Skip to main content

What Living Security needs

Endpoint access required: Required role: Tenant Admin or equivalent with access to Settings → Tools
This integration requires a v2 API token, not a v1 token. V1 tokens use query parameter authentication and will not work with the v2 API endpoint.

Prerequisites

  • You must have Tenant Admin access in Netskope to manage REST API tokens.

Part A — In Netskope

Your Netskope administrator completes these steps.
1

Navigate to REST API v2 Token Management

  1. Sign in to your Netskope admin console at https://<tenant>.goskope.com.
  2. In the left navigation, click Settings.
  3. Under Tools, select REST API v2.
2

Create a new token

  1. Click New Token.
  2. Enter a descriptive name (e.g., Living Security Platform).
  3. Under endpoint access, enable access to:
Grant access only to /api/v2/events/data/alert. This is the only endpoint Living Security requires — granting minimal access follows least privilege.
  1. Click Save (or Generate Token).
3

Copy and save your token

Copy the token immediately and store it securely.
Netskope displays the token value only once at creation. If you navigate away without copying it, you must delete the token and create a new one.
4

Configure IP allowlist (if applicable)

If your Netskope tenant has IP allowlisting enabled, you must add Living Security’s egress IP ranges.
  1. In the Netskope admin console, go to Settings → Administration → IP Allowlist.
  2. If IP allowlisting is enabled, add each Living Security egress IP range to the Custom IP list.
If IP allowlisting is enabled, the connection dialog will succeed, but data syncs will fail with 401 Unauthorized until the correct IPs are added.
5

Identify your tenant subdomain

Your tenant subdomain is the prefix of your Netskope admin console URL.If your console URL is https://acme.goskope.com, your subdomain is acme.Enter the bare subdomain only — no https://, no .goskope.com, no trailing slash.
The connection dialog accepts several input forms (bare subdomain, full hostname, or full URL) and normalizes automatically. However, entering the bare subdomain is recommended.

Part B — In the Living Security Platform

The program owner completes this step, or the system admin if using delegated setup.
1
You are now connected to Netskope (v2 API).

Troubleshooting

Common causes:
  1. Token revoked or expired — generate a new token
  2. Using a v1 token — v1 tokens authenticate via query parameter and won’t work with v2 endpoints. Generate a new v2 token from Settings → Tools → REST API v2
  3. IP allowlist blocking requests — if your tenant has IP allowlisting enabled, verify Living Security’s egress IPs are on the allowlist
The token was created without access to /api/v2/events/data/alert. Token endpoint permissions cannot be changed after creation — create a new token with the correct access and reconnect.
If IP allowlisting is enabled, Living Security’s egress IP ranges may have changed. Contact your CSM to verify the current ranges and update the allowlist.
V1 and v2 tokens use different authentication mechanisms:
  • v1: Query parameter (token=...)
  • v2: Header (Netskope-Api-Token: ...)
Living Security uses v2 authentication. Generate a new token from Settings → Tools → REST API v2 (not the legacy v1 token page).