This article explains how to generate an API key for the read-only and for the mutation Cato APIs.
The API Keys page lets you generate API keys in the Cato Management Application that are used to authenticate to the Cato API server. Enter the API key for an API client (such as Postman or Altair) or for scripts to run API calls for authentication to Cato.
Cato supports two types of API calls:
-
View permissions - Perform read-only API calls to retrieve data for your account
-
Edit permissions - Perform write API calls to make changes to your account
Make sure that you copy the API key from the pop-up window. Once you close the pop-up window, you can't access the key again.
Note
Note: If you are using the eventsFeed API to ingest event data, make sure to select Enable integration with Cato events in the Resources > Event Integrations page.
Adding API Keys to an API Client
To authenticate requests to the Cato API, include an HTTP header named x-api-key in your API client. Set the value of this header to your Cato API key using the format: x-api-key: <api-key>. For example: x-api-key: abcdef12345. This header authorizes your request and grants access to the relevant Cato API endpoints based on the permissions associated with your key.
Managing API Keys
The API Keys page shows you the API keys for your account. You can use this screen to generate and revoke API keys. The Name for the API key is only used to identify each key and isn't used as part of the authentication process.
Generate the key for the Cato API and then paste it in the API client or script.
To generate an API key:
-
In the navigation menu, click Resources > API Keys.
-
Click New. The Create API Key panel opens.
-
Enter a Key Name.
-
Select the API Permission for this key.
-
(Optional) Select a date that the API key Expires at.
For API keys with Edit permissions, we recommend setting a date that the API key will Expire at.
-
(Optional) For additional security, in Allow access from IPs, select Specific IP list, and define the IP addresses that are allowed to use this API key.
The default setting is to allow this API key for Any IP address.
-
Click Apply. The API key is added and a popup window containing the new API key is displayed.
-
Click
(Copy) and copy the API Key that is generated by the Cato Management Application and save it to a secure location.
Once you close this window, you can't access the value for the API key.
-
Click OK to close the pop-up window.
You can revoke the API key and remove it from the Cato Management Application. Once revoked, the key can't be used to authenticate to the API server.
6 comments
Added information about API keys for the Cato Configuration API.
It would be better if we could configure IPs using specific Subnet in “Allow access from IPs”
Is it not possible at this time to add a range / subnet of IP's to whitelist for those cloud applications?
nazmul.hossain and Rafael Escobar excellent suggestions. Currently you can only define single IPs, but I let Product Management know about the recommended enhancement. Thanks!
Would it be possible to update the content on this page? There is a dependency of “make sure to select ‘Enable integration’ in the Events Integration tab”, and the first image under Managing API Keys, shows a field Enable CATO Events API which I believe there is no longer available and can lead to confusion.
Also a second there to ask the “Allow access from IPs” using a subnet and that the configuration can be editable since that can change, and requires to generate a new Key if one of the IPs changes or we need to add a new IP.
José Luis Fernandes Esteves - Thank you for letting us know that this article was out of date, I updated it and it now shows the correct information.
Regarding ‘Allow access from IPs’, an excellent suggestion! I forwarded it to Product Management, and I also suggest that you open an RFE.
Please sign in to leave a comment.