The Cato API is the primary automation interface for interacting with data and management functions on the Cato SASE platform. It uses GraphQL for flexible querying and efficient data retrieval, enabling both:
- Read-only operations (data extraction)
- Mutation operations (configuration changes)
For detailed schema reference, see the Cato API documentation: https://api.catonetworks.com/documentation/
The API endpoint is in the format: https://api.catonetworks.com/api/v1/graphql2
For a full overview of the API lifecycle and usage guidelines, see What is the Cato API
To authenticate requests to the Cato API, include an HTTP header named x-api-key in your API client. Set the value of this header to your Cato API key using the format: x-api-key: <api-key>. For example: x-api-key: abcdef12345. This header authorizes your request and grants access to the relevant Cato API endpoints based on the permissions associated with your key.
API keys and a sandbox environment will be provided after Cato’s approval of the integration scoping document.
Cato’s SLA for potentially breaking changes is documented in the Announcing and Managing Potentially Breaking Changes section of the What is the Cato API article.
APIs and fields planned for End-of-Life (EoL) are identified as deprecated in the API documentation. Where available, a recommended replacement and the scheduled EoL date are provided.
In addition, potentially breaking changes are communicated in the Cato API Potentially Breaking Changes and EoL article. Technology Partners are strongly encouraged to follow this article to receive notifications regarding upcoming schema updates and deprecations.
The rate limiting policy defines the maximum request throughput allowed per account and is designed to ensure platform stability and fair resource usage. Integrations should implement appropriate retry and backoff mechanisms to handle rate limit responses. For details, refer to the Understanding Cato API Rate Limiting article.
Below are the most common APIs used during early integration and data ingestion:
| Data Type | API | Purpose | Typical Use-Cases |
| Raw Events / Security Telemetry | eventsFeed | Recommended entry point for consuming raw event logs and security telemetry. | SIEM ingestion, security monitoring, compliance logging, threat detection. |
| Administrative Audit Logs | auditFeed | Retrieves audit logs for admin actions and configuration changes. | Compliance auditing, change tracking, governance monitoring. |
| Application & Flow Analytics | Provides application usage statistics and flow performance metrics over time. | Application monitoring, network performance analysis, usage reporting. | |
| Security Incidents / Alerts | stories | High-level insights into security incidents and correlated alerts. | SOC workflows, incident management, alert enrichment. |
| Traffic Metrics | accountMetrics | Traffic and usage metrics across sites and remote users. | Network usage analytics, capacity planning, and reporting dashboards. |
| Connectivity & Inventory Snapshot | accountSnapshot | Connectivity status and inventory information for sites, sockets, and users. | Infrastructure monitoring, topology visibility, and environment discovery. |
| Device Inventory & Attributes | Provides device inventory and associated attributes discovered by the platform. | Asset management systems, IoT/OT visibility, device classification, and inventory tracking. | |
| Socket Port Metrics | Provides current and historical metrics for socket interfaces and ports. | Infrastructure monitoring, link health monitoring, capacity planning, and network troubleshooting. |
For full API operation definitions and sample responses, refer to the Cato GraphQL API Reference.
To support development and integration workflows, Cato provides several reference resources:
- Cato GitHub Account - Sample code, API helper tools, Jupyter notebooks, Postman collections, and CLI utilities. Examples:
- data-analytics - Jupyter notebooks demonstrating eventsFeed use cases.
- cato-toolbox - General-purpose helpers for API consumption and testing, including Python code for fetching events.
- GraphQL Playground - A browser-based interactive tool for testing API queries. See Cato API from the GraphQL Playground for details.
- Cato Remote MCP Server - Enables integration with the Cato API using AI assistants and LLM-based tools via the Model Context Protocol (MCP). This allows interacting with Cato data using natural language or AI-driven workflows. For more information, see: Working with the Cato Remote MCP Server.
Partners can raise API related questions through
0 comments
Please sign in to leave a comment.