Team: Security Awareness Training (SAT)
Product: SAT
Summary: The Huntress Managed SAT API is a REST API using the JSON:API standard, designed for channel partners to manage authorized accounts. Access requires specific setup steps focusing on OAuth2 authentication.
Huntress SAT API Access and Authentication
Our full API guidance for the Huntress SAT API can be located in our Huntress SAT API guide. A few of the beginner steps are listed below, but please refer to the link provided just above for full guidance.
1. Enabling API Access
- Requirement: API access must be enabled on your account before proceeding.
- Action: Contact your account manager or support@huntress.com to enable access.
2. Creating an API Client (OAuth Client)
The API uses OAuth2 for authentication. An API Client is necessary to obtain tokens.
- Location: After access is enabled, navigate to Settings / API Clients and click Create Client.
-
Required Information:
- Client Name
- Client Type (See Section 3)
- Redirect URL (Only for Authorization Code Clients)
-
Output: Upon creation, you will receive a
client_idand a highly sensitiveclient_secret. Both are required for obtaining access tokens and must be kept secure.
3. Selecting a Client Type
The Client Type dictates how access tokens are obtained and is determined by the use case.
| Client Type | Use Case | Token Acquisition | Key Features |
|---|---|---|---|
| Client Credentials | Accessing your own data or data for accounts you manage. | Single POST request (no user required). |
Tokens have the same access level as the user who created the client. Suitable for end customers and managing partners. |
| Authorization Code | Accessing data from customer accounts you do not manage (third-party access). | Requires a user to be present to approve the initial connection. | Provides an access_token and a refresh_token. A refresh strategy must be implemented to maintain connection without continuous user interaction. |