API 權杖API tokens

適用於:Microsoft Cloud App SecurityApplies to: Microsoft Cloud App Security

重要

Microsoft 的威脅防護產品名稱即將變更。Threat protection product names from Microsoft are changing. 如需有關此變更的詳細資訊與其他更新,請參閱這裡Read more about this and other updates here. 我們將在不久的將來更新產品與文件中的名稱。We'll be updating names in products and in the docs in the near future.

Microsoft Cloud App Security API 可利用程式設計方式透過 REST API 端點存取 Cloud App Security。The Microsoft Cloud App Security API provides programmatic access to Cloud App Security through REST API endpoints. 應用程式可以使用 API,在 Cloud App Security 資料和物件上執行讀取和更新作業。Applications can use the API to perform read and update operations on Cloud App Security data and objects. 例如,Cloud App Security API 支援使用者物件的下列常見作業:For example, the Cloud App Security API supports the following common operations for a user object:

  • 上傳 Cloud Discovery 的記錄檔Upload log files for Cloud Discovery
  • 產生封鎖指令碼Generate block scripts
  • 列出活動、警示和原則報告List activities, alerts, and policy reports
  • 關閉或解決警示Dismiss or resolve alerts

如需使用 API 的詳細資訊,請參閱 Cloud App Security REST APIFor more information about using our API, see Cloud App Security REST API.

若要存取 API,您必須建立 API 權杖,並在軟體中使用以連線到 Cloud App Security API。In order to access the API, you have to create an API token and use it in your software to connect to the Cloud App Security API.

[API 權杖] 索引標籤可讓您協助管理租用戶的所有 API 權杖。The API tokens tab enables you to help you manage all the API tokens of your tenant.

產生權杖Generate a token

  1. 在 [設定]**** 功能表上,選取 [安全性延伸模組]****,然後選取 [API 權杖]****。On the Settings menu, select Security extensions and then API tokens.

  2. 按一下加號圖示,產生新權杖並提供未來識別權杖的名稱,然後按一下 [下一步]****。Click the plus icon, Generate new token and provide a name to identify the token in the future, and click Next. Cloud App Security 產生 API 權杖Cloud App Security generates API token

  3. 複製權杖值並儲存至某處以供復原 (如果您遺失權杖,則必須重新產生權杖)。Copy the token value and save it somewhere for recovery - if you lose it you need to regenerate the token. 權杖將具有發出權杖之使用者的權限。The token has the privileges of the user who issued it. 例如,安全性讀取者無法發出可改變資料的權杖。For example, a security reader can't issue a token that can alter data.

  4. 您可以依狀態篩選權杖:[使用中]、[非使用中] 或 [已產生]。You can filter the tokens by status: Active, Inactive, or Generated.

    • [已產生] 是從未使用過的權杖。Generated are tokens that have never been used.
    • [使用中] 是已產生且過去七天內已使用的權杖。Active are tokens that were generated and were used within the past seven days.
    • [非使用中] 是已使用但過去七天內沒有活動的權杖。Inactive were used but there was no activity in the last seven days.
  5. 在產生新權杖之後,系統會提供您用來存取 Cloud App Security 入口網站的新 URL。After you generate a new token, you'll be provided with a new URL to use to access the Cloud App Security portal.

    Cloud App Security API 權杖

    一般入口網站 URL 依然可用,但速度會比隨權杖提供給您的自訂 URL 慢上許多。The generic portal URL continues to work but is considerably slower than the custom URL provided with your token. 如果您不記得 URL,只要到功能表中的 ?If you forget the URL at any time, you can view it by going to the ? 圖示選取 [關於]****,即可隨時檢視。icon in the menu and selecting About.

API 權杖管理API token management

API 權杖頁面包含已產生之所有 API 權杖的資料表。The API token page includes a table of all the API tokens that were generated.

完整權限系統管理員會看到為此租用戶產生的所有權杖。Full admins see all tokens generated for this tenant. 其他使用者只會看到他們自行產生的權杖。Other users only see the tokens that they generated themselves.

此資料表提供有關權杖產生時間及上次使用時間的詳細資料,並可讓您撤銷權杖。The table provides details about when the token was generated and when it was last used and allows you to revoke the token.

撤銷權杖之後,權杖即從資料表中移除,而且使用該權杖的軟體在提供新權杖之前將無法進行 API 呼叫。After a token is revoked, it's removed from the table, and the software that was using it fails to make API calls until a new token is provided.

注意

  • SIEM 連接器和記錄收集器也會使用 API 權杖。SIEM connectors and log collectors also use API tokens. 這些權杖應該從記錄收集器和 SIEM 代理程式區段進行管理,因此不會出現在此資料表中。These tokens should be managed from the log collectors and SIEM agent sections and do not appear in this table.
  • 取消布建使用者 API 權杖會保留在 Cloud App Security 中,但無法使用。Deprovisioned users API tokens are retained in Cloud App Security but cannot be used. 任何嘗試使用它們都會導致許可權遭到拒絕的回應。Any attempt to use them will result in a permission denied response. 不過,我們建議您在 API 權杖 頁面上撤銷這類權杖。However, we recommend that such tokens are revoked on the API tokens page.

下一步Next steps

若您遇到任何問題,我們隨時提供協助。If you run into any problems, we're here to help. 若要取得產品問題的協助或支援,請建立支援票證To get assistance or support for your product issue, please open a support ticket.

請觀賞這部影片!Check out this video!

Microsoft Cloud App Security – REST API 和權杖Microsoft Cloud App Security – REST API's and Tokens