Skip to main content

API v1.0

Cyberhaven API v1.0 is the legacy REST API implementation for platform configuration and data querying. Use these endpoints to integrate with SIEMs, SOAR, ticketing, and asset management tools.

info

Legacy API API v1.0 is a legacy implementation. For new integrations, consider using which provides enhanced functionality and better performance.

Available Endpoints

The v1 API provides three main endpoints:

EndpointDescriptionDocumentation
EndpointsManage and query endpoint sensor statusEndpoints API
IncidentsQuery and manage security incidentsIncidents API
Audit LogAccess dataflow audit logsAudit Log API

Quick Start

1. Generate API Token

  1. Login to the Cyberhaven dashboard
  2. Navigate to /api-tokens page
  3. Create a new API token
  4. Save the refresh token securely

2. Generate Access Token

REFRESH_TOKEN="your-refresh-token-from-ui"
DEPLOYMENT="your-tenant.cyberhaven.io"

TOKEN=$(echo $REFRESH_TOKEN | base64 -Dd | xargs -0 -I{} curl \
  -H 'content-type: application/json' \
  https://$DEPLOYMENT/user-management/auth/token \
  -k --data '{}')

3. Test API Access

curl -H 'content-type: application/json' \
  -H "Authorization: Bearer $TOKEN" \
  https://$DEPLOYMENT/api/rest/v1/endpoints/list \
  -k --data '{}'

Complete Setup Script

#!/bin/bash

# Configuration
REFRESH_TOKEN="get-your-token-from-/api-tokens"
DEPLOYMENT="your-deployment.cyberhaven.io"

# Generate access token
TOKEN=$(echo $REFRESH_TOKEN | base64 -Dd | xargs -0 -I{} curl \
  -H 'content-type: application/json' \
  https://$DEPLOYMENT/user-management/auth/token \
  -k --data '{}')

# Test endpoints API
echo "Testing Endpoints API..."
curl -H 'content-type: application/json' \
  -H "Authorization: Bearer $TOKEN" \
  https://$DEPLOYMENT/api/rest/v1/endpoints/list \
  -k --data '{}'

# Test incidents API
echo "Testing Incidents API..."
curl -H 'content-type: application/json' \
  -H "Authorization: Bearer $TOKEN" \
  https://$DEPLOYMENT/api/rest/v1/incidents/list \
  -k --data '{}'

# Test audit log API
echo "Testing Audit Log API..."
curl -H 'content-type: application/json' \
  -H "Authorization: Bearer $TOKEN" \
  https://$DEPLOYMENT/api/rest/v1/audit-log/dataflow/list \
  -k --data '{}'

API Characteristics

Request Format

  • Method: POST for all endpoints
  • Content-Type: application/json
  • Authentication: Bearer token required

Response Format

  • Format: JSON
  • Structure: Consistent response objects with arrays and metadata
  • Pagination: Token-based pagination support

Rate Limiting

  • Requests per minute: 60
  • Concurrent requests: 5

Migration Path

For enhanced functionality and better performance, consider migrating to API v2.0:

  • Modern OpenAPI specification
  • Enhanced filtering capabilities
  • Better error handling
  • Additional endpoints and features
  • Improved documentation

See the API Comparison Guide for detailed differences between v1 and v2.

External Documentation

For additional technical details, see the complete API documentation: Cyberhaven API v1 Reference