About this task
Randori's REST API uses bearer auth tokens for authentication. So, you'll need to create a token
to leverage the API.
Here's a walkthrough on how to do that:
Procedure
- Login to the Randori Dashboard. You'll need Admin permissions on your account to create
a token.
- Select Settings (the gear icon) on the leftmost navigation bar.
- Click API.
- Scroll down the page and select Create API Token.
- Add a meaningful token name in the API Token Label
field.
- Select the appropriate permissions (they map to the same Managing Users and Permissions).
-
Observe: this will grant READ ONLY access to public reconnaissance
data
-
Recon: this will grant READ and WRITE access to public reconnaissance
data, allowing the token to update Status, Impact, Tags, Comments, and Add Affiliations
-
Attack: this will grant READ and WRITE access to INTERNAL reconnaissance
data and attack activity, allowing for Authorization of Targets into scope
- Click Create.
- A popup with your API token will appear. Please note it somewhere safe because there's
no way to access that secret again.