Hi I’m trying to make some API calls to sophos central and I have a little problem in understanding the JWT Token. When I do all the steps for my tenant described here https://developer.sophos.com/getting-started-tenant I get a JWT and can make API calls. But after 60 minutes the JWT is expired so I have to repeat all the steps.
My goal is to implement these API calls in a monitoring software so that I can automate the calls. Should I use other authentication methods?
Thanks
Hi Stefano,
No, the JWT expires as per best practice. We do provide the expiry time in the token so you know when you need to renew.
For myself, my API calls all have a check at the beginning if the JWT…
For myself, my API calls all have a check at the beginning if the JWT expiry time has passed and (if it has) the call auto generates a new JWT and stores that for other calls.
RichardP
Program Manager, Support Readiness | CISSP | Sophos Technical SupportSupport Videos | Product Documentation | @SophosSupport | Sign up for SMS AlertsIf a post solves your question use the 'Verify Answer' link.
Hi Richard, ok I understand. Had a similar idea to automate the renew of the JWT.
Can you provide me an example on how to build a call like this?
what lang are you using to script this?
I'm using PRTG as monitoring system. I can use direct REST API sensors or powershell, python scripts and more
Hi Richard, can you send me an example?
sure, I'll dm you