You can leverage the ZCSPM APIs to onboard cloud accounts, initiate configuration metadata scans for recently deployed infrastructure changes, or get a compliance summary for your current cloud deployment. ZCSPM offers different APIs at cloud account level and license level.

Account Level ZCSPM APIs

• Account Token API: Acquire an access token for a cloud account.
• Audit Report API: Acquire compliance posture for your cloud deployment measured against compliance benchmarks.
• Cloud Account Health Status API: Read all permissions you need to grant for ZCSPM to collect relevant configuration metadata.
• Initiate Scan API: Initiate a ZCSPM configuration metadata scan for a cloud account.
• Scan Status API: Read the current status of the ZCSPM configuration metadata scan.
• Supported Benchmarks API: Read the list of compliance benchmarks active for a cloud account.

License Level ZCSPM APIs

• License Token API: Acquire an access token for a ZCSPM license.
• Onboard Cloud Account API: Onboard a Microsoft Azure, Amazon Web Services, or a Google Cloud Platform cloud account on to ZCSPM.
• License Accounts API: Read a list of all cloud accounts on a ZCSPM license.
• Update Access Scope API: Add a new cloud account to your ZCSPM API application access scope.

You must complete the following prerequisites before you can access and use the ZCSPM API:

• 1. Create a ZCSPM API application.

  You must create a ZCSPM API application and configure access for selected cloud accounts:

  1. Log in to the ZCSPM portal.
  2. From the License drop-down menu, select a license.
  3. Go to Configuration > API Access, then click Create API Application.

  

  4. On the Create API Application page:
     • API Application Name: Enter a name for the API application.
     • Select APIs to Connect: From the drop-down menu, select all ZCSPM APIs that the application needs to connect to.
     • Select APIs Scope: Move desired accounts from the Excluded Cloud Accounts section to the Included Cloud Accounts section.
     • Token Expiry: From the drop-down menu, select the expiry duration for the API token. For example, you can set the token to expire after 60 minutes.
     • Select Expiry: Enter an expiration date (i.e., dd/mm/yyyy) or select an expiration date from the calendar menu for the API application secret.
  5. Click Save.

  

  6. Click the Copy icon to copy the ZCSPM Application Secret ID. You will not be able to retrieve the secret after leaving this window. Make sure you have saved the secret securely.

  • Regenerate the ZCSPM API Application Secret.

    To regenerate the ZCSPM API Application Secret:

    1. Log in to the ZCSPM portal.
    2. From the License drop-down menu, select a license.
    3. Go to Configuration > API Access.
    4. From the Configure App drop-down menu, select Regenerate Secret Key.
    5. Click Continue.
    7. Click the Copy icon to copy the ZCSPM Application Secret ID.
    8. Click Done.

    Close

  7. Click Done.

  After the API application is created, you must copy and save the ZCSPM API Application Id as well. You need the application ID to generate an access token.

  Close
• 2. Generate a ZCSPM API key.
  1. Sign in to your account at the ZCSPM API portal.

  If you do not have a ZCSPM API account, you can sign up at the ZCSPM API portal.

  2. In the PRODUCTS tab, select Unlimited.

  

  3. Click Subscribe.
  4. After ZCSPM verifies and activates your API subscription access, it sends out an activation confirmation email.
  5. After you receive the confirmation email, select your username on the ZCSPM API portal.
  6. Click Profile.
  7. In the Your subscriptions section, select Show next to the Primary Key.

  

  Close
• 3. Acquire an access token.

  You can acquire an access token either for a license or a cloud account using the Token API. You can use the acquired tokens to make requests to other ZCSPM APIs.

  Close