Skip to main content

Use Case 2: Hybrid Portal/API Integration

In this use case, the partner sets up the initial users and organizations for their customers via the API, but the customers interact directly with our portal (or their own branded portal) to manage resources and execute scans. The partner may still use the API to manage the higher-level structure, but the customers are responsible for logging in, creating resources, running scans, and accessing reports.

Get the Postman Collection:

Key Features:

  • Partner creates users and organizations via the API
  • End users log in to the portal to manage resources such as scans, targets, and view reports.
  • This is a more flexible approach, allowing end users to take control of the scanning process.
  • Suitable for partners who want to give their customers direct access to the platform.

Common Workflow

1, Authenticate with your Partner Account

Partners can either log in to the portal or use the User Token Authentication (recommended for longer sessions, as it avoids token expiration).

2. Create Users and Organizations

Once logged in, the partner can create an organization for the customer and assign it to the necessary plan(s).

Alternative: You can use the Create Customer Wizard endpoint to perform all tasks in a single request, including creating the organization, subscribing it to a plan, and creating the users.

3. Create Users and Assign Them to Organizations

The partner can create users for the organization, ensuring that they are linked to the correct organization. Multiple users can be created for an organization, which may be useful for customers with teams (e.g., a Security Operations Center with multiple users).

4. User Confirmation Process

After the users are created, they will receive a confirmation email, which redirects them to the portal to set up their account (password, username, etc.).

Optional Step: Partners can choose to skip this confirmation step by:

  • Passing a Parameter: confirmed=true during user creation (if skipping, the partner must provide a password at the time of user creation). This is useful if the partner prefers a smoother, hands-off process for the end users.