API Overview
API Overview
Section titled “API Overview”Learn how to authenticate and interact with the SSH-KLM API using SDKs and direct API calls.
Authentication
Section titled “Authentication”SSH-KLM uses JWT-based authentication with API keys.
Obtaining API Key
Section titled “Obtaining API Key”- Navigate to Settings → API Keys
- Click Create API Key
- Set name and permissions
- Copy and securely store the key
Using API Key
Section titled “Using API Key”import { QcClient } from '@qcecuring/ssh-sdk';
const client = new QcClient({ apiKey: process.env.QC_API_KEY, baseUrl: 'https://ssh-klm.example.com' // Optional, defaults to cloud});Token Lifetime
Section titled “Token Lifetime”| Token Type | Lifetime | Refresh |
|---|---|---|
| API Key | Long-lived | Manual rotation |
| Access Token | 15 minutes | Auto-refresh |
| Refresh Token | 7 days | Re-authenticate |
SDK Installation
Section titled “SDK Installation”Node.js
Section titled “Node.js”npm install @qcecuring/ssh-sdkPython
Section titled “Python”pip install qcecuring-sshgo get github.com/qcecuring/ssh-sdk-goQuick Start
Section titled “Quick Start”import { QcClient } from '@qcecuring/ssh-sdk';
const client = new QcClient({ apiKey: process.env.QC_API_KEY });
// List all discovered keysconst keys = await client.ssh.listKeys();
// Start discovery scanconst scan = await client.ssh.startDiscovery({ hosts: ['server01.example.com']});
// Request ephemeral accessconst ephemeral = await client.ssh.requestEphemeral({ host: 'server01.example.com', username: 'deploy', ttl: 300});Core Resources
Section titled “Core Resources”| Resource | Description |
|---|---|
hosts | Target servers in inventory |
keys | Discovered SSH keys |
scans | Discovery scan jobs |
rotations | Key rotation jobs |
policies | Rotation and access policies |
ephemeral | Just-in-time credentials |
Rate Limits
Section titled “Rate Limits”| Endpoint | Rate Limit |
|---|---|
| Read operations | 1000/minute |
| Write operations | 100/minute |
| Discovery scans | 10/minute |
| Ephemeral requests | 50/minute |
Error Handling
Section titled “Error Handling”import { QcClient, QcError } from '@qcecuring/ssh-sdk';
try { await client.ssh.rotateKey({ keyId: 'invalid' });} catch (error) { if (error instanceof QcError) { console.log('Error code:', error.code); console.log('Message:', error.message); console.log('Details:', error.details); }}Error Codes
Section titled “Error Codes”| Code | Description |
|---|---|
AUTH_INVALID | Invalid or expired API key |
AUTH_FORBIDDEN | Insufficient permissions |
NOT_FOUND | Resource not found |
RATE_LIMITED | Too many requests |
VALIDATION_ERROR | Invalid request parameters |