Third-party access via APIs
You can set up third-party read-only API access to your Sophos Central account. For example, you may want to allow a cyber insurance provider to assess and monitor your organization's security posture.
Set up read-only API access
Go to Global settings > API Credentials Management.
Click Add credential on the right of the screen.
On the Add credential dialog, enter a name and description, set Role to Service Principal ReadOnly and click Add.
On the API credential summary page, use the Copy buttons to make copies of the Client ID and Client Secret.
The secret is only shown once. Make sure you keep it somewhere safe.
Follow the third party’s instructions to securely transfer the API credentials, for example in an HTTPS web form.
You should delete the credentials as soon as the third-party no longer needs access to your data. You can delete the credentials at any time to revoke access.
The ReadOnly API role can read a range of data, but not add, remove, or change it. Mainly, you're allowing the third party to see:
- Alerts and events
- Account health check results
- Device details
- Policy configuration
The third party may not look at all the information provided via APIs. Please speak with them to understand exactly what they'll access and how they'll use the data.
For a full list of the current Sophos Central APIs, go to https://developer.sophos.com/apis. We may add more APIs in future.