ExtraHop Explore REST API Guide

Introduction to the ExtraHop Explore REST API

The ExtraHop REST application programming interface (API) enables you to automate administration tasks on your ExtraHop Explore appliance. You can send requests to the ExtraHop API through a Representational State Transfer (REST) interface, which is accessed through resource URIs and standard HTTP methods.

You can automate administration tasks on the Explore appliance such as registering a new license, replacing the SSL certificate, restarting a process, or updating the running configuration file.

When a REST API request is sent over HTTPS to an Explore appliance, that request is authenticated and then authorized through an API key. After authentication, the request is submitted to the ExtraHop system and the operation completes.

The Explore appliance provides access to the built in ExtraHop API Explorer tool, which enables you to view all of the available system resources, methods, properties, and parameters. The API Explorer tool also enables you to test out API calls directly on your Explore appliance.

Note:This guide is intended for an audience that has a basic familiarity with software development and the ExtraHop system.

ExtraHop API requirements

Before you can begin coding against the ExtraHop REST API or performing operations through the ExtraHop API Explorer, you must meet the following requirements:

  • Your ExtraHop appliance must be configured to allow API key generation for the type of user you are (remote or local).
  • You must have a user account with appropriate privileges set for the type of tasks you want to perform.
  • You must have access to the ExtraHop appliance.

Get started

If you have a user account for your ExtraHop appliance, you can connect to the ExtraHop API Explorer and begin browsing through the available resources.

  1. From the Access Setting section, click API Access.
  2. On the API Access page, click REST API Explorer.
  3. Locate a resource you want and click List Operations to view all operations that you can perform on that resource.
  4. Click an operation name to view implementation information such as parameters, response class and messages, and JSON model and schema that are applicable to the operation.

Access and authenticate to the ExtraHop REST API

Administrators, or users with full system privileges, control whether users can generate API keys. For example, you can prevent remote users from generating keys or you can disable API key generation entirely. When this functionality is enabled, API keys are generated by users and can be viewed only by the user who generated the key.

After you generate an API key, you must append the key to your request headers. The following example shows a request that would retrieve metadata about the firmware running on the ExtraHop appliance:

curl -i -X GET --header "Accept: application/json" \
--header "Authorization: ExtraHop apikey=2bc07e55971d4c9a88d0bb4d29ecbb29" \
"https://<hostname-or-IP-of-your-ExtraHop-appliance>/api/v1/extrahop"

Manage API key access

Users with full system privileges can manage which users are able to generate API keys on the ExtraHop appliance.

  1. Log in to the ExtraHop Admin UI through the following URL: https://<hostname-or-IP-of-your-ExtraHop-appliance>/admin
  2. In the Access Settings section, click API Access.
  3. In the Manage Access section, select one of the following options:
    • Allow All User Generated API Keys: Local and remote users can generate API keys.
    • Local Users Only: Only local users can generate API keys.
    • No API Keys Allowed: No API keys can be generated by any user.
  4. Click Save Settings.

Generate an API key

After you log into the ExtraHop appliance, if API key generation is enabled, you can generate an API key.

  1. In the Access Settings section, click API Access.
  2. In the API Keys section, type a description for the key, and then click Generate.
  3. Copy the API key and paste the key into the REST API Explorer or append the key to a request header.

Delete an API Key

You can delete an API key from the ExtraHop appliance.

  1. In the Access Settings section, click API Access.
  2. In the Keys section, click the delete (X) icon next to the API key you want to delete.
  3. Click OK.

Enable CORS for the ExtraHop REST API

Cross-origin resource sharing (CORS) allows you to access the ExtraHop REST API across domain-boundaries and from specified web pages without requiring the request to travel through a proxy server.

You can configure one or more allowed origins or you can allow access to the ExtraHop REST API from any origin. Only administrative users with full system privileges can view and edit CORS settings.

View CORS settings

In the Access Settings section, click API Access.
The CORS Settings section displays the following settings:
  • The list of URLs that can access the REST API.
  • The status of the Allow API requests from any Origin option.

Add an allowed origin

You can configure one or more allowed origins or you can allow access to the ExtraHop REST API from any origin.

  1. In the Access Settings section, click API Access.
  2. In the CORS Settings section, specify one of the following access configurations.
    • To add a specific URL, type an origin URL in the text box, and then click the plus (+) icon or press ENTER.

      The URL must include a scheme, such as HTTP or HTTPS, and the exact domain name. You cannot append a path; however, you can provide a port number.

    • To allow access from any URL, select the Allow API requests from any Origin checkbox.
      Note:Allowing REST API access from any origin is less secure than providing a list of explicit origins.
  3. Click Save Settings and then click Done.

Delete an allowed origin

You can delete a URL from the list of allowed origins or disable access from all origins.

  1. In the Access Settings section, click API Access.
  2. In the CORS Settings section, modify one of the following access configurations.
    • To delete a specific URL, click the delete (X) icon next to the origin you want to delete.
    • To disable access from any URL, clear the Allow API requests from any Origin checkbox.
  3. Click Save Settings.

Learn about the ExtraHop REST API Explorer

The ExtraHop API Explorer is a web-based tool that enables you to view detailed information about the ExtraHop REST API resources, methods, parameters, properties, and error codes. Code samples are available in Python, cURL, and Ruby for each resource. You also can perform operations directly through the tool, which are performed on your ExtraHop and return information about your network.

Note:Be cautious when clicking the Try it out! button, because the operation is performed on your ExtraHop appliance.

View resource information

Click on any resource group in the ExtraHop REST API Explorer to view information about the available operations and the expected URL syntax for the resource.

The following options enable you to manage the information displayed on the main page.

Show/Hide: Expands and collapses information about the resource.

List Operations: Expands information about the resource operations.

Expand Operations: Expands information about all of the resource operations. Clicking the method or path of the expanded operation will collapse the additional information.

View operation information

From the ExtraHop REST API Explorer, you can click on any operation to view additional configuration information for the resource.

The following table provides information about the sections available for resources in the REST API Explorer. Section availability varies by HTTP method; not all methods have all of the sections listed in the table.

Section Description
Implementation Notes Provides all of the fields for the request body and supported values for each field.
Response Class Provides the response code and type for successful requests.
Parameters Provides information about the available query parameters.
Response Messages Provides additional information about the possible HTTP status codes for the resource.
Model Provides the JSON body objects and descriptions.
Model Schema Provides the JSON body schema. Red text indicates user-defined text values. Green text indicates Boolean and number values.

GET requests

GET requests retrieve information about the objects in the associated resource. You can request information about all of the objects in a resource or you can specify an object ID to retrieve detailed information about only that object.

POST requests

POST requests create objects and queries for the associated resource.

PATCH requests

PATCH requests update existing objects with modified or missing information.

DELETE requests

DELETE requests remove objects from the system. You must have an object ID to perform a DELETE operation.

PUT requests

For limited operations, you can erase and replace the content in a resource with a PUT request.

Learn about the ExtraHop REST API

The ExtraHop REST API enables you to automate tasks for the ExtraHop Admin UI. In addition, you can view and try all of the available resources through the ExtraHop REST API Explorer and perform operations directly on your ExtraHop appliance.

ExtraHop API resources

You can perform operations on the following resources through the ExtraHop REST API. You also can view more detailed information about these resources, such as available HTTP methods, query parameters, and object properties in the ExtraHop REST API Explorer.

APIKey

An API key enables a user to perform operations through the ExtraHop REST API.

You can generate the initial API key for the setup user account through the REST API. All other API keys are generated through the API Access page in the ExtraHop Admin UI.

The following table displays all of the operations you can perform on this resource:

Operation Description
POST /apikeys Create the initial API key for the setup user account.

Implementation information and instructions for each operation are documented in the ExtraHop REST API Explorer. You can click on any operation in the REST API Explorer to view implementation information such as parameters, response class and messages, and JSON model and schema.

ExtraHop

This resource provides metadata about the ExtraHop appliance, such as the firmware version or if the appliance is a Command appliance.

The following table displays all of the operations you can perform on this resource:

Operation Description
GET /extrahop Retrieve metadata about the firmware running on the ExtraHop appliance.
GET /extrahop/idrac Retrieve the iDRAC IP address of the ExtraHop appliance.
GET /extrahop/platform Retrieve the platform name of the ExtraHop appliance.
GET /extrahop/processes Retrieve a list of processes running on the ExtraHop appliance.
GET /extrahop/processes/{process}/restart Restart a process running on the ExtraHop appliance.
POST /extrahop/sslcert Regenerate the SSL certificate on the ExtraHop appliance.
PUT /extrahop/sslcert Replace the SSL certificate on the ExtraHop appliance.
GET /extrahop/version Retrieve the version of the firmware running on the ExtraHop appliance.

Implementation information and instructions for each operation are documented in the ExtraHop REST API Explorer. You can click on any operation in the REST API Explorer to view implementation information such as parameters, response class and messages, and JSON model and schema.

License

This resource enables you to retrieve and set product keys or to retrieve and set a license.

The following table displays all of the operations you can perform on this resource:

Operation Description
GET /license Retrieve the license applied to this ExtraHop appliance.
PUT /license Apply and register a new license to the ExtraHop appliance.
GET /license/productkey Retrieve the product key to this ExtraHop appliance.
PUT /license/productkey Apply the specified product key to the ExtraHop appliance and register the license.

Implementation information and instructions for each operation are documented in the ExtraHop REST API Explorer. You can click on any operation in the REST API Explorer to view implementation information such as parameters, response class and messages, and JSON model and schema.

Running config

The running configuration file is a JSON document that contains core system configuration information for the ExtraHop appliance.

The following table displays all of the operations you can perform on this resource:

Operation Description
GET /runningconfig Retrieve the current running configuration file.
PUT /runningconfig Replace the current running configuration file. Configuration file changes are not automatically saved.
POST /runningconfig/save Save the current changes to the running configuration file.
GET /runningconfig/saved Retrieve the saved running configuration file.

Implementation information and instructions for each operation are documented in the ExtraHop REST API Explorer. You can click on any operation in the REST API Explorer to view implementation information such as parameters, response class and messages, and JSON model and schema.

Published 2017-06-26 16:05