Skip to content

Third-party access via APIs

You can set up third-party read-only API access to your Sophos Central account. For example, you may want to allow a cyber insurance provider to assess and monitor your organization's security posture.

Set up read-only API access

  1. Go to Global settings > API Credentials Management.

    API Credentials Menu selection

  2. If prompted, accept the Terms of Use Agreement & Privacy Policy. Otherwise, go to the next step.

    API Credentials Terms of Use

  3. Click Add credential on the right of the screen.

  4. On the Add credential dialog, enter a name and description, set Role to Service Principal ReadOnly and click Add.

    Service Principal ReadOnly role

  5. On the API credential summary page, use the Copy buttons to make copies of the Client ID and Client Secret.


    The secret is only shown once. Make sure you keep it somewhere safe.

    API credential summary

  6. Follow the third party’s instructions to securely transfer the API credentials, for example in an HTTPS web form.


You should delete the credentials as soon as the third-party no longer needs access to your data. You can delete the credentials at any time to revoke access.

What's shared

The ReadOnly API role can read a range of data, but not add, remove, or change it. Mainly, you're allowing the third party to see:

  • Alerts and events
  • Account health check results
  • Device details
  • Policy configuration

The third party may not look at all the information provided via APIs. Please speak with them to understand exactly what they'll access and how they'll use the data.

For a full list of the current Sophos Central APIs, go to We may add more APIs in future.