Permissions for public API endpoints
The Intelligence Center offers a public API to make it easier to automate data exchange workflows and processes with external systems.
Intelligence Center permissions control also access to the endpoints the public API exposes.
You can configure dedicated users and groups for automation tasks that interact with external components or systems, such as in Intelligence Center integration implementations.
In this case, make sure that:
Automation roles have the appropriate set of permissions to access the API endpoints whose resources they are supposed to consume.
Automation users are granted the appropriate roles to access the API endpoints whose resources they are supposed to consume.
Automation users are assigned to the appropriate groups to access the Intelligence Center assets and resources they are supposed to consume.
The following table shows the permissions that public API endpoints require to allow access.
REST API endpoint |
HTTP method |
Permission |
/api/datasets/ |
GET |
read intel-sets |
/api/datasets/${int:id} |
GET |
read intel-sets |
/api/enrichers/ |
GET |
read enrichers |
/api/enrichers/${int:id} |
GET |
read enrichers |
/api/enrichment-tasks/${uuid:id} |
GET |
read tasks |
/api/entities/ |
GET |
read entities |
/api/entities/ |
POST |
modify entities |
/api/entities/${uuid:id} |
GET |
read entities |
/api/entities/${uuid:id}/enrich |
POST |
modify entities |
/api/entities/${uuid:id}/enrichers |
GET |
read entities |
/api/entities/latest |
GET |
read entities |
/api/observables/ |
GET |
read extracts |
/api/observables/ |
POST |
modify extracts |
/api/observables/${int:id} |
GET |
read extracts |
/api/observables/${int:id} |
PATCH |
modify extracts |
/api/observables/${int:id}/enrich |
POST |
modify entities |
/api/observables/${int:id}/enrichers |
GET |
read extracts |
/api/sources/ |
GET |
read sources |