Company logoHelp Center
Visit www.threatlocker.com

/portalAPI/ApprovalRequest/*

9 min. readlast update: 02.26.2025

This article will encompass all portalAPI calls that are related to /portalAPI/ApprovalRequest/* endpoints

 

Be sure to input the instance your organization exists on for each call. This is indicated with the "INSTANCE" text in each endpoint. Linked here is a KB to find your instance: 

Locating Your Organization's Instance | ThreatLocker Help Center

 

For more information on use cases and examples of processing Application Control Approval Requests through API, see this KB article:

Processing Application Control Approval Requests through API | ThreatLocker Help Center

 

ApprovalRequestGetFileDownloadDetailsById

https://portalapi.INSTANCE.threatlocker.com/portalapi/ApprovalRequest/ApprovalRequestGetFileDownloadDetailsById

  • Method: GET
  • Description: This API is used to get the file download details for a requested file when clicking on an Application Control Approval Request in the Response Center of the ThreatLocker Portal. This API returns the filename and the fileUrl which can be used to download the file directly. Be sure to get the full filename in the URL when using this API to download the file. If looking to get the file download details from an Approval Request in a different organization than the currently logged in/managed organization, utilize the managedOrganizationId header as described below.
  • Required Body/Parameters
    • Valid APIKey/Authorization Token in header
    • approvalRequestId: This field determines what file information will be returned based on what was requested in the supplied Approval Request.
      • Expects: <GUID> in format "00000000-0000-0000-0000-000000000000"
  • Optional Body/Parameters
    • In header: "managedOrganizationId": <GUID> in format "00000000-0000-0000-0000-000000000000"
  • Permissions Needed for User
    • Approve for Entire Organization
    • Approve for Group
    • Approve for Single Computer
    • Approve for Single Computer Application Only
    • View Approvals

 

ApprovalRequestGetPermitApplicationById

https://portalapi.INSTANCE.threatlocker.com/portalapi/ApprovalRequest/ApprovalRequestGetPermitApplicationById

  • Method: GET
  • Description: This API is used when clicking on an Application Control Approval Request in the Response Center of the ThreatLocker Portal. This API gets all the information related to the request itself, including all the id values and the formatted json field needed to utilize the ApprovalRequestPermitApplication endpoint. If looking to view an Approval Request from a different organization than the currently logged in/managed organization, utilize the managedOrganizationId header as described below.
    • statusId: This is one of the fields returned by this API and is used to determine the status of the request. Listed below are the Integer values that will be displayed and the corresponding status of each value.
      • Pending = 1
      • Ignored = 10
      • Approved = 4
      • Self-Approved = 16
      • Not Learned = 6
      • Added to Application = 12
      • Escalated from the Cyber Heroes = 13
  • Required Body/Parameters
    • Valid APIKey/Authorization Token in header
    • approvalRequestId: <GUID> in format "00000000-0000-0000-0000-000000000000"
  • Optional Body/Parameters
    • In header: "managedOrganizationId": <GUID> in format "00000000-0000-0000-0000-000000000000"
  • Permissions Needed for User
    • Approve for Entire Organization
    • Approve for Group
    • Approve for Single Computer
    • Approve for Single Computer Application Only
    • View Approvals

 

ApprovalRequestGetByParameters

https://portalapi.INSTANCE.threatlocker.com/portalapi/ApprovalRequest/ApprovalRequestGetByParameters

  • Method: POST
  • Description: This API is used on the Approval tab in the Response Center page in the ThreatLocker Portal to display all the Approval Requests in an organization. By default in the Portal, this API will get a list of all the pending requests, including requests from Application Control, Elevation Control, and Storage Control. If looking to view Approval Requests only for a different organization than the currently logged in/managed organization, utilize the managedOrganizationId header as described below. Various fields are described below that can be changed to search and sort like you can on the Response Center page itself in the Portal.
  • Required Body/Parameters
    • Fields
      • statusId: This field is used to determine the status of the requests you want to view. This field expects one of the following Integer values to be entered.
        • Pending = 1
        • Ignored = 10
        • Approved = 4
        • Self-Approved = 16
        • Not Learned = 6
        • Added to Application = 12
        • Escalated from the Cyber Heroes = 13
      • pageNumber and pageSize: This value determines how many Approval Requests will be returned as if the response was on the Response Center page. However, this field does not follow the same conventions of the pageNumber and pageSize values as the Portal does (pageSize in the Portal is 25, 50, or 100). Any valid integer can be entered and it will return in the selected formatting. For instance, if there are 5 requests to be returned but “pageNumber” : 1 and “pageSize” : 2, 2 entries will be returned per page and the first two requests will be shown.
        • Expects: An Integer value
    • Required body
{
"statusId": <Integer>,
"pageNumber": <Integer>,
"pageSize": <Integer>
}
  • Optional Body/Parameters
    • In header: "managedOrganizationId": <GUID> in format "00000000-0000-0000-0000-000000000000"
    • Fields
      • searchText: This field allows you to search through the list of your Approval Requests by inputting text/details you want to search for. This can be used to search based on a partial or full hostname, a partial or full username, or a partial or full file path. Anything that can be searched using the search bar on the Approval tab of the Response Center page can be entered into this field and returned.
        • Expects: Any text input
      • showChildOrganizations: This field will determine whether the requests from all child organizations will be returned or not. When set to true, all requests from all child organizations, including grandchild organizations, will be returned. When set to false, just the requests from the currently managed organization will be returned, typically this will be the parent organization.
        • Expects: true or false
      • orderBy: This field will order the requests that are shown based on the isAscending field (defaults to true) and the text entered below. This field expects the text from one of the below options to be entered exactly as they appear. From the options below, the username corresponds to the Hostname/Username column in the ThreatLocker Portal and the actiondate corresponds to the Last Updated column in the ThreatLocker Portal.
        • username
        • devicetype
        • actiontype
        • path
        • actiondate
        • datetime
      • isAscending: This field determines the order the requests are returned/shown. When isAscending is true, the requests will be returned in decreasing order, from high to low, based on the orderBy field utilized. When isAscending is false, the requests will be returned in increasing order, from low to high, based on the orderBy field utilized.
        • Expects: true or false
    • Optional body
{
"statusId": <Integer>,
"searchText": "<String>",
"showChildOrganizations": <Boolean>,
"orderBy": "<String>",
"isAscending": <Boolean>,
"pageSize": <Integer>,
"pageNumber": <Integer>
}
  • Permissions Needed for User
    • Approve for Entire Organization
    • Approve for Group
    • Approve for Single Computer
    • Approve for Single Computer Application Only
    • View Approvals
    • Elevation Administrator (User)

 

ApprovalRequestGetCount

https://portalapi.INSTANCE.threatlocker.com/portalapi/ApprovalRequest/ApprovalRequestGetCount

  • Method: GET
  • Description: This API is used when initially clicking on the Response Center page in the ThreatLocker Portal to get the number of Approval Requests with a status of "Pending" for the organization. Note that this API will only get the count of Approval Requests that have a status of "Pending" and return it as an Integer. If looking to get the "Pending" Approval Request count from only a different organization than the currently logged in/managed organization, utilize the managedOrganizationId header as described below.
  • Required Body/Parameters
    • Valid APIKey/Authorization Token in header
    • includeChildOrganizations: This field determines whether the "Pending" Approval Request count from child organizations, including grandchild organizations, will be included in the count of requests that is returned.
      • Expects: true or false
  • Optional Body/Parameters
    • In header: "managedOrganizationId": <GUID> in format "00000000-0000-0000-0000-000000000000"
  • Permissions Needed for User
    • Approve for Entire Organization
    • Approve for Group
    • Approve for Single Computer
    • Approve for Single Computer Application Only
    • View Approvals
    • Elevation Administrator (User)

 

ApprovalRequestAuthorizeForPermitById

 

In order to use this API, your organization needs the "Cyber Hero Management" product enabled. In addition, only Approval Requests related to an Application Control Approval Request that have an "execute" action type are able to be authorized to permit since the Cyber Hero Team only processes Application Control Approval Requests with the "execute" action type.

 

https://portalapi.INSTANCE.threatlocker.com/portalapi/ApprovalRequest/ApprovalRequestAuthorizeForPermitById

  • Method: POST
  • Description: This API is used in relation to when an Application Control Approval Request is evaluated by the Cyber Hero Management Team and the Approval Request is then escalated at their discretion for further investigation to a ThreatLocker customer administrator in the organization. Inside the email that is sent containing the escalation details, there is a button titled "Authorize Cyber Heroes to Permit." When clicking this button, this API is called to designate the Approval Request as ok to permit, per any additional instructions specified in the message. If there is need to authorize to permit an Approval Request from a different organization than the currently logged in/managed organization, utilize the managedOrganizationId header as described below.
  • Required Body/Parameters
    • Valid APIKey/Authorization Token in header
    • Field
      • approvalRequestId: This field determines which Approval Request will be authorized to permit by the Cyber Hero Team.
        • Expects: <GUID> in format "00000000-0000-0000-0000-000000000000"
    • Required body
{
"approvalRequestId": "00000000-0000-0000-0000-000000000000",
}
  • Optional Body/Parameters
    • In header: "managedOrganizationId": <GUID> in format "00000000-0000-0000-0000-000000000000"
    • Field
      • message: This field determines what message/instructions will be displayed to the Cyber Hero Team in the "Ticket Details -> Comments" section of the Approval Request.
        • Expects: Any text input
    • Optional body
{
"approvalRequestId": "00000000-0000-0000-0000-000000000000",
"message": "<String>"
}
  • Permissions Needed for User
    • Approve for Entire Organization
    • Approve for Group
    • Approve for Single Computer
    • Approve for Single Computer Application Only
Was this article helpful?