A quick guide to using the SIFF API

A quick guide to using the SIFF API

The SIFF API can be accessed either directly via the cloud endpoint or indirectly proxied via the collector.

Cloud API endpoint:

Collector API endpoint:

You can check if the collector endpoint is enabled by going to Admin > Collectors > View Collector > Properties tab.


Create API User

Navigate to Admin > API Security

Add an API user here and update any access list required.

API Documentation

The API Documentation can be found by browsing to:


Clicking on the sub-path links traverses the available API requests and examples.


Example - Config Search API Query

There are many use cases for the API. A common example is performing search queries to retrieve configuration data. The following is a simple walkthrough demonstrating how you can construct a config search query.

The config search API is located at:


The API “configquery” property uses the same query object as the UI. It is often easier to start with the UI and construct the desired search query and copy the example json that is sent in the http request.

Viewing / copying the ConfigQuery object from the UI Config search

Navigate to Config in the top menu. Open up the browser developer tool (e.g. F12 on Chrome) so you can examine the HTTP request sent by the browser.

Perform a desired search query and example the request for …/query/v1. You should be able to see the request payload for the search request. The content of the “fields:” property (i.e. the […] ) represents the ConfigQuery used in the API request. You can use this to help construct your API request.

Send API Request

A good tool to test API requests is Postman.

Set the request Auth to “Basic Auth” with the API user created above.


Set the request body is set to “raw” “json”


Optional fields like IncludeFields can be helpful to return only the fields you require and minimize the data transferred, especially if you perform these requests frequently.