QRadar EDR (formerly ReaQta): Authentication of API client

Steps

The QRadar EDR (formerly ReaQta) API uses JSON Web Tokens (JWTs) to authenticate the API client. JWTs are issued by the Hive server.

The API client handles generating and refreshing these tokens automatically, so it is necessary to provide your application's ID and Secret when you instantiate the client.

To authenticate an external API client, you need to send an API request that uses the POST method from the client.

Steps to execute:

1. Method: POST method is used.
2. Request URL: API call /1/authenticate is used for authentication request. The Request URL looks like:

   https://<Hive Server URL>/rqt-api/1/authenticate

   • Note: While working with ReaQta APIs, make sure to add /rqt-api/ as prefix to the API call.
3. Request Body: Provide the App ID and Secret Key of the API Application already created in the Hive Server. See QRadar EDR (formerly ReaQta): Creating API applications from Hive Server Dashboard for more details regarding API Application.

   {
     "secret": "<Enter the Secret Key string>",
     "id": "<Enter the App ID string>"
   }

4. Header: Make sure to provide the required HTTP Header. For example: 

   ContentType: application/json

5. Responses: You receive following response codes according to the success or failure of your API request.

   Status Code	Description	Example Response Value
   200	OK	{ "token": "xxxxx.yyyyy.zzzzz", "expiresAt": 1617982282 }
   401	Unauthorized	{ "message": "Authentication failed" }