Tokens
The Settings > API > Tokens page displays the user name, Token ID and creation date for all API Access Tokens that have been generated. Every scripted API call requires authorization using an API Token. Every user has a pre-generated token.
For developer convenience, the API is also accessible with cookie based authentication, made available to present the API root and documentation. However, it is forbidden to code API calls using cookie based user and password authentication and Token based authentication is required in this case (each request will also be processed faster this way).
Working with Tokens:
1. | When you open the Tokens page, the Token is truncated. |
2. | To expand the Token, click the ellipsis. |
Truncated Token
Expanded Token
3. | Click a Token in the grid to delete the Token. |
Delete a Token
4. | Click ![]() |
The token must be specified using the HTTP “Authorization” header. For example:
Authorization: Token 8f82bd5574a425bdf867b243917a24d16fbf0079
A full example using the “curl” program is shown below:
curl -H "Authorization: Token 8f82bd5574a425bdf867b243917a24d16fbf0079" -H "Content-Type: application/
json" https://api.app.secunia.com/api/xml-feed/?feed_type=asset_list&asset_list_id=4&days=1
This example will get you the last 24 hours advisory information for Watch list 4. You can find all possible combinations on the XML Feeds settings page.
curl ‐H "Authorization: Token 8f82bd5574a425bdf867b243917a24d16fbf0079" ‐H "Content‐Type: application/json" https://api.app.secunia.com/api/tickets/
However, Flexera recommends calling full collection GET only once and then doing differences where the API allows. Please refer to for further information.
Note:You must use the authorization token for requests made programatically.
While browsing the interface, the request works because cookie based authentication has been enabled for developer convenience. However, the usage of cookie based authentication for your own scripts is forbidden. Please use token based authentication instead.