bearer Token generated by the CSPM API
Introduction
This article explains how to connect and authenticate to the Aqua Enterprise API in the CSPM platform.
Aqua CSPM platform
The Aqua CSPM platform is comprised of two integrated products:
- The Aqua CSPM platform, which is the comprehensive solution for multi-cloud security posture management (check the official link below for more information)
- The "Workload Protection" module (see image below) which is the integrated version of the Aqua Enterprise with the Aqua CSPM interface.
To learn more about CSPM, please go to https://www.aquasec.com/products/cspm/.
Aqua CSPM API vs. Aqua Enterprise API (Workload Protection)
There are two APIs present in this solution:
- Aqua CSPM API
- Aqua Enterprise API (Workload Protection)
Although we use both APIs, the main idea would be to just use the first API (CSPM) to generate the token the authentication so we can access Aqua Enterprise API (Workload Protection).
SSO Authentication
Important: This step cannot be done manually by the user and, for that, the user must create a ticket directly with Aqua support for this option to be modified according to the customer's request. For users who have chosen to use the SSO feature to authenticate themselves, there is a workaround that can be found at How to authenticate to Aqua CSPM API (api.cloudsploit.com) for users with SSO authentication method enabled.
How to collect the token from CSPM API to authenticate with Enterprise API (Workload Protection)
To create the token, first access the Aqua CSPM platform API through the link below:
US: https://api.cloudsploit.com/v2/signin
EU: https://eu-1.api.cloudsploit.com/v2/signin
Asia-1: https://asia-1.api.cloudsploit.com/v2/signin
Asia-2: https://asia-2.api.cloudsploit.com/v2/signin
Now it is necessary to use the POST method using the curl command to send the variables email and password so that the API returns the Bearer Token necessary for authentication with the API of Aqua Enterprise API (Workload Protection).
API call to generate the bearer token
curl --location --request POST 'https://api.cloudsploit.com/v2/signin' \ --header 'Content-Type: application/json' \ --data-raw '{"email": "your_email@email.com","password": "your_password"}'
Response
{ "status": 200, "code": 0, "data": { "token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoxODQ3NywiYWNjb3VudF9pZCI6NDg3MywiYWNjb3VudF9hZG1pbiI6dHJ1ZSwicGxhbiI6ImVudGVycHJpc2UiLCJ0cmlhbF9lbmQiOm51bGwsInVzZR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoxODQ3NywiSJdLCJ1c2VyX2dyb3Vwc19hZG1pbiI6W10sImNzcF9lbmFibGVkIjp0cnVlLCJjc3BfbWV0YWRhdGEiOnsidXJscyI6eyJlc2VfdXJsIjoiZTR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoxODQ3NywimNvbSIsImVzZV9nd191cmwiOiJlMTFkNTE1YmZiLWd3LmNsb3VkLmFxdWFzZWMuY29tIn19LCJjc3Bfcm9sZXMiOm51bGwsImNzcG1fdXJR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoxODQ3NywiVhc2VjLmNvbSIsImV4cCI6MTYzNzY4MTY5MCwiYXVkaXQiOnRydWUsImlhdCI6MTYzNzY3ODA5MH0.e7TcRhxTwAMV9UaJoC-5d8_lFScQ7v4Ep9vKwyFHS9DoXQ57X5dDgJ_KNjLrtIwQTRxGLHm1lIVnmA93yTmH4yrRePs7AW4zDFA-fwaPW2901yqHsFhyYWhU7WDa4T8OpDow67EZ1kah7MqfUaFXO3aOWXyt7inI1VyRZnjPUkOqfkikGVuXn4LJ80hts_p-RdQRb1avC6vMzVPY5lWgSvWiqVaDHjFqJ96LJC6sbcOP_qUBG-yArZGPDReJGEB4Ri0teX5De0BTRUBN6hIN_eisD4B6z0RwSjuuB0C0Gew6wmQYNPbek-I3o7s7rNvmcuYETHxCXuYE56d2OUZQ", "account_id": 2273, "user_id": 13077, "account_admin": true, "trial_end": null, "email": "your_email@email.com" } }
How to connect to Enterprise API (Workload Protection) using the Bearer Token generated by the CSPM API
How to find the Aqua Enterprise (Workload Protection) API link
Connect to the Aqua CSPM platform through these links
US - https://cloud.aquasec.com
EU - https://eu-1.cloud.aquasec.com
Asia-1 - https://asia-1.cloud.aquasec.com
Asia-2 - https://asia-2.cloud.aquasec.com
Then select the option "Workload Protection", and once you access the Enterprise (Workload Protection) interface, collect the link to your Enterprise environment cloud so we can use it together with Bearer Token to authenticate so we can make API requests.
Authentication method
Once the previous Bearer Token creation process was executed successfully, it is necessary to send the token as a parameter in the header of the POST or GET method, as shown in the example below.
API call method for authentication with Aqua Enterprise
curl --location --request GET 'https://e11d5.cloud.aquasec.com/api/v1/registries' \ --header 'Accept: application/json' \ --header 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoxODQ3NywiYWNjb3VudF9pZCI6NDg3MywiYWNjb3VudF9hZG1pbiI6dHJ1ZSwicGxhbiI6ImVudGVycHJpc2UiLCJ0cmlhbF9lbmQiOm51bGwsInVzZXJfZ3JvdXBzX3VzZXIiOlsiNTQ2MSJdLCJ1c2VyX2dyb3Vwc19hZG1p'
Response
Did you find it helpful? Yes No
Send feedback