REST APIs Overview

CipherInsights exposes a set of REST APIs secured by API An API is a set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. keys. The APIs are described by an OpenAPI 3 specification (JSON/YAML). The spec defines endpoints, parameters, authentication, and data models, and can be used to view interactive docs, import into tools like Postman, and generate client code.

API Endpoints

Three discovery traffic analytics (DTA) are included:

DTA Discovery: Query observed network communications over time (clients, servers, ports, protocols, TLS TLS (Transport Layer Security) and its predecessor SSL (Secure Sockets Layer) are protocols for establishing authenticated and encrypted links between networked computers. posture, volumes). See GET DTA Discovery.
DTA Cert: Query certificates known to the platform (from traffic and/or trusted stores). See GET DTA Cert.
DTA Snapshot: Create, query, diff, and rename snapshots (saved results of Discovery or Cert queries). See POST DTA Snapshots, GET DTA Snapshots SnapshotID, POST DTA Snapshots SnapshotID Diff, and PUT DTA Snapshots SnapshotID.

An endpoint An endpoint is a URL that enables the API to gain access to resources on a server. is also included to return a cryptographic bill of materials (CBOM A CBOM (Cryptography Bill of Materials) is a structured inventory of the cryptographic elements in a software application—covering algorithms (e.g., AES-256, RSA-2048), libraries (e.g., OpenSSL, Bouncy Castle), and keys with supported sizes (e.g., RSA-2048, ECC-384). By formalizing this information, a CBOM provides a clear picture of a specific version’s crypto architecture, helps identify vulnerabilities or policy misalignments, and supports audits and compliance with standards such as NIST.) from observed network crypto assets and services (see GET CBOM).

Tip: The evidence page in the portal is a UI on top of the DTA APIs (see Evidence). Start there to prototype filters, then reuse the same parameters via API.

Request/Response Format

Requests: JSON body for complex parameters (filters, columns, sorts, time ranges).
Responses: JSON objects/arrays. Large result sets may be paginated (see next/cursor fields in responses, if present).

Common Request Headers

Use these headers on most requests to the Analytics Hub API—they handle authentication and tell the server what format you’re sending and expecting in return.

Table 9: Common Request Headers

Header Name	Header Value	Description
Accept	application/json OR text/csv	Use the Accept header to choose the response format: application/json:JSON payloads (e.g., POST/PUT with JSON). text/csv: Raw CSV uploads (when the API accepts CSV bodies). If you don’t send an Accept header, the API returns JSON by default.
Content-Length	Request length in bytes	Optional, but automatically generated by most clients.
Content-Type	application/json	HTTP header that tells the server the media type of your request body so it knows how to parse it.
x-api-key	[Your API key]	Authentication header (see Authenticating to the API).

Authenticating to the API

Authentication to the API is done using API keys. To acquire a key, see API Keys.

Include your API key in every request using the x-api-key header. For example:

x-api-key: <YOUR_API_KEY>

API keys inherit the roles you assign in the portal (principle of least privilege). If a call returns 403 Forbidden, the key’s roles likely lack a required permission.

Base URL and Versioning

All examples assume a base like:

https://<HUB-HOSTNAME>/api/v1/

Your actual base URL appears in the OpenAPI spec under servers.

Shared Concepts

Most query endpoints accept:

filter: SQL-like string (case-sensitive field names). Examples:

cipherKex = 'ECDHE'

byteVolume > 1000000

serviceName ~* 'mysql' (case-insensitive regex)

serverIp <<= INET '10.10.0.0/16'
columns: Which fields to return (and their order).
sorts: List of { field, direction }, where direction is ASC or DESC.

Errors & Troubleshooting

401 Unauthorized / 403 Forbidden: Missing key or insufficient roles. Assign needed permissions to the API key.
400 Bad Request: Malformed JSON or filter. Validate with the portal’s Evidence filter bar first; it uses the same grammar.
500 Server Error: Backend failure. Retry with a simpler filter; capture the response body (and request-id header if present) for Support.
507 Insufficient Storage: Dataset too large to return. Reduce scope with timeFrame, filter, limit, and offset; or request a large result via returnAsStream or returnAsZipFile.

Was this page helpful? Provide Feedback

Version v12.1.1

On this page: