Latest Updates: CB Predictive Security Cloud

REST API Authentication

Each user in CB Response has a personal API key. That API key confers all rights and capabilities assigned to that user to anyone possessing the API key. Therefore, treat your API key as you would your password. If the API Token is missing or compromised, you can reset the API key to generate a new token and revoke any previous API keys issued to a user.

To find a API key corresponding with a particular Carbon Black user account, log into the console as that user, then click the username in the upper right -> Profile info.

Then, click the “API Token” button on the left hand side to reveal the API token for the logged-in user. If there is no API token displayed, click the “Reset” button to create a new one.

For an API request to the CB server, add this key to a custom HTTP Request Header X-Auth-Token.

For example, to get the summary information for a binary with MD5 6D778E0F95447E6546553EEEA709D03C:

$ curl -H 'X-Auth-Token:15dd7c486d81899f64643d6618c47a4e5ccc5c01' -k
  "digsig_result": "Signed",
  "observed_filename": [
  "product_version": "5.1.2600.5512",
  "signed": "Signed",
  "digsig_sign_time": "2008-04-14T09:07:00Z",
  "orig_mod_len": 389120,
  "is_executable_image": true,
  "is_64bit": false,
  "digsig_publisher": "Microsoft Corporation",
  "file_version": "5.1.2600.5512 (xpsp.080413-2111)",
  "company_name": "Microsoft Corporation",
  "internal_name": "cmd",
  "_version_": 1457126999526998016,
  "product_name": "Microsoft\u00c2\u00ae Windows\u00c2\u00ae Operating System",
  "digsig_result_code": "0",
  "timestamp": "2014-01-13T14:49:55.189Z",
  "copied_mod_len": 389120,
  "server_added_timestamp": "2014-01-13T14:49:55.189Z",
  "md5": "6D778E0F95447E6546553EEEA709D03C",
  "legal_copyright": "\u00c2\u00a9 Microsoft Corporation. All rights reserved.",
  "original_filename": "Cmd.Exe",
  "file_desc": "Windows Command Processor"
Last modified on December 28, 2015