0%
NEURAL_LINK_ESTABLISHED
Initializing_System_Cortex.sh --run
Back to PlatformCortexEDR LogoCortexEDR DOCS
PlatformPricing

API Authentication

Learn how to authenticate with the CortexEDR API using API keys, manage permissions, and implement secure authentication patterns.

API Key Management

Creating API Keys

  1. Log in to your CortexEDR dashboard
  2. Navigate to Settings → API Keys
  3. Click "Create New Key"
  4. Set permissions and expiration date
  5. Copy and store the key securely

Key Permissions

Read: View scans and reports
Write: Create new scans
Admin: Full access + user management

Key Security

• Rotate keys regularly
• Use environment variables
• Never commit to version control
• Set appropriate expiration

Authentication Methods

Bearer Token (Recommended)

Include your API key in the Authorization header using Bearer token format.

Header Format

Authorization: Bearer sk_live_your_api_key_here

Query Parameter (Development Only)

For development and testing only. Not recommended for production use.

URL Format

https://api.cortex-edr.com/v1/scans?api_key=sk_live_your_api_key_here
⚠️ This method exposes your API key in server logs and browser history. Use only for development.

Rate Limiting

Rate Limits by Plan

100
Vibe Coder
requests/minute
500
Developer
requests/minute
2000
Enterprise
requests/minute

Rate Limit Headers

X-RateLimit-Limit - Max requests
X-RateLimit-Remaining - Remaining
X-RateLimit-Reset - Reset time

Handling Rate Limits

• Use exponential backoff
• Implement request queuing
• Cache responses when possible
• Monitor usage patterns

Authentication Errors

Common Errors

401 Unauthorized
Invalid or missing API key
403 Forbidden
Insufficient permissions
429 Too Many Requests
Rate limit exceeded

Error Response Format

{
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Invalid API key provided",
    "details": {
      "required_permissions": ["read"],
      "provided_permissions": []
    }
  }
}

Security Best Practices

🔐 Key Management

  • • Store keys in environment variables
  • • Use different keys for different environments
  • • Rotate keys every 90 days
  • • Use least-privilege permissions
  • • Never commit keys to version control

🛡️ Request Security

  • • Always use HTTPS
  • • Validate SSL certificates
  • • Implement request signing if needed
  • • Use idempotent operations when possible
  • • Log authentication failures

Environment Examples

.env

CORTEX_API_KEY=sk_live_your_key_here
CORTEX_BASE_URL=https://api.cortex-edr.com/v1

Docker

-e CORTEX_API_KEY=sk_live_your_key_here
-e CORTEX_BASE_URL=https://api.cortex-edr.com/v1

Quick Actions

→ Manage API Keys→ View Endpoints→ Setup Webhooks

API Key Types

Live Keys - Production use
Test Keys - Development only
Expired Keys - Rotate immediately

Testing Authentication

curl -H "Authorization: Bearer YOUR_KEY" https://api.cortex-edr.com/v1/scans

Should return 200 OK with your scan list

Support

→ Authentication Issues→ FAQ→ Contact Support