All VulnCheck platform API calls require a valid API token issued by VulnCheck.
The VulnCheck platform uses a token system that is shared by both the API and the portal. This shared token system allows you to use the API and web portal with the same token (and flip back and forth between the two) as well as manage your tokens in one place. This guide will walk you through the process of creating and using tokens.
To get started with making API calls to the VulnCheck platform, you need to issue a token to your account. To do so, follow the instructions below:
- Navigate to the Tokens & SSH Keys page.
- Click on the New Token button at top right.
- Enter a Label and choose a Token Icon to help remember what the API token is intended to be used for.
- Once you have created the token, you will be able to see the token value. Please note that this is the only time you will be able to see the token value. If you lose it, you will need to remove it and create a new token.
VulnCheck supports 3 ways of passing your token.
Adding it as a custom header as
Authorization: Bearer insert_token_here.
curl --request GET \ --url https://api.vulncheck.com/v3/index/initial-access \ --header 'Accept: application/json' \ --header 'Authorization: Bearer insert_token_here'
You can pass the API Token as a GET/URL parameter - making it easy to test tokens and browse endpoints in a browser.
curl --request GET \ --url https://api.vulncheck.com/v3/index/initial-access \ -d token=insert_token_here \ --header 'Accept: application/json' \
We allow the token to be passed as a cookie - this is actually how our web portal works, allowing you API access via the portal with full control of your tokens.
curl --request GET \ --cookie "token=insert_token_here" --url https://api.vulncheck.com/v3/index/initial-access \ --header 'Accept: application/json' \