Authentication

Before you can use the Secure Network Analytics REST API, you need to authenticate. The same credentials (login/password pair) you use to log in to the user interface for Secure Network Analytics can be used for accessing the Secure Network Analytics REST API. If you do not have credentials, the first step is to contact your Secure Network Analytics administrator.

You authenticate by sending a POST request containing the password to Secure Network Analytics. Assuming your Cisco Secure Network Analytics Manager (formerly Stealthwatch Management Console) is at "smcaddress", the username is "jim" and the password is "password123", an example of using curl to authenticate is shown below:

curl -s -k -c cookies.txt -d "username=jim&password=password123" https://smcaddress/token/v2/authenticate

Assuming the credentials are good, a user session is created and a cookie (stealthwatch.jwt) is returned in the file cookies.txt. You will need to reference the cookie in subsequent calls. In v7.3.2 and later, a second cookie is returned (XSRF-TOKEN). You will need to set an HTTPS header X-XSRF-TOKEN to the value of this cookie for all HTTPS requests (with the exception of GET requests). For more information, refer to the Stealthwatch Release Notes v7.3.2.

NOTE: Your user session will expire after a period of 20 minutes. This is no different to user sessions initiated through logging in via the browser. To renew your session, POST the token again.