1. Blumira Partners
  2. Administering Blumira Accounts
  3. MSP Portal

Quick Links

Using the Blumira API as an MSP

Overview

The Blumira API makes it easier to connect Blumira to the other tools and systems your business relies on to get more out of your data. It is designed to improve mapping and integration between services, support operational dashboards, and scale operations with Blumira. 

After creating your Blumira API credentials, you can connect Blumira to the business tools you and your teams rely on for things like ticketing, billing, reporting, or resource management.

The Blumira API is OpenAPI Specification v3 compliant, uses standard REST protocols, and can be integrated with any programming language that supports HTTP requests. 

Required: Full access to the Blumira API requires a current XDR Platform contract. Results for findings includes data from MSP sub-accounts with paid licenses and excludes free accounts.
MSPs with NFR accounts that do not have a contract can request access by contacting Support.

About the endpoints

The API endpoints are all scoped for read-only access and will be rate-limited at 10 requests per second per key. 

The available endpoints give you access to the following information:

  • Findings information for a single sub-account or for all of your accounts
  • Blumira Agent device names and installation keys for specific sub-accounts
  • Sub-account information, such as organization name, license, and number of open findings

Reference: Explore the endpoints and their example results at https://api.blumira.com/public-api/v1/ui/?url=/public-api/v1/openapi.json.

Generating Blumira API credentials

To generate your Blumira API credentials, do the following:

  1. In the app, navigate to MSP Portal > Integrations.
  2. Click Generate API Credentials.
  3. Copy and save your Client ID and Client Secret.

Using your Blumira API credentials 

Generating a JWT bearer token

Access to the Blumira API requires authorization with a JWT bearer token. When running your own command in your preferred language, ensure you replace the client_id and client_secret with the values given to you in the key pair for your account.

Below are examples of cURL commands you can use to create the token:

  • Using individual form values in the body of the request: 
    curl --request POST \
    --url 'https://auth.blumira.com/oauth/token' \
    --header 'content-type: application/x-www-form-urlencoded' \
    --data grant_type=client_credentials \
    --data client_id=$CID \
    --data client_secret=$SEC \
    --data audience=public-api
  • Using JSON in the body of the request: 
    curl --request POST \
    --url 'https://auth.blumira.com/oauth/token' \
    --header 'content-type: application/json' \
    --data "{\"client_id\":\"$CID\",\"client_secret\":\"$SEC\",\"audience\":\"public-api\",\"grant_type\":\"client_credentials\"}"

Using the bearer token

Example bearer token output:

{"access_token":"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IlFrRTVNREUxUVRKR05UbEJOVGREUlRKRE1rUkdOMEZFTXpreFJEa3pOelJFUmpKQlFVUTROUSJ9.eyJwb2wiOiJ4ZHJfcnciLCJvcmciOiJmZmZmZmZmZi1mZWVkLWJlZWYtMTMzNy1jMGZmZWUwMDAwMDIiLCJpc3MiOiJodHRwczovL2F1dGguZC5iNWEuaW8vIiwic3aaaaaaaaFIY0lIYmhqNFVJVVdTQzE1OGp3NVloYmRWZTluOUNAY2xpZW50cyIsImF1ZCI6InB1YmxpYy1hcGkiLCJpYXQiOjE3MzQwMjg1ODIsImV4cCI6MTczNjYyMDU4Miwic2NvcGUiOiJydyIsImd0eSI6ImNsaWVudC1jcmVkZW50aWFscyIsImF6cCI6InhBSGNJSGJoajRVSVVXU0MxNThqdzVZaGJkVmU5bjlDIn0.JF87Yx9sBBiIOJ0rM6IAO6Rv4xs9LD_L_nwF5zMLdQlYYHnKCYuRbWYQiih5ITi_SkL2HG6Aa89XDKZ32jD2N5U7V6RE7AxGJteQBNU5AtijmimBORTdZz9gr3g5ol_R4H1TRpapVeIYwebjVy9TE1h-V7xaP9CTnBUKSv2KIqaT6Gysz79isOd0Pjj_SzF89inSb44oND_Yam5qayYaql1rTKSKJQvLf-hvedKXM088fGG6xTQivoamgVIKZIEpVeBSTMzC22rrITwAcanWxLjVfI5yoChoqca1U8SKKg5AsJ9b5GLh28r6wH3BIHgd5sIVCT0NewC_kA4xxxxxx","scope":"ro","expires_in":2592000,"token_type":"Bearer"}

In your preferred API platform, use the token to authorize into the Blumira Public API. This is a bearer token, which can be used as follows:

curl --url https://api.blumira.com/public-api/v1/findings -H "Authorization: Bearer ${JWT}"
Important: The token is valid for about 30 days and then must be refreshed. 

Rotating or deleting API credentials

To rotate your Blumira API Client Secret, do the following:

  1. Navigate to MSP Portal > Integrations.
  2. In the Blumira API Credentials table, click Rotate.
  3. In the Client Secret Rotation window, click Yes.
    Screenshot 2025-06-04 at 2.16.49 PM.png
  4. In the Rotated Client Secret window, copy and save your new Client Secret.
    Note: You will need to use this to update the tools that were previously connected to the Blumira API.

To delete your credentials, do the following:

  1. Navigate to MSP Portal > Integrations.
  2. In the Blumira API Credentials table, at the end of the row, click Delete API Credentials (trash icon).
  3. In the Delete API Credentials window, click Delete.
    Screenshot 2025-06-04 at 2.26.29 PM.png