API Tokens

The VulnCheck platform uses a token system that is shared by both the API and the portal. This shared token system allows you to use the API and web portal with the same token (and flip back and forth between the two) as well as manage your tokens in one place. This guide will walk you through the process of creating and using tokens.

Issue an API token

To get started with making API calls to the VulnCheck platform, you need to issue a token to your account. To do so, follow the instructions below:

1. Navigate to the Tokens & SSH Keys page.
2. Click on the New Token button at top right.
3. Enter a Label and choose a Token Icon to help remember what the API token is intended to be used for.
4. Once you have created the token, you will be able to see the token value. Please note that this is the only time you will be able to see the token value. If you lose it, you will need to remove it and create a new token.

Any token that has not been used for 30 days will expire.

Using the API Token

VulnCheck supports 3 ways of passing your token.

API Token via Bearer Authorization Header

Adding it as a custom header as Authorization: Bearer insert_token_here.

curl --request GET \
  --url https://api.vulncheck.com/v3/index/initial-access \
  --header 'Accept: application/json' \
  --header 'Authorization: Bearer insert_token_here'

API Token via Query Parameter

You can pass the API Token as a GET/URL parameter - making it easy to test tokens and browse endpoints in a browser.

curl --request GET \
     --url https://api.vulncheck.com/v3/index/initial-access \
     --header 'Accept: application/json' \
     --url-query token=insert_token_here

API Token via a JavaScript Cookie

We allow the token to be passed as a cookie - this is actually how our web portal works, allowing you API access via the portal with full control of your tokens.

curl --request GET \
     --url https://api.vulncheck.com/v3/index/initial-access \
     --header 'Accept: application/json' \
     --cookie "token=insert_token_here"