REST API Integration

REST API Integration

REST API Integration

This feature enables seamless data integration between the TSFA platform and third-party systems using REST APIs. External applications can securely access and leverage TSFA-specific data by authenticating with a Client ID and Client Secret. This integration allows users to incorporate TSFA data into device orchestration systems or data visualization tools without logging into the TSFA portal.

Key Capabilities for Licensed Devices
With API access, users can:
  1. View device information.
  2. Access event logs.
  3. Add, delete, and edit labels.
  4. Update severity settings for their device fleet.
  5. Upgrade or downgrade the FWS Agent.
  6. Modify notification settings.
Current Limitations
  1. Running on-demand measurements through the API is not currently supported.
  2. Re-generating API credentials via the TSFA portal is not yet available.

Integrating REST APIs Using Client ID and Client Secret Authentication

This guide provides IT and Security administrators with a step-by-step approach to integrating REST APIs securely with platforms like Microsoft Intune, ServiceNow, Ansible, Tableau, Grafana, Power BI, Google Data Studio, and similar tools. 

Using Client ID and Client Secret authentication, it ensures secure connections for data exchange, enabling dynamic data retrieval, device management, and automated workflows.

Prerequisites

  1. REST API credentials, including the Client ID and Client Secret, must be generated in the TSFA Cloud Portal.
  2. A tool or platform (e.g., Postman, cURL) is required to request access tokens from the API.
  3. Proper security measures, such as credential storage and token management, must be in place.

1. Get Client ID and Client Secret

To generate an access token, obtain the Client ID and Client Secret from your TSFA organization.

1. Navigate to Organization Settings and select the API Credentials tab.
2. Click the Generate button.
3. Copy the Client ID and Client Secret and store them securely.




Client Secret can be rotated by clicking the Regenerate button. The previous Secret will be invalidated immediately.

2. Request Access Token

Authenticate API Requests
To authenticate your API requests, use a tool like Postman or cURL to exchange your Client ID and Client Secret for an access token.

Example Using Postman:
  1. Open Postman and create a new POST request.
  2. Set the URL to the API's token endpoint: https://api.naea1.uds.lenovo.com/tsfa/external-api-service/(specify endpoints here)
    Refer to the list of endpoints here.
    You can download the list of endpoints from the cloud portal under Organization Settings > API Credentials.
  3. In the Body, set it to x-www-form-urlencoded and include the following fields:
    1. client_id: Your Client ID
    2. client_secret: Your Client Secret
    3. grant_type: Set to client_credentials
    4. OrgId: Copy the OrgId from your organization's URL: https://portal-platform.naea1.uds.lenovo.com/uds001-orgname/
  4. Click Send. The response will include the access token.
Alert
The access token will expire in 5 mins, so make sure the automated token refresh process is configured in your software.
 

3. Connect to the REST API in Your Platform

With the access token, you can now connect your API to the desired system, such as a device orchestration platform, data visualization tool, or any software supporting REST API integration.

General Steps for API Integration
  1. Open your platform’s API integration section and select the option to add a REST API or Web API.
  2. Enter the API endpoint: e.g., https://api.naea1.uds.lenovo.com/tsfa/external-api-service/{specify-endpoint-here}
  3. In the Header, include the access token:
    1. Key: Authorization
    2. Value: Bearer your_access_token
  4. Add any required URL parameters, such as device identifiers or pagination settings.
  5. Run the query. If successful, the system will retrieve the requested data.

Common Platforms and Their Integration Paths

Device Orchestration Tools (e.g., Ansible, ServiceNow)
  1. Use the REST API to automate device management, patching, or configuration tasks across endpoints.
  2. Example: Integrate Ansible to pull device health data via the API and generate reports.
Data Visualization Tools (e.g., Grafana, Tableau, Google Data Studio)
  1. Use REST API data to build visual dashboards or create custom reports.
  2. Example: Connect Grafana to the API to visualize server uptime or hardware status metrics.
Automation Platforms (e.g., Zapier, Integromat, Workato)
  1. Integrate REST APIs to automate workflows between different systems.
  2. Example: Use a REST API to send device alerts to a Slack channel or automate email notifications.

Common Issues and Troubleshooting

  1. Token Expiry: automate the token refresh process to ensure uninterrupted access and prevent expired token errors.
  2. Unauthorized Access: ensure that the access token is valid and that API requests are properly authorized.
  3. API Rate Limits: monitor API usage to avoid errors to avoid errors or being blocked by the provider.
  4. Timeouts: for large data sets, utilize pagination or batch processing to avoid request timeouts.


    • Related Articles

    • Platform Requirements

      The preferred deployment mode for the Sepio Platform is SaaS. Customers that are required by internal regulations or compliance mandates to run from their own premises (on-premises) can install and manage Sepio. Please contact ...

    • Understanding the Three Layers of Data Protection in Data Defense

      This article explores the first three layers of data protection offered by Data Defense when used with a supported SED to create Secure Drives, detailing how each layer protects sensitive information against various threats. It also covers the key ...

    • Using Device Lookup

      The Device Lookup page serves as a comprehensive information source, consolidating all data related to an individual device within the TSFA system. Designed to provide detailed insights, it facilitates the management and troubleshooting of devices. ...

    • Onboarding Devices in ThinkShield Firmware Assurance

      About ThinkShield Firmware Assurance ThinkShield Firmware Assurance (TSFA) detects and remediates firmware tampering and other security issues that could impact the security of your devices before the operating system boots. The ThinkShield Firmware ...

    • Strengthening Data Protection Against Advanced Threats

      While the first three layers of data protection provided by Data Defense are robust, they are primarily software-based, which a skilled adversary might attempt to bypass or exploit. For instance, if a threat actor gains administrative control of the ...