Authentication
When you access the Coro Console web interface, you present your credentials to login. In the same way, to use the Coro API you must first authenticate your connection and obtain a session token. Then, each request to the API uses this token to demonstrate the validity of the requesting user.
Obtaining a token
To obtain a token for use with the Coro API, you require a Client ID and accompanying Secret credential pair. To generate credentials, log in to your workspace in the Coro console and navigate to Control Panel > Connectors > API Credentials. For more information, see our Product Documentation.
note
These credentials are not the same as your Console username and password.
Use these credentials in a POST request to the Client Authentication Endpoint (/oath/token) which, if successful, returns a response containing a bearer token, valid for 24 hours.
For example:
curl -i -X POST \
https://api.secure.coro.net/oauth/token \
-H 'Content-Type: application/json' \
-d '{
"client_id": "2qDgzSrZxnUCs4jqmfdEP5MVkEmA3Uak",
"client_secret": "9c9Dabz5nQT65LXfYt_61wxb9UssT7tpzTM-gVB4RJZB9gKDf1_TjO6o3eLcBaba",
"audience": "https://secure.coro.net/api",
"grant_type": "client_credentials"
}'const resp = await fetch(
`https://api.secure.coro.net/oauth/token`,
{
method: 'POST',
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify({
client_id: '2qDgzSrZxnUCs4jqmfdEP5MVkEmA3Uak',
client_secret: '9c9Dabz5nQT65LXfYt_61wxb9UssT7tpzTM-gVB4RJZB9gKDf1_TjO6o3eLcBaba',
audience: 'https://secure.coro.net/api',
grant_type: 'client_credentials'
})
}
);
const data = await resp.json();
console.log(data);Take a look at the response body for the token string:
HTTP/1.1 200 OK
Content-Type: application/json
Date: Thu, 08 Jun 2023 09:41:29 GMT
X-Coro-Trace-Id: abcdefghifk
Transfer-Encoding: chunked
{"access_token":"TRDNxdkVHYms0R2U1IiwiaWF0IjoxNjTRDNxdkVHYms0R2U1IiwiaWF0IjoxNjTRDNxdkVHYms0R2U1IiwiaWF0IjoxNjTRDNxdkVHYms0R2U1IiwiaWF0IjoxNjTRDNxdkVHYms0R2U1IiwiaWF0IjoxNj.dcukG0cw3eh4jqEMCwxZ2N3mziZ2hpFbv4--VYrXA3Q","token_type":"Bearer","expires_in":86400}%warning
Keep a secure note of the token, this enables your API access for the next 24 hours.
Using a token
When performing a request against a particular endpoint, set an Authentication header containing your bearer token.
You also set a Workspace header containing the Workspace ID against which you want to execute the request.
For example:
curl -i -X GET \
'https://api.secure.coro.net/v1/tickets?ticketIds=string&ticketTriggers=malwareInCloudDrive&processed=true&fromTime=0&toTime=0&page=0&pageSize=20' \
-H 'Authorization: Bearer TRDNxdkVHYms0R2U1IiwiaWF0IjoxNjTRDNxdkVHYms0R2U1IiwiaWF0IjoxNjTRDNxdkVHYms0R2U1IiwiaWF0IjoxNjTRDNxdkVHYms0R2U1IiwiaWF0IjoxNjTRDNxdkVHYms0R2U1IiwiaWF0IjoxNj.dcukG0cw3eh4jqEMCwxZ2N3mziZ2hpFbv4--VYrXA3Q' \
-H 'Workspace: <WORKSPACE_ID>'const query = new URLSearchParams({
ticketIds: 'string',
ticketTriggers: 'malwareInCloudDrive',
processed: 'true',
fromTime: '0',
toTime: '0',
page: '0',
pageSize: '50'
}).toString();
const resp = await fetch(
`https://api.secure.coro.net/v1/tickets?${query}`,
{
method: 'GET',
headers: {
Workspace: '<WORKSPACE_ID>',
Authorization: 'Bearer TRDNxdkVHYms0R2U1IiwiaWF0IjoxNjTRDNxdkVHYms0R2U1IiwiaWF0IjoxNjTRDNxdkVHYms0R2U1IiwiaWF0IjoxNjTRDNxdkVHYms0R2U1IiwiaWF0IjoxNjTRDNxdkVHYms0R2U1IiwiaWF0IjoxNj.dcukG0cw3eh4jqEMCwxZ2N3mziZ2hpFbv4--VYrXA3Q'
}
}
);
const data = await resp.text();
console.log(data);