Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.contraforce.com/llms.txt

Use this file to discover all available pages before exploring further.

The Partner API is deprecated and is no longer the supported integration path. New work should use the v2 API.
The Partner API was a single-purpose Sentinel-only integration surface served from https://api.contraforce.com/. It is being retired in favor of the v2 API, which:
  • Authenticates with Service Accounts instead of the legacy partner key flow.
  • Covers every SIEM source we support (Sentinel, Defender XDR, CrowdStrike, QRadar, Splunk, SentinelOne) under the same source-prefixed routes.
  • Returns RFC 7807 ProblemDetails for every error.
  • Is documented end-to-end on this site rather than out-of-band on GitHub.

Where to go next

Endpoint reference

Every v2 endpoint reachable by a service account, grouped by scope.

Object models

Request and response examples for the v2 API.

Error reference

Every error code, what triggers it, and how to resolve it.

Service accounts

Create the credentials that authenticate v2 API requests.
The legacy https://api.contraforce.com/oauth/token endpoint referenced in older documentation is not valid for the v2 API. Authenticate against https://portal.contraforce.com/api/v2/... using HTTP Basic with your service-account clientId / clientSecret.