Skip to content

Tactical Defense Software’s API is the main interface into the system. You can fetch logs, rules, and logs that have matched rules.


The authentication flow is fairly simple. Access tokens are requested via the API key provided. A JWT (JSON Web Token) is created for the MSP specified, and is sent with each request as a Bearer token.

Auth Flow#

  1. Request an access token for an MSP by making a POST request to the /authentication endpoint with the following JSON payload:
{ "vendor": "vendor", "msp": msp_uuid, "key": api_key }
  1. Assuming the API key matches the one provided to the vendor, and the MSP UUID belongs to the vendor, then a JWT is issued and returned in the response. The expiration of the JWT is specified in the JWT, but is typically 12 hours.
  2. With each subsequent request to an endpoint, the JWT is sent in the Authorization header as follows: Authorization: Bearer <JWT> If the token is invalid (which can include being expired), a 401 response is sent without a body.

Because JWTs are linked to a specific MSP, it is safe to put these JWTs into HTML/Javascript, and use them directly from your site. The API key should NEVER be placed in HTML or Javascript used to render your site.

API Documentation#

All documentation for the API is located at All API endpoints are versioned, and clients should always strive to use the latest version of an endpoint.

Auto-Generating Clients#

An OpenAPI JSON file is provided for the API. This allows automatic client generation using the OpenAPI Generator for any of the supported languages.