Accessing the Logpoint APIs¶

Logpoint supports RESTful APIs that allow you to configure alert rules across multiple Logpoints. These APIs also allow you to set up email and HTTP notifications, view repos and distributed Logpoint instances, and access lists. Logpoint supports the following APIs:

Component	Supported Actions
Alert rules API	Create Edit List View Delete Activate Deactivate
Email Notification for Alert rules	Create View
HTTP Notification for Alert rules	Create View
Repos API	Lists all Distributed Logpoints & their repos
User-defined Lists API	Create a static list by importing values through a CSV or TXT file List all the user-defined lists

Creating a JSON Web Token¶

To use the API, you must create a client-self-signed JWT (JSON Web Token) using Claims and Scope. The scope defines the actions to be performed using the token. For security and compliance, we recommend creating a separate token for each API.

To create a client-self-signed JWT:

Copy the API Access Key from My Preferences and the username of the intended user for the request.
Use the previously copied API access key and create a self-signed JWT token using any script or tools. If you re-generate the user’s secret key, the token will be invalid. The token must contain the following claims:

Claims¶

Claims	Type	Function
iss	string / URL	Value must be self-signed
iat	int / timestamp	Token issued date
exp	int / timestamp	Token expiry date
sub	string	Previously copied username
scope	string / space-separated terms	Actions performed by the token

Scope¶

Scope Name	Function
search:read	List all the user-defined lists
search:write	Import static lists
logsource:read	Lists the available distributed Logpoint and its repos
alertrules:write	Create, Update, Activate, Deactivate, and Delete alert rule Setup Email Notification and HTTP Notification
alertrules:read	Fetch details of Email Notification and HTTP Notification List alert rules for the logged-in user

Example of JWT token generator as a python script¶

This is a token_generator.py script used to create the token.

import jwt
import datetime
import argparse

def generate_jwt(sub, scope, secret, alg="HS256", iat=None, exp=None):
    """Generate a self-signed JWT with the given claims."""
    iat = iat or datetime.datetime.utcnow()
    exp = exp or (iat + datetime.timedelta(hours=1))
    payload = {"sub": sub, "scope": scope, "iat": iat, "exp": exp, "iss": "self-signed"}
    token = jwt.encode(payload, secret, algorithm=alg)
    return token

if __name__ == "__main__":
    parser = argparse.ArgumentParser(description="Generate a self-signed JWT.")
    parser.add_argument("--sub", required=True, help="Subject of the token")
    parser.add_argument("--scope", required=True, help="Space-separated list of scopes")
    parser.add_argument(
        "--secret", required=True, help="Secret key for signing the token"
    )
    parser.add_argument(
        "--alg", default="HS256", help="Signing algorithm (default: HS256)"
    )
    args = parser.parse_args()
    token = generate_jwt(args.sub, args.scope, args.secret, args.alg)
    print(token)

To generate a token:

python token_generator.py --sub=admin  --secret=<users secret key> --scope="user:read alertrules:write logsources:read alertrules:read search:read search:write"

The APIs follow a request-response model using JSON, and you can access using tools like cURL, Postman, or HTTP libraries. For HTTP client requests, Logpoint APIs require two request parameters:

Content-Type = application/json

Authorization = Bearer <TOKEN>

Helpful?