401 unathorized using API Keys with Siem or the Mgmt API
search cancel

401 unathorized using API Keys with Siem or the Mgmt API


Article ID: 231085


Updated On:


CASB Security Advanced CASB Audit CASB Security Premium


In Postman - If you select Authorization type  "API Keys" and enter valid CloudSOC API Key & Key Secret Value you get the error "1. Authorization Required"

(See bottom of the screenshot below)

Valid CloudSOC API Endpoints, Query Options, and Sample Results:




US Prod





In Postman Under "Authorization Tab" - Select "Basic Auth" & enter the "Key ID" for Username & "Key Secret" for Password from CloudSOC:


CloudSOC API keys can be created/downloaded by SysAdmin or authorized Admin from "CloudSOC/Settings/API Keys."

In Postman, you must also add these two keys under the "Headers" Tab:

   Key                                                       Value

Content-Type                                    application/JSON

X-Elastica-Dbname-Resolved                 True


Using "Basic Authentication" with API Key / API Secret and Headers configuration, as shown above, enables CloudSOC queries to function correctly in Postman

(Example below)



Postman is just one example of a utility that a client could use to run CloudSOC Management API queries.

The customer could use similar queries in other utilities such as Linux cURL, Powershell, JSON, Splunk, QRADAR, etc.

Broadcom CloudSOC Support and Engineering do NOT support any of these utilities but rather ensure that the API End Points and API keys in CloudSOC are functioning. correctly




Additional Information

CloudSOC API Management Tech Doc:


CloudSOC API supports Basic Access Authentication. Use the Key ID and Key Secret as your user name and password. The API keys are allocated on a per-user basis and inherit the permissions granted to that user.



The API Logins are subject to the IP address login restrictions defined in the "IP Address Profile" section [Cloudsoc Portal > Settings > IP Addresses].

If the IP Address profile is configured, then the API calls will be allowed from the defined IP addresses/ranges only. All the other IP addresses will fail to authenticate. The error message reads "Authorization Required," and the HTTP response code is (401)

If the IP Address profile is NOT configured, then this restriction does not apply, and the login is allowed from any source IP Address.

*** The user and key must be Active.  Disabling or deleting the user will invalidate the key.  A new key will would need to be generated.