Skip to main content
All CollectionsGetting started with Nudge Security
Getting started with the Nudge Security API
Getting started with the Nudge Security API
Russell Spitler avatar
Written by Russell Spitler
Updated over 3 months ago

Create and manage API keys

Note: You will need to have the "administrator" role in order to create API keys in Nudge Security.

Setting up an API key in Nudge Security is easy and is done from the UI.

Under Settings, navigate to API Tokens. Click Create API Token.

Give the token a descriptive name and click Create.

Copy the API token. It is ready for your immediate use.

Note: This is the only time the token is displayed. If you lose or forget this token, you'll need to generate a new one.

To revoke a token, find the token name and click Revoke.

Using the API

For API functionality, recipes, and samples, please refer to our API documentation.

Note: You will need to use the following syntax when using the API key in requests:

Authorization: Bearer <token>

Sample API use cases

Use Nudge Security data in other systems

Send events to another destination.

You can use the events endpoint to find any and all events generated by Nudge Security to an external system like a data lake. Alternatively, you can use the ‘notifications’ endpoint to only find events that you’ve configured to send a notification.

Examples:

  • Send events to a data lake or SIEM

  • Send events or notifications to an IT ticketing system

  • Send events to a reporting or business intelligence tool

Check the status of an app or account

The Nudge API has an endpoint that allows you to retrieve the value of any field in Nudge Security. For example, if you want to check the approval status of an application from an external system, you can easily retrieve the value of the “approval status” field with the fields endpoint.

Examples:

  • Check the approval status of an app before allowing an integration with production systems

  • Identify all unapproved apps that fall under PCI DSS compliance

Search for OAuth grants

We can also identify certain OAuth grants based on your criteria from the API. For example, if you want to retrieve all OAuth grants for a particular application, you can use the OAuth grants endpoint.

Example:

  • Find all high-risk OAuth grants from apps that have approval status of “not permitted.”

Take action in Nudge Security as the result of an external condition

Add a field in Nudge Security

The Nudge Security API can easily be used to manage fields, giving you the ability to create custom classifications that can be added from external sources. The API can be used to create new fields and update existing ones, including adding or removing allowed values.

Add a label to an app in Nudge

The Nudge Security API can easily be used to manage labels as well, adding to the context of an app or account in Nudge Security. The API can be used to create labels, update, and delete them.

API Rate Limits

Our API rate limit is 1200 requests within a 5-minute period.

API Token Expiration

API tokens will not expire if used. However, tokens will automatically expire after 4 weeks of no use.

Related Articles
Configure access to Microsoft Entra ID
Configure access to Google Workspace
OAuth Scopes List for Microsoft Entra ID
Configure Okta SSO Analysis in Nudge Security
Configuring Nudge Integration For Slack
Did this answer your question?