How does the Contrast agent authenticate with the Contrast server?
Each Organisation within the Contrast UI has a dedicated agent user tied to it. This agent user’s username and API keys are included in the agent configuration. This agent user isn’t allowed to consume any of the endpoints defined in the Contrast server other than the endpoints used to send data from the agent to the Contrast server.
As an Admin user, you can find the API keys for the agent user in the Contrast UI. Simply head to Organisation Settings -> API.
Important Note: If you downloaded your Contrast agent before v3.3.8, it will use the credentials of the user who downloaded it in order to authenticate back to the Contrast server. If this is the case, we strongly recommend re-downloading the agent to ensure that the dedicated agent user is used.