Skip to main content

What Living Security needs

Endpoint access required: Required role: Tenant Admin or equivalent with access to Settings → Tools

Prerequisites

  • You must have Tenant Admin access in Netskope to manage REST API tokens.

Part A — In Netskope

Your Netskope administrator completes these steps.
1

Navigate to REST API v2 Token Management

  1. Sign in to your Netskope admin console at https://<tenant>.goskope.com.
  2. In the left navigation, click Settings, then select Tools.
  3. Under Tools, click REST API v2.
2

Create a new token

  1. Click New Token.
  2. Enter a descriptive name (e.g., Living Security Platform).
  3. Set a token expiration period that matches your rotation policy. Set a calendar reminder to rotate before expiration.
For least privilege, use the shortest practical expiration period. Token expiry is the primary protection against long-lived credential exposure.
3

Grant endpoint access

Select access to both required endpoints:Click Save.
Token endpoint access cannot be changed after creation. If you miss an endpoint, you must generate a new token with full access and revoke the old one.
4

Copy and save your token

Copy the token immediately and store it securely.
Netskope displays the token value only once at creation. If you navigate away without copying it, you must generate a new token.
5

Identify your tenant subdomain

Your tenant subdomain is the prefix of your Netskope admin console URL.If your console URL is https://acme.goskope.com, your subdomain is acme.Enter the subdomain only — no https://, no .goskope.com, no trailing slash.

Part B — In the Living Security Platform

The program owner completes this step, or the system admin if using delegated setup.
1
You are now connected to Netskope.

Troubleshooting

The token is invalid or expired, or you’re using a v1 token. Check:
  1. Token has not been revoked or expired
  2. Token is a REST API v2 token (v1 tokens use a different auth mechanism and won’t work)
The token is missing access to one or both required endpoints. Token endpoint permissions cannot be changed after creation — generate a new token with access to both /api/v2/events/data/alert and /api/v2/events/data/page.
Living Security requires a REST API v2 token that authenticates via the Netskope-Api-Token header. V1 tokens use query parameter authentication and will return 401 Unauthorized. Generate a new v2 token from Settings → Tools → REST API v2.
Verify you entered only the subdomain (e.g., acme), not the full URL. The subdomain should match your Netskope admin console URL exactly.