API reference

Authentication

HUMAN uses API tokens to authenticate requests. To use any of our API, you must authenticate every request you make. Requests without proper authentication will fail.

Authorization for certain solutions are slightly different. Be sure you follow the correct instructions for the API you want to use.

To generate a token, you must have access to the HUMAN Console.

❗️

Warning

Tokens are confidential and gives sensitive access to your account. Be sure to store and handle your tokens securely. Do not share this key with others or store them in publicly accessible places.

Getting a token for Account Defender, Bot Defender, or Credential Intelligence

For Account Defender, Bot Defender, or Credential Intelligence, HUMAN uses an application's server token when using API calls. For more on creating and managing applications, see Setting up your application.

To create a token:

  1. From the HUMAN console, navigate to Platform Settings > Applications.
  2. Select the application you would like to identify while using API calls.
  3. Under Application settings, select Server token.
  4. If a token doesn't already exist, select Add server token to generate a new one.
  5. Hover over the new token and select the Copy button to copy it.

You can create up to three server tokens per application at a time.

Getting a token for Code Defender or PCI DSS

📘

Note

If a token does not already exist, you may need to ask HUMAN to generate one for you. Contact us at [email protected] to do so.

To access a token for the Code Defender or PCI DSS API:

  1. Navigate to Code Defender > Settings > Integrations > Integration Settings.
  2. Select CD API Integration.
  3. Copy an available token.

Tokens have an expiration date. Make sure to generate a new token before the previous one expires. If you think a token has been compromised, contact HUMAN support.

Authenticating requests

You can authenticate requests using your token with --header 'authorization: Bearer <token>'. You do not need to provide a password.

For example, to authenticate a request to get a list of custom rules:

curl --request GET \
     --url https://console.humansecurity.com/api/v2/botDefender/customRules \
     --header 'accept: application/json' \
     --header 'authorization: Bearer <token>