Generate API Credentials on CrowdStrike Falcon Platform

This document outlines how to generate API credentials in the CrowdStrike Falcon Console to enable secure programmatic access. These credentials are required for integrations such as the Xshield Security Platform, allowing access to host, host group, and firewall management APIs, and to retrieve firewall events.

API Operations to be Enabled

API Call	Access Level
`GET /host-groups`	Read-only
`GET /hosts`	Read-only
`PUT /host-groups`	Read-write
`PUT /firewall/policies`	Read-write
`PUT /firewall/rules`	Read-write
`PUT /firewall/rule-groups`	Read-write
`POST /fwmgr/aggregates/events/GET/v1`	Read-only (firewall events)

Step 1: Log in to CrowdStrike Falcon Console

Use the URL corresponding to your tenant's region:

Region Name	Falcon Console URL
US-1	https://falcon.crowdstrike.com
US-2	https://falcon.us-2.crowdstrike.com
US-GOV-1	https://falcon.laggar.gcw.crowdstrike.com
US-GOV-2	https://falcon.us-gov-2.crowdstrike.com
EU-1	https://falcon.eu-1.crowdstrike.com

Step 2: Navigate to API Client Management

From the console:

Go to: Support & Resources → Resources & Tools → API Clients and Keys
Click Create API Client

Step 3: Create API Client and Assign Required Scopes

Client Details
- Name: e.g., Xshield API Integration
- Description: Optional
Assign the Following Scopes:

Read Access

Scope Group Scope Used For
Hosts Read GET /hosts
Host Groups Read GET /host-groups
Firewall Management Read_Events POST /fwmgr/aggregates/events/GET/v1

Read/Write Access

Scope Group Scope Used For
Host Groups Write PUT /host-groups
Firewall Management Write PUT /rules, /policies, /rule-groups
Click Create and proceed.

Scope Group	Scope	Used For
`Hosts`	`Read`	`GET /hosts`
`Host Groups`	`Read`	`GET /host-groups`
`Firewall Management`	`Read_Events`	`POST /fwmgr/aggregates/events/GET/v1`

Scope Group	Scope	Used For
`Host Groups`	`Write`	`PUT /host-groups`
`Firewall Management`	`Write`	`PUT /rules`, `/policies`, `/rule-groups`

Step 4: Record and Secure the Credentials

On creation, you'll receive:

Client ID
Client Secret (shown once only)

🔐 Store these credentials securely. The secret cannot be retrieved again.

Step 5: Identify Your CrowdStrike Region

This region value is necessary to construct the correct API URLs and for integration in Xshield.

Console URL	CrowdStrike Region Value
`https://falcon.crowdstrike.com`	`us-1`
`https://falcon.us-2.crowdstrike.com`	`us-2`
`https://falcon.eu-1.crowdstrike.com`	`eu-1`
`https://falcon.laggar.gcw.crowdstrike.com`	`us-gov-1`
`https://falcon.us-gov-2.crowdstrike.com`	`us-gov-2`

You will use this region value to configure the API endpoint in the Xshield Security Platform.

API Operations to be Enabled​

Step 1: Log in to CrowdStrike Falcon Console​

Step 2: Navigate to API Client Management​

Step 3: Create API Client and Assign Required Scopes​

Read Access​

Read/Write Access​

Step 4: Record and Secure the Credentials​

Step 5: Identify Your CrowdStrike Region​