Agent Management API authentication
Most Agent Management API endpoints require authentication. You authenticate requests with a Personal Access Token (PAT) generated from the NXLog Platform UI.
| You should treat tokens the same way you treat passwords and other sensitive data. As with passwords, do not share your tokens with other users or store them unencrypted. |
Generating a token
To access the Agent Management API, you must have an NXLog Platform account with the Admin or Agent Management user role. If your account has the Agent Management – read-only role, you can only create tokens with read-only permission.
-
Log in to your NXLog Platform instance, click the User account menu, and select View account.
-
Switch to the API tokens view and click the Add new token button.
-
Enter the token name and expiration date, and select the relevant access role.
-
Click the Submit button to create the token. Your new API token will be displayed at the top of the page. Copy it and save it in a safe place because you will not be able to see it again once you navigate away from the page.
Managing your tokens
We recommend creating a token for each application or service that uses the Agent Management API. That way, you minimize the security risk in case of a breach.
If you suspect that a token is compromised or you no longer use it, follow these steps to delete it:
-
Log in to your NXLog Platform instance, click the User account menu, and select View account.
-
Switch to the API tokens view.
-
Find the token you want to delete, click the Actions menu, and select Delete.
Authenticating requests
Once you create a token, you can authenticate your requests by sending the token in the Authorization header.
For example, the following request gets the number of managed agents.
Replace example.com with your NXLog Platform domain, {ORG_ID} with your organization ID, and {TOKEN} with your Personal Access Token.
$ curl --request GET \
--url "https://agents.example.com/api/{ORG_ID}/api/v1/agents/count" \
--header "Authorization: Bearer {TOKEN}"The API responds with 401 Unauthorized if the request does not include an authorization token or the token has insufficient permissions.