September 2020 Update: All-new Webhook and API Key Management

September 2020 Update: All-new Webhook and API Key Management

Our September update provides you with self-service API key management from the SIGNL4 web portal. Finally, you can fully exploit our comprehensive REST API. We also improved management of outbound webhook which can update your systems with any information on Signl handling.

API Key Management

It is now possible to manage API keys for the SIGNL4 API in the SIGNL4 account portal. Click on the “Developer” menu item to manage API keys.

Keys issued here can then be used to call SIGNL4 REST API functions. So now, you can build automations with SIGNL4 or integrate it more deeply with your system landscape.

API Key Security

Some details on security features of SIGNL4 API keys:

  • For security reasons a limited validity of the keys is supported. Once they expire, they can no longer be used
  • It is possible to issue keys with read-only access or with full access (read/write)
  • When creating a key, it is displayed ONCE to you and you need to copy and store it safely.  You won’t have access to the full key again as we don’t store it in plain text.
  • When a key has been compromised, you can renew/recreate it. The old key becomes invalid and can no longer be used

How to use an API key

This is quite simple: the API key must be specified in a special HTTP header called “X-S4-Api-Key”. Below is a small request/response example with which all users of a SIGNL4 team are retrieved:

ANFRAGE:
GET https://devapi.signl4.com/api/users HTTP/1.1
Host: devapi.signl4.com
Connection: keep-alive
X-S4-Api-Key: f1a8d5a514572fd4f2f7i1958141d7930d92738n97b4e5af7fab0d1e8468d803
Content-Type: application/json
ANTWORT:
HTTP/1.1 200 OK
Content-Length: 1159
Content-Type: application/json; charset=utf-8
Server: Microsoft-HTTPAPI/2.0
Date: Thu, 10 Sep 2020 07:44:24 GMT

[{"id":"f0bd5063-9588-41cf-b3d9-94e5647dedc5","subscriptionId":"0acf8014-22f2-4503-88d7-f7d05b46744f","name":"Rene 🇩🇪","mail":"rene@signl4.com","isDeactivated":false,"isInvite":false,"colorIndex":0,"dutyInfos":{"lastChange":"2020-09-04T14:00:13Z","onDuty":false,"onManagerDuty":false,"overdue":false}},{"id":"c0fa968a-7d3e-4fe6-90e6-09961af3f700","subscriptionId":"0acf8014-22f2-4503-88d7-f7d05b46744f","name":"Ron","mail":"ron@signl4.com","isDeactivated":false,"isInvite":false,"colorIndex":2,"dutyInfos":{"lastChange":"2020-07-06T22:00:04Z","onDuty":false,"onManagerDuty":false,"overdue":false}}]

Improved Webhook Management

We’ve also update management of outbound webhooks. As you might know, SIGNL4 can send notifications to external applications via webhooks about these events. It is now possible to name a registered webhook, making it easier for you to remember which system or application it is addressing.

You can now also temporarily deactivate an outbound webhook. Such webhook will no longer be triggered, for instance in case of maintenance work or reconfiguration is happening.

We are confident that this is major step in enabling a broader use of SIGNL4 and much better integration into your workflows, applications, and services. Happy exploring!

 

Related Posts

The Ultimate Guide to Automating and Mobilizing Your Secops Processes with Derdack SIGNL4 and Microsoft Sentinel

May 24, 2023

The Dangers of Alert Fatigue: Strategies for Effective Alert Management

April 26, 2023

Alarm Notification Software: SIGNL4 is test winner

April 17, 2023

April 2023 Update – Central integration management with event distribution rules, global API keys and much more

April 11, 2023