Skip to main content

CaseBender Endpoints

View the OpenAPI specification file

Authentication

All API endpoints require authentication using API keys. Include your API key in every request using one of the following methods: Include your API key as a Bearer token in the Authorization header: 
Authorization: Bearer cbr_live_your_api_key_here

Alternative: X-Api-Key Header

You can also use the X-Api-Key header: 
X-Api-Key: cbr_live_your_api_key_here
Important: Your API key grants access to your CaseBender instance. Keep it secure and never share it publicly.

Creating API Keys

To create API keys:
  1. Log in to your CaseBender instance
  2. Navigate to AccountAPI Keys
  3. Click Create API Key
  4. Configure the key name, description, tier, and scopes
  5. Save the key immediately - it is displayed only once and cannot be retrieved later
When you create an API key, you’ll receive a single key that looks like: 
cbr_live_a1b2c3d4e5f6g7h8i9j0...

Using API Keys

Include the API key in all API requests:

Using cURL

curl -X GET https://your-instance.casebender.com/api/alerts \
  -H "Authorization: Bearer YOUR_API_KEY_HERE" \
  -H "Content-Type: application/json"

Using Python (requests library)

import requests

headers = {
    "Authorization": "Bearer YOUR_API_KEY_HERE",
    "Content-Type": "application/json"
}

response = requests.get(
    "https://your-instance.casebender.com/api/alerts",
    headers=headers
)

Using JavaScript/Node.js (fetch)

const response = await fetch(
  "https://your-instance.casebender.com/api/alerts",
  {
    method: "GET",
    headers: {
      "Authorization": "Bearer YOUR_API_KEY_HERE",
      "Content-Type": "application/json",
    },
  }
);

API Key Tiers

API keys are assigned tiers that determine rate limits:
TierRequests/MinuteRequests/HourBurst Allowance
Basic601,00010
Standard30010,00050
Professional1,00050,000100
Enterprise5,000200,000500
UnlimitedNo limitNo limitNo limit

API Key Scopes

When creating an API key, you can limit its access to specific operations:
  • alerts:read - Read alerts
  • alerts:write - Create and update alerts
  • cases:read - Read cases
  • cases:write - Create and update cases
  • observables:read - Read observables
  • observables:write - Create and update observables
  • users:read - Read user information
  • admin:* - Administrative operations

Common Authentication Errors

  • 401 Unauthorized:
    • Missing Authorization header
    • Invalid or expired API key
    • API key has been revoked or suspended
  • 403 Forbidden:
    • API key lacks required scope for the operation
    • TLP/PAP access restrictions
  • 429 Too Many Requests:
    • Rate limit exceeded for your tier

Security Best Practices

  • Never share your API key - treat it like a password
  • Rotate API keys regularly - revoke old keys and create new ones periodically
  • Use different keys for different applications - this allows you to revoke access per application
  • Set expiration dates - configure API keys to expire automatically when possible
  • Use minimum required scopes - only grant the permissions your application needs

Legacy Authentication (Deprecated)

The legacy x-api-key and x-api-secret headers are still supported for backward compatibility but are deprecated. Please migrate to Bearer token authentication.
# Deprecated - do not use for new integrations
curl -X GET https://your-instance.casebender.com/api/alerts \
  -H "x-api-key: YOUR_ACCESS_KEY" \
  -H "x-api-secret: YOUR_SECRET_KEY"