Creating Public API Clients
If you need to consume Secureworks® Taegis™ VDR’s public OpenAPI-compatible API, this section will guide you through the steps necessary to get VDR’s data through OAUTH2 authentication mechanism.
Create an Applicative User in VDR ⫘
We recommend you do not mix API access to applicative users and regular users in VDR. Creating a new user dedicated to API access, with rights that are limited to the scope of these accesses, is the best way to proceed.
Refer to the VDR’s User Guide section on creating new users and adding members to a team using the correct team access rights to better scope how this user should be created.
Get a Client Secret and Client ID for this Applicative User ⫘
Once the dedicated applicative user is created, generate a new OAUTH2 API Client ID and Secret:
- Access the System menu by selecting the Account circle in the upper right, and then choose Settings.
VDR Settings
- Select Public API Clients from the System Settings box.
- From the Public API Clients panel, select Add Public API Client at the upper right corner and then configure the following parameters:
- Description — Choose a description for your Public API Client in order to remember the reason you created it. It will be visible in the interface afterwards.
- Scopes — Choose from
read_only
(only GET supported) or BOTHread_only
andfull_access
to combine GET, POST, PATCH, etc. - Redirect URIs — Dependent on the application with which you will use VDR’s Public API. It is usually documented by the application itself when accessing OpenAPI through OAUTH2.
Note
The Redirect URI (also named “callback URI“) depends on the application with which you will use VDR’s Public API. Choose the one that corresponds to your need, usually documented by the application consuming the OpenAPI through OAUTH2.
If you’re unsure or just want to try the API using Swagger UI, you can start with the following URLS:
https://<YOUR_INSTANCE>.vdr.secureworks.com/assets/api-doc/oauth2-redirect.html
https://<YOUR_INSTANCE>.vdr.secureworks.com/legacy/assets/api-doc/oauth2-redirect.html
You can place both URLS in the redirect field. One URL per line.
Redirect URI
Once created, the credential displays with the Client ID and Client Secret that you must record for future use in your API authentication.
Public API Client Credentials
Tip
Navigate to Settings and choose Access Tokens from Personal Settings to view what tokens are in use and manage whether their access should be deleted.
Access Tokens