Creating and Managing API Client in CrowdStrike's Console

Copy

• Copy for LLM

  Copy page as Markdown for LLMs
• View as Markdown

  Open this page as Markdown
• Open in ChatGPT

  Get insights from ChatGPT
• Open in Claude

  Get insights from Claude

1. Introduction

ClientId and ClientSecret are required in order to make requests using the OAuth2.0 workflow to CrowdStrike's API client.

2. Prerequisites

Before you begin, ensure you have:

• Access to the CrowdStrike Falcon Console
• Administrator privileges

3. Creating API Client

Step 1: Access the CrowdStrike Falcon UI Console

• Log in to your CrowdStrike Console instance with administrative privileges.

Step 2: Create an API Client, generate ClientId/ClientSecret with proper scope

• Go to the Support and resources > Resources and tools > API Client and keys section where an API Client can be managed.

• Create an API Client

• Provide a Client name and a related description with the following scope permissions:

  Permissions Required:

  Scope	Read	Write	Purpose
  Alerts	✅	❌	Query alert data and threat/EDR events
  Hosts	✅	✅	Query endpoint information and quarantine endpoints from network. Excluding the write permissions disables the quarantine feature.
  Assets	✅	❌	Query application data
  IOC Management	✅	✅	Query, create and delete Indicators of Compromise (IOC). Excluding the write permissions disables creating and deleting IOCs.
  Zero Trust Assessment	✅	❌	Query security posture scores

• Confirm the new API Client

• Securely store the generated Client ID, Secret and Base URL

4. Configure the Integration

URL This is the Base URL from where the Falcon API Client credentials came. CrowdStrike Base URLs

ClientId This is the Client Id gathered in step 2

ClientSecret This is the Client Secret gathered in step 2

Note The token_url should not be set/configured when configuration the Integration.

5. Important Links in CrowdStrike's Documentation

• CrowdStrike OAuth2-Based APIs