General Usage

Owned by Gilad Sharaby
Last updated: Nov 14, 2022 by Elad Munitz (Deactivated)
1 min read

Overview

Using Infinipoint API, allows you to run queries and perform actions on your managed devices.
Some examples:

  • Assets queries - Get device data, installed software, associated users, etc.

  • Running actions (saved scripts)

  • Search for vulnerabilities details, device association, etc.

Infinipoint API supports HTTP Protocol version 1.1 or later.
While some calls may work with the deprecated 1.0 version, it is not guaranteed. Please ensure your client communicates using version 1.1 and up.

Generating a JWT token / Access key

In order to generate an API key, you will need admin privileges (or an appropriate custom role).
Refer to the API Keys documentation page for more details.

API Endpoint

Infinipoint API URL: https://console.infinipoint.io/api/

API Authentication and Request Headers

Infinipoint API uses JSON Web Token (JWT) for authentication.
JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object.

Using your private key (provided by Infinipoint), allows you to sign the request with an Elliptic Curve Digital Signature Algorithm (ECDSA) using the ES256 algorithm.
The encoded payload must the contain the following fields:

Field Name

Field Value

Field Name

Field Value

iat

The current time in Unix time (Epoch time). This will be used to validate the signature time.
Each token is only valid for the amount of time requested by the user on creation of the private key (between 1-15 minutes).

sub

The accessKey field associated with the private key (22 characters string associated with the private key)