Sophos Cloud Optix: Getting Started with API using PostMan

Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.


This Recommended Reads describes the step-by-step manual on configuring Cloud Optix API using PostMan.

Step 1. Enabling API 

Turn on API on your Sophos Cloud Optix Account

  • Go to
  • Settings → Integrations → Sophos Cloud Optix
    • Generate new key
    • Select expiry date (6 months, 1 year or Never)
    • Save
  • The API key will be downloaded as a text file

Step 2. Download & Install

To download and Install the latest version of PostMan for your OS, kindly see link below

Step 3. Authentication/Authorization

Open Postman, and under  File → New Tab

Select "GET" and enter the URI for an optix API endpoint, E.g.,

In the "Authorization" pane, select "None" or "Inherit auth from parent."

In the "Headers" pane, set a header with the following key-value pair

  • Key: Authorization
  • Value: ApiKey <API_KEY_VALUE>

Click "Send" to submit the request

The response must be displayed in the body section below

Step 4. API Examples

A. GET - Alert Count Example

The number of alerts will be shown in the "Body" section below

To filter the response using parameters, for example, adding the parameter below will show a count of only suppressed alerts (The full list of parameters can be found in the API documentation)

    • Key: states
    • Value: SUPPRESS
  • Click "Send"
  • The response will be displayed in the "Body" section below

  • PARAMS (The example below will show a filtered list of Azure alerts that are related to the CIS benchmark)
    • Key: providerList
      • Value: Azure
    • Key: policyTagList
      • Value: CIS
  • Click "Send"
  • The response will be displayed in the "Body" section below

B. GET - Alerts Example

C. POST - IP Whitelist Example

  "accountIds": null,
  "data": {
    "ips": [

Click "Send."

You must see no errors in the response in the "Body" section

You can verify in the Sophos Optix console under Settings → IP whitelist

Revamped RR
[edited by: Erick Jan at 5:48 AM (GMT -7) on 18 Apr 2024]
Parents Reply Children
No Data