Issue
User is receiving a 403 Forbidden response from the Red Canary API, or unsure what Authentication method or API Key:Value to specify in the headers of an API call.
Environment
Red Canary API
Resolution
Your API call headers should use API Key format for authentication, with X-Api-Key as the key name and your Red Canary API token as the value. Examples:
curl --request GET \ --url https://<MySubdomain>.my.redcanary.co/openapi/v3/managed_portal_users \ --header 'x-api-key: <MyRedCanaryTokenHere>'
If your headers are correct and the request is still failing with 403 errors, ensure the user who owns the API Key has an appropriate User Role assigned for the operation being performed. See Understand and Assign Roles for a breakdown of what each Role grants access to.
You may need to regenerate your API Key if all other root causes have been ruled out.
For more details on API authentication, see How to Authenticate to the Red Canary API.
Cause
Red Canary uses a custom header name for API key authentication. If a call is attempted using any other authentication format, like bearer or basic auth, or the token is invalid, the API will respond with a 403 error. The User Roles assigned to a user directly affect the permissions of that user's generated API token.
Comments
0 comments
Please sign in to leave a comment.