Skip to main content

Get started

The SixMap API provides programmatic access to your scan data, enabling you to integrate SixMap's findings into your workflows, reports, and other applications, such as ticket systems. You can explore the API and available endpoints at:

https://api-sixmap.sixmaptech.com/sixmap/swagger

API Authentication

To access the SixMap API, use an authorization (Bearer) token by first generating a token ID and token secret in the SixMap app, and then exchanging these credentials for an access token to use in your API requests.

Generate a token

Generate your token ID and token secret within the SixMap app.

  1. In the SixMap app, navigate to:
    • Organization, API tokens if you have the Admin role and are creating credentials for team, project, or organization-wide integrations.
    • Profile, Personal API tokens if you're creating credentials for API integrations or tasks for your personal use.
  2. Select Generate new token.
  3. In the Token name field, provide a descriptive name. For example, Reporting Script Integration.
  4. Copy the token ID and token secret and store them securely.
    info

    If you don’t copy the token secret before you close the screen, you will need to generate a new token.

  5. Select Close.

Once you have your token ID and token secret, you can use them as your client_id and client_secret to obtain an access token.

Obtain an access token

To use Bearer token authentication, you first obtain an access token by sending a POST request to the token endpoint.

  1. Identify the token endpoint: The token endpoint for the SixMap API is:

    https://api.stytch.com/v1/public/project-live-da664296-f5e5-4302-872d-9824683c3c42/oauth2/token

  2. Prepare the request body: You need to make a POST request with the following application/json body to securely transmit your credentials:

    {
      "client_id": "YOUR_TOKEN_ID",
      "client_secret": "YOUR_TOKEN_SECRET",
      "grant_type": "client_credentials"
    }

    Replace "YOUR_TOKEN_ID" with your token ID and "YOUR_TOKEN_SECRET" with your token secret. Ensure grant_type is client_credentials.

  3. Send the POST request: You can use curl to send the request to the token endpoint.

    Example using curl:

    curl --request POST \
    --url https://api.stytch.com/v1/public/project-live-da664296-f5e5-4302-872d-9824683c3c42/oauth2/token \
    --header 'Content-Type: application/json' \
    --data '{
      "client_id": "YOUR_TOKEN_ID",
      "client_secret": "YOUR_TOKEN_SECRET",
      "grant_type": "client_credentials"
    }'

    In this command: --request POST specifies the HTTP method, --url is the token endpoint, --header sets the content type, and --data contains the request body.

  4. Parse the response: A successful request returns a JSON response. The access_token is the value you will use for API requests. Other fields in the response include:

    • "expires_in": The lifetime of the access token in seconds.
    • "request_id": A unique identifier for the request.
    • "status_code": The HTTP status code of the response (should be 200 for success).
    • "token_type": The type of token (Bearer).

    Example Response:

    {
      "access_token": "YOUR_OBTAINED_ACCESS_TOKEN",
      "expires_in": 3600,
      "request_id": "...",
      "status_code": 200,
      "token_type": "Bearer"
    }

Send the token in a header

To use Bearer token authentication, include the access_token in the Authorization header of your HTTP requests in the following format: Bearer YOUR_OBTAINED_ACCESS_TOKEN.

Example using curl:

curl --request GET \
https://api-sixmap.sixmaptech.com/sixmap/api/v1/accounts \
--header 'Authorization: Bearer YOUR_OBTAINED_ACCESS_TOKEN'
info

Replace YOUR_OBTAINED_ACCESS_TOKEN with your actual access token. Access tokens expire after one hour. Ensure you send your API requests over HTTPS.