Exporting logs using Export API
The Export API allows tenants to export all logs generated within Forcepoint. This section explains how tenants can utilize the Insights API to export data.
Prerequisites
- Tenant must be registered on the platform and have access to the tenant portal.
- Tenant must have an API Key generated on the Platform UI.
Integrations
Steps to utilize the Export API in a custom Export Script:
- Generate an access token.
- Export data.
Generating an access token
To call the export API, generate an access token by sending a POST request to the platform API at /api/apikeys/token
with the API key in the X-API-KEY
header.
The generated access key is valid for 3600
seconds.
curl --location --request POST 'https://portal.forcepointone.com/api/apikeys/token' \
--header 'X-API-KEY: ****API_KEY****'
Export Data
You can use the access key generated in step 1 to access the Export API:
api/export/{{PPCODE}}/{{COLLECTION}}
.- PPCODE options:
SSE
- Collection options:
Admin,DLP,CASBInline,CASBAPI,SWG,Health,and ZTNA
curl --location 'https://tenant-test.insights.forcepointone.com/api/export/SSE/Admin' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer ****access_token****' \
--data '{
"fields": [],
"starttime": "2025-08-26 07:09:02",
"offset": 1,
"limit": 2000,
"filters": {
}
}'
fields - Specify the dimensions and measures you want to export. If left empty, all fields will be exported. For example: [{“name”:”eventTime”}]
.
starttime - A mandatory datetime indicating the start time for data export in UTC.
offset - offset for 24-hour window*.
limit - The total number of records to export, with a maximum of 2000 records per API request.
filters - Any filters to apply. For example:
{“nxd”:{“eq”:[“ID-1”]}}
, which returns all records where the nxd
ID matches
ID-1
.Note:
- Exported fields would contain property as sanitized “display name”, eg.
nxd
would be exported asrequestid
. - Filters are supported on dimension and measure for string, numbers, enums, date, datetime, datatype. Filters do not support Array.
- Data is exported in 24 hours window (calculated based on starttime provided), and offset is valid only for this window. Pagination needs to build around this.
- Exported data are in ascending order i.e. oldest data first based on
eventinsertedtime
. - Mapping sheet is available here.
- API documentation is available here.