Authentication
API Keys
Continuous Dynamic APIs use API keys to authenticate requests. Each user account may generate a unique 32-character Web API Key, which is used to authenticate API requests. You can create, view, and manage your API keys in the My Profile area of the Continuous Dynamic Portal. The Web API key is intended for use inside the applications that are accessing the API. It is not intended for accessing the API through your browser.
When making a request, failure to provide an API key, or provision of a wrong or outdated key, results in an error.
Protect your API Key
Your key is the equivalent of a username and password that grants access to all of your vulnerability data. Treat it as carefully as any other password. Black Duck strongly recommends that you never use your API Key in your browser. It is intended only for use when accessing the API programmatically.
Obtaining an API Key
There are three methods of obtaining your API key:
- Generating an API key in the Continuous Dynamic Portal using your password.
- Generating an API key in the Continuous Dynamic Portal with single sign-on (SSO).
- Using an API call.
Generating an API Key in the Continuous Dynamic Portal using your Password
- Log in to the Continuous Dynamic Portal using your username and password. You can find links to the Continuous Dynamic Portal at the top of this page.
- Click My Profile at the upper-right.
- On the My Profile page, select the API Key sub-tab.
- Enter your password in the Verify password field.
- Click Authenticate to display your API key. If you have not requested your API key before, a key is generated for you.
Generating an API Key in Continuous Dynamic with SSO
- Log in to the Continuous Dynamic Portal using SSO.
- Click My Profile at the upper right.
- On the My Profile page, select the API Key sub-tab.
- Your account requires additional authentication. Select either Request Code by SMS or Request Code by Call. Your authentication code is provided through the option you selected.
- Ensure that the confirmation banner is displayed at the top of the screen, which confirms that the code has been sent.
- Once the code is received, enter it in the Code field.
- Your key is now displayed in the API key text field. If you have not requested your API key before, a key is generated for you.
Generating an API Key through the API
Alternatively, you can use the following API request along with your Continuous Dynamic password to request content. Note that this method is not supported if you are using SSO but do not have a Continuous Dynamic password.
PUT /api/user/{userID}/api_key
Regenerating Your API Key
From time to time, it may be necessary to regenerate your existing API key. To do so, first display your existing API key by following one of the procedures above. Then, click Regenerate API key to generate and display a new API key.
For full instructions, see Regenerating Your API Key in the main documentation.
Using an API Key in Request Headers
With API key auth, you send a key-value pair to the API in the request headers parameter. Following is an example of how your valid API key can be used to authenticate any request to one of the Continuous Dynamic APIs.
Postman Example: Using an API Key in Request Headers
- In your Postman application, click the request Authorization tab.
- Select API Key from the Type dropdown.
- Enter your key name in the Key field.
- Enter your API key in the Value field.
- Select Header from the Add to dropdown.
You can store your values as variables for additional security. Postman will append the relevant information to your request Headers or the URL query string. Refer to the following Blog for security considerations when working with API keys in Postman:
Updated about 1 month ago