What Living Security needs
Scopes: Read access to InsightVM assets and vulnerability data
Required role: Platform Administrator, or any role with API Key Management access
Prerequisites
- You must have Platform Administrator access or a role with access to API Key Management in the Rapid7 Command Platform.
Part A — In Rapid7 Insight Platform
Your Rapid7 administrator completes these steps.1
Open API Key Management
- Sign in to the Rapid7 Command Platform at insight.rapid7.com.
- In the left navigation, click Administration.
- Select API Key Management.
2
Generate an API key
Living Security requires either an Organization key or a User key:
To generate an Organization key:
- Click the Organization Keys tab.
- Click Generate New Admin Key → Organization Admin Key.
- Select the target organization and enter a name (e.g.,
Living Security Platform). - Click Generate.
- Click Generate New User Key.
- Select the target organization and enter a name.
- Click Generate.
For least-privilege access, use a dedicated service account with read-only access to InsightVM data rather than a personal administrator account.
3
Copy and save your API key
After clicking Generate, a window displays the new API key.Copy the key immediately and store it securely.
4
Identify your region subdomain
The region code appears as the first segment of your Insight Platform URL (e.g.,
us.app.rapid7.com → us).Enter only the code (e.g.,
us) — not the full URL.Part B — In the Living Security Platform
The program owner completes this step, or the system admin if using delegated setup.1
Troubleshooting
403 Forbidden
403 Forbidden
The API key lacks permissions to access InsightVM data. If using a User key, verify the key owner has read access to InsightVM assets and vulnerabilities.
Wrong region subdomain
Wrong region subdomain
Using the wrong region causes all syncs to fail. Verify:
- The code matches your Rapid7 data residency region
- You entered only the code (e.g.,
us), not the full URL - Check your browser URL when signed in to identify the correct region
No data returned
No data returned
If syncs succeed but return no assets or vulnerabilities:
- Verify the key has access to the correct organization
- Confirm InsightVM data exists in your Rapid7 account
- Check that the key owner has the required InsightVM permissions

