Scribd
Upload
61 views2 pages

Qualys Api Tracking Api Usage

This document discusses how API usage can be tracked using the X-Powered-By HTTP header, which includes unique IDs for the subscription and user. Contacting support can enable this header to be included in API responses, providing the POD ID, subscription UUID, and user UUID for tracking purposes. Samples are given showing the header format for VM/PC and portal apps.

Uploaded by

shiv kumar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
61 views2 pages

Qualys Api Tracking Api Usage

This document discusses how API usage can be tracked using the X-Powered-By HTTP header, which includes unique IDs for the subscription and user. Contacting support can enable this header to be included in API responses, providing the POD ID, subscription UUID, and user UUID for tracking purposes. Samples are given showing the header format for VM/PC and portal apps.

Uploaded by

shiv kumar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Qualys API – Tracking API Usage

Overview
You can track API usage by a user without the need to provide user credentials such as the username
and password.

API usage can be tracked using the X-Powered-By HTTP header which includes a unique ID generated for
each subscription and a unique ID generated for each user. Once enabled, the X-Powered-By HTTP
header is returned for each API request made by a user.

Contact Qualys Support to get the X-Powered-By HTTP header enabled.

Format
The information is returned in the following format:
X-Powered-By: Qualys:<POD_ID>:<SUB_UUID>:<USER_UUID>

Where,

- POD_ID is the shared POD or a PCP. Shared POD is USPOD1, USPOD2, etc. (See Identify your
Qualys Platform for a list of platforms).
- SUB_UUID is the unique ID generated for the subscription
- USER_UUID is the unique ID generated for the user

For example,
X-Powered-By: Qualys:USPOD1:f972e2cc-69d6-7ebd-80e6-
7b9a931475d8:06198167-43f3-7591-802a-1c400a0e81b1

You can use the USER_UUID to track API usage per user.

Samples
Here are sample outputs showing the X-Powered-By HTTP header for VM/PC and Portal apps.

Sample output 1: VM and PC


...
< HTTP/1.1 200 OK
< Date: Thu, 14 Sep 2017 09:11:21 GMT
< Server: Qualys
< X-XSS-Protection: 1
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< X-Powered-By: Qualys:USPOD1:d9a7e94c-0a9d-c745-82e9-
980877cc5043:f178af1e-4049-7fce-81ca-75584feb8e93

Copyright 2018-2021 by Qualys, Inc. All Rights Reserved. 1


< X-RateLimit-Limit: 300
< X-RateLimit-Window-Sec: 3600
< X-Concurrency-Limit-Limit: 500
< X-Concurrency-Limit-Running: 0
< X-RateLimit-ToWait-Sec: 0
< X-RateLimit-Remaining: 298
< X-Qualys-Application-Version: QWEB-8.11.0.0-SNAPSHOT-
20170914072818#4205
< X-Server-Virtual-Host: qualysapi.qualys.com
< X-Server-Http-Host: qualysapi.qualys.com
< Transfer-Encoding: chunked
< Content-Type: text/xml;charset=UTF-8
...

Sample output 1: Portal Apps


...
229HTTP/1.1 200 OK
X-Powered-By: Qualys:USPOD1:f972e2cc-69d6-7ebd-80e6-
7b9a931475d8:06198167-43f3-7591-802a-1c400a0e81b1
Content-Type: application/xml
Transfer-Encoding: chunked
Date: Mon, 04 Dec 2017 05:36:29 GMT
Server: Apache
LBDEBUG: NS=10.44.1.12,SERVER=10.44.77.81:50205,CSW=cs-qualysapi-
443,VSERVER=vs-papi-80,ACTIVE-SERVICES=2,HEALTH=100
...

The X-Powered-By HTTP header will be returned for both valid and invalid requests. However, it will not
be returned if an invalid URL is hit or when user authentication fails.

Qualys API – Tracking API Usage 2

You might also like