General
Using Infinipoint’s API, you will be able to run queries and perform actions (such as running scripts) on your managed devices.
For example:
Assets queries - Get device data, installed software, associated users, etc.
Running actions (saved scripts)
Search for vulnerabilities details, device association, etc.
Infinipoint’s API supports HTTP Protocol version 1.1 or later.
While some calls may work with the deprecated 1.0 version, this is not guaranteed. Please ensure that your client communicates using at least version 1.1.
API Endpoint
Infinipoint API URL: https://console.infinipoint.io/api/
API Authentication and Request Headers
Infinipoint’s API uses JSON Web Token (JWT) for authentication.
JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object.
Using your private key (will be provided by Infinipoint), you will need to sign the request with an Elliptic Curve Digital Signature Algorithm (ECDSA) using the ES256 algorithm.
The encoded payload must the contain the following fields -
...
Field Name
...
Field Value
...
iat
...
The current time in Unix time (Epoch time). This will be used to validate the signature time.
Each token is only valid for the amount of time requested by the user on creation of the private key (between 1-15 minutes).
...
sub
...
The accessKey field associated with the private key (22 characters string associated with the private key)
| Child pages (Children Display) | ||
|---|---|---|
|
...