Getting Set Up With CyberPilot's Report API

The first steps for automatically getting data through our Report API

Note: This is currently only available for selected accounts. If you would like access, please contact your Customer Success Manager.

Reporting is an important part of your cybersecurity training, since it will give you insight into how your training progresses. As an administrator, you can always find and download reports for your Awareness and Phishing training directly on the platform.

Fetching that same data through our Report API is also possible. This way, you can integrate your cybersecurity training into your business in an automated setup.

The Demonstration Account

If you would like to play around with our API, you can use our demonstration account, which has a lot of demo data in the reports.

The credentials for our demonstration account are:

Authentication URL: https://login.app.cyberpilot.io/realms/app/protocol/openid-connect/token
Account ID: c36a9951-a630-4f5a-b874-160d4fe00d6f
Client ID: api_c36a9951-a630-4f5a-b874-160d4fe00d6f
Client Secret: sX20Oi9*vF^RirDJ4q7(DC4$(0lp@6*&
Username: api_c36a9951-a630-4f5a-b874-160d4fe00d6f
Password: cUDizCkbQKg5Mai45CHuY!2Ye(vi8W)w

Authentication

Step 1: Activate the API

To get access to the Report API, you must first activate the API.

Go to "Account" and select the API pane.

Et billede, der indeholder tekst, skærmbillede, software

Indhold genereret af kunstig intelligens kan være forkert.

Then, activate the API by enabling the toggle.

Et billede, der indeholder tekst, skærmbillede, Font/skrifttype, design

Indhold genereret af kunstig intelligens kan være forkert.

Your API is now activated, and ready to use.

Step 2: Obtaining an Access Token

To communicate with the API, you first must obtain an Access Token.

The Access Token will authorize you with the API and grant access to the endpoints you will communicate with.

You can get the Access Token by sending a POST request to the Authentication URL, with the following body parameters:

grant_type: must be set to "password"
client_id: Copy from the API section in your account
client_secret: Copy from the API section in your account
username: Copy from the API section in your account
password: Copy from the API section in your account

This request will return a JSON object with the Access Token available in the access_token property. See the image below:

Et billede, der indeholder tekst, skærmbillede, Font/skrifttype, nummer/tal

Indhold genereret af kunstig intelligens kan være forkert.

Important: The access token will expire in 6 minutes.

Using the Access Token

For all requests to our API endpoints, you must have a valid, non-expired Access Token in the Authorization header.

The Access Token must be prefix with “bearer ”, so the full header will be: Authorization: bearer <ACCESS_TOKEN>.

Refreshing the Access Token

When your Access Token is expired, you can either obtain a new Access Token by sending a new request (as explained in the section above), or you can use the refresh token.

To use the refresh token, send a request to the Authentication URL, with the following body parameters:

grant_type: refresh_token

client_id: Copy from the API section in your account

client_secret: Copy from the API section in your account

refresh_token: Copy from the access token request

Et billede, der indeholder tekst, skærmbillede

Indhold genereret af kunstig intelligens kan være forkert.

This request will return a JSON object with the Access Token available in the access_token property.

Et billede, der indeholder tekst, skærmbillede, Font/skrifttype, nummer/tal

Indhold genereret af kunstig intelligens kan være forkert.

These articles will help you fetch data from our Report API.

Got a question?