Skip to main content
All CollectionsHow-tosArticlesAuthentication guides
ZScaler Authentication Guide
ZScaler Authentication Guide

How to authenticate ZScaler for use with Tines

Daniel Stoeski avatar
Written by Daniel Stoeski
Updated over 6 months ago

First, get your API key in ZScaler

  1. Log in to your ZIA Admin Portal.

  2. Navigate to Administration > Cloud Service API Key Security and copy the API key.

    1. If one is not present, click "Add API Key" to create one (see ZScaler Cloud Service API Key)

Next, create ZScaler Credentials in Tines

Four credentials will need to be created:

  • Three Text type: "ZScaler Username", "ZScaler User Password", "ZScaler API Key"

  • One HTTP request type: "ZScaler"

Text type

  1. Login to your Tines tenant

  2. Navigate to the team that will be using the API and click "Credential"

  3. Click "+ New Credential" and select "Text"

  4. Input the values for the ZScaler credential

    1. Name: Required

    2. Description: Optional

    3. Value: API Key

  5. Optional

    1. Domains: Ensure this credential can only be used when making HTTP requests to specific domains

    2. Access: What other teams can also use the API

  6. Click "Save"

HTTP request type

  1. Click "+ New Credential" and select "HTTP Request"

  2. Input the values for the ZScaler credential

    1. Name: Required

    2. Description: Optional

    3. URL: https://zsapi.<Zscaler Cloud Name>/api/v1/authenticatedSession

      1. <Zscaler Cloud Name> is the name provisioned for your organization by Zscaler (e.g. zsapi.zscalerbeta.net).

    4. Content Type: JSON

    5. Method: post

    6. Payload: Copy the below object and paste into the "Plain code" section:

      {
      "apiKey": "<<ZSCALER_OBFUSCATE_API_KEY(LOCAL.credential, LOCAL.timestamp)>>",
      "username": "<<CREDENTIAL.zscaler_username>>",
      "password": "<<CREDENTIAL.zscaler_user_password>>",
      "timestamp": "<<LOCAL.timestamp>>"
      }

    7. Local values: Click the "+ Option" button, select "Local values" and paste the below into the "Plain code" section:

      {
        "timestamp": "<<DATE('now', '%s%L')>>",
        "credential": "<<CREDENTIAL.zscaler_api_key>>"
      }

    8. Click "Run options" and make sure you get a successful response.

    9. Location of token from response: SPLIT(zscaler.headers['set-cookie'], ';') |> FIRST(%)

  3. Optional

    1. Domains: Ensure this credential can only be used when making HTTP requests to specific domains

    2. Access: What other teams can also use the API

  4. Click "Save"

Your credential should look like the following:


For more on creating credentials in Tines, click here.

You can find a selection of ZScaler stories in the story library.

Using the credential in an action

The Header configuration for your ZScaler credential should be:

"cookie": "<<CREDENTIAL.zscaler>>"

Here is an example ZScaler action you can copy and paste onto your storyboard in Tines:

{"standardLibVersion":"32","actionRuntimeVersion":"4","agents":[{"disabled":false,"name":"Create Admin User","description":"Creates an admin or auditor user","options":"{\"url\":\"https://admin.zscaler.net/api/v1/adminUsers\",\"content_type\":\"application_json\",\"method\":\"post\",\"payload\":{\"loginName\":\"johnsmith@acme.com\",\"userName\":\"John Smith\",\"email\":\"johnsmith@acme.com\",\"role\":{\"id\":2322},\"password\":\"AeQ9E5w8B$\",\"rank\":7,\"name\":\"Read only\",\"policyAccess\":\"READ_ONLY\",\"dashboardAccess\":\"READ_WRITE\",\"reportAccess\":\"READ_WRITE\",\"analysisAccess\":\"READ_ONLY\",\"usernameAccess\":\"READ_ONLY\",\"adminAcctAccess\":\"NONE\",\"permissions\":[\"CUSTOM_URL_CAT\",\"ADVANCED_SETTINGS\",\"COMPLY\",\"FIREWALL_DNS\",\"SECURE\",\"SSL_POLICY\",\"VZEN_CONFIGURATION\",\"PARTNER_INTEGRATION\",\"LOCATIONS\",\"VPN_CREDENTIALS\",\"HOSTED_PAC_FILES\",\"EZ_AGENT_CONFIGURATIONS\",\"SECURE_AGENT_NOTIFICATIONS\",\"AUTHENTICATION_SETTINGS\",\"USER_MANAGEMENT\",\"IDENTITY_PROXY_SETTINGS\",\"APIKEY_MANAGEMENT\",\"OVERRIDE_EXISTING_CAT\",\"REMOTE_ASSISTANCE_MANAGEMENT\"],\"logsLimit\":\"UNRESTRICTED\",\"roleType\":\"ORG_ADMIN\"},\"headers\":{\"cookie\":\"<<CREDENTIAL.zscaler>>\"}}","position":{"x":735,"y":1215},"type":"httpRequest","timeSavedUnit":"minutes","timeSavedValue":0,"monitorAllEvents":false,"monitorFailures":false,"monitorNoEventsEmitted":null,"recordType":null,"recordWriters":[],"form":null,"cardIconName":"httpRequest","createdFromTemplateGuid":"8eed5d2f44abb9a27905037f99400921a997b97b4d2639374ca915aa3ebc4560","createdFromTemplateVersion":null,"originStoryIdentifier":"cloud:aa47f8215c6f30a0dcdb2a36a9f4168e:d4c15df0f02ba4789095426607003199"}],"links":[],"diagramNotes":[]}
Related Articles
CarbonBlack Authentication Guide
WatchGuard Authentication Guide
Cribl Authentication Guide
Malwarebytes Authentication Guide
Did this answer your question?