How-To create an API-Only service account

  • Updated

Objective

Create an API-Only service account to be utilized by multiple users for a plugin or integration's Contrast service connection.  API-Only users can access Contrast's REST API, but can not log in to the user interface. 

Contrast does not recommend the creation of administrator API-Only accounts.

Process

Log in to the Contrast UI with the Organization Administrator role.

Click on your name/profile in the top-right of the UI and then select Organization Settings from the menu.

mceclip0.png

Select Users from the Organization Settings and click + Add User.

Screen_Shot_2022-01-20_at_11.39.40_AM.png

Configure the user. The Organization Role's recommended configuration is either Edit or View

The Edit role will enable the API-Only user to remediate findings, add tags, manage vulnerabilities, edit attributes, merge applications, add or delete applications, and create servers. 

The View role has read-only access to the Contrast interface to see scores, libraries, vulnerabilities and comments, but can't perform edits to traces to the application.

After entering the appropriate role in Organization Role, the user will also need to be configured with Role-based access to applications, either broadly or individually, via Application Access Groups(https://docs.contrastsecurity.com/en/organization-access-groups.html).

Add the user.  Navigate back to the Users list under Organization Settings and get the Service Key from a text-box that will appear after hovering over the API Only text on the list.

Screen_Shot_2022-01-20_at_12.25.07_PM.png

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request