The first step to interfacing with Cisco Vulnerability Management's API is to identify the base API URL that your Cisco Vulnerability Management subscription is hosted on. To determine where the host is, look at the format of the subdomain for your subscription. The format of your URL for the user interface will match that of the API base URL. If you're unsure of which API base URL is right for you, contact your Cisco Vulnerability Management's administrator or account team. The examples use api.kennasecurity.com.
You can find the API access base URL on the Settings > API Keys page.
Access to the API is controlled using a key, also referred to as a token. Administrators can grant and revoke API access to users and provide permissions to users to be able to generate their own keys. Administrators cannot grant or revoke API access to other administrators. For more information, see the Role Permissions and API Key Generation help articles.
Administrators can change API keys by logging in to the Cisco Vulnerability Management UI and clicking the settings menu in the upper right-hand corner and selecting API Keys. Administrators can create, change, or revoke API key access from this menu. API keys can be copied one time immediately after they are generated. If a user loses their key, they can generate a new key after an administrator has given them permission to do so.
All API requests must be made over HTTPS. Calls made over plain HTTP will fail. You must authenticate for all requests. To authenticate you must include a X-Risk-Token header with its value set to your API token. Given an example API key of SoL310X108mps, to do this with a curl request you would use the flag --header 'X-Risk-Token: SoL310X108mps'.
In ReadMe, the API key can be add in the Authentication section on the right side. That way, it will appear in all the API examples when using the "Try It!" button.
In bash or zsh shells, make sure you use single quotes to set environment varaibles. For example,
export KENNA_API_KEY='7apikey-with2dashes-and0a1period.'
In Windows, using DOS,
set KENNA_API_KEY=7apikey-with2dashes-and0a1period.