Infinity IoC Management API

The Custom IOC Management API allows you to manage IoCs through API.

API Authentication and Authorization

To interact with the IOC Management API, you must authenticate using an API key, which consists of a Client ID and a Secret Key. Use these credentials to obtain an API token, which must be included in all API calls for authorization.

Step 1 - Create an API Key

Create a new account API key for Centralized IOC Management service in the Infinity Portal. For instructions, refer to Create a new Account API Key section in Infinity Portal Administration Guide.
Save the Client ID, Secret Key and Authentication URL.

Step 2 - Authentication

To get the authenticate token, call the auth/external API, as shown in the following example:

Copy

curl -d '{"clientId":"$CLIENT_ID","accessKey":"$SECRET_KEY"}' -H "Content-Type: application/json" -X POST <Authentication URL>/auth/external

Parameter	Description
$CLIENT_ID	Client ID generated in step 1.
$SECRET_KEY	Secret Key generated in step 1.
Authentication URL	Authentication URL generated in step 1.

On successful authentication, a temporary token (JWT_TOKEN) is generated, valid for 30 minutes.

Use this JWT_TOKEN as a bearer token in the Authorization header for each API call. For web applications, Check Point recommends re-authenticating before the token expires.

Supported Functions

The IOC Management API supports the following functions:

Retrieve the list of feeds, to be used when managing IoCs in a specific feed.
Import a list of IoCs from a CSV file.
Create or update the list of indicators from a feed (as a single indicator or a list of indicators).
Delete a list of indicators from a feed (as a single indicator or a list of indicators).
Search for indicators using exact match.

For more information, see Custom IOC Management API.

Note - There is a rate limit for API calls per account. When you exceed this limit, the system returns an error message.