Reporting is an important part of your cybersecurity training, since it will give you insight into how your training progresses. As an administrator, you can always find and download reports for your Awareness and Phishing training directly on the platform.
Fetching that same data through our Report API is also possible. This way, you can integrate your cybersecurity training into your business in an automated setup.
The Demonstration Account
If you would like to play around with our API, you can use our demonstration account, which has a lot of demo data in the reports.
Account ID: c36a9951-a630-4f5a-b874-160d4fe00d6f
The access token for the account is:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImI2YjYzNjM0LTY2ZDMtNGU1MC05YjkzLTJlN2ZlNWZlOTlmMCIsImNvbnRleHQiOnsiaXAiOiI6OmZmZmY6MTcyLjMyLjguMjA5In0sImF1ZCI6ImxvbmdfbGl2ZWRfdG9rZW4iLCJpcCI6Ijo6ZmZmZjoxNzIuMzIuOC4yMDkiLCJpYXQiOjE3NDU0NzcyNTcsImV4cCI6MTc3NzAxMzI1NywiaXNzIjoiQ3liZXIgUGlsb3QifQ.4FArir-Ni67Ht7dxQXTmZZtFqL_AHEl3SN7pG5Hb8-s
Authentication
New and improved workflow
We are adding support for long-lived access tokens, so the steps below will soon change. As the long-lived access token makes it much easier to connect to our API, we encourage you to start using this today.
To obtain a long-lived access token, you need to get your Customer Account Manager to share one with you - we will soon introduce an interface at the platform, were you can manage these tokens yourself.
Step 1: Activate the API
To get access to the Report API, you must first activate the API.
Go to "Account" and select the API pane.
Then, activate the API by enabling the toggle.
Your API is now activated, and ready to use.
Step 2: Obtaining an Access Token
To communicate with the API, you first must obtain an Access Token.
The Access Token will authorize you with the API and grant access to the endpoints you will communicate with.
You can get the Access Token by sending a POST request to the Authentication URL, with the following body parameters:
- grant_type: must be set to "password"
- client_id: Copy from the API section in your account
- client_secret: Copy from the API section in your account
- username: Copy from the API section in your account
- password: Copy from the API section in your account
This request will return a JSON object with the Access Token available in the access_token property. See the image below:
Important: The access token will expire in 6 minutes.
Using the Access Token
For all requests to our API endpoints, you must have a valid, non-expired Access Token in the Authorization header.
The Access Token must be prefix with “bearer ”, so the full header will be: Authorization: bearer <ACCESS_TOKEN>.
Refreshing the Access Token
When your Access Token is expired, you can either obtain a new Access Token by sending a new request (as explained in the section above), or you can use the refresh token.
To use the refresh token, send a request to the Authentication URL, with the following body parameters:
- grant_type: refresh_token
- client_id: Copy from the API section in your account
- client_secret: Copy from the API section in your account
- refresh_token: Copy from the access token request
This request will return a JSON object with the Access Token available in the access_token property.
These articles will help you fetch data from our Report API.
- API: User Summary
- API: Awareness Training Summary
- API: Awareness Training Course Overview
- API: Fetch Phishing Training Metrics
- API: Retrieve Phishing Campaign Summary
- API: List All Phishing Training Campaigns
- API: Get Results for Specific Phishing Training Campaign
- API: Integration With PowerBI
Still have a question?
Contact us at support@cyberpilot.io