Exporting logs using Export API

The Export API allows tenants to export all logs generated within Forcepoint. This section explains how tenants can utilize the Insights API to export data.

Prerequisites

  1. Tenant must be registered on the platform and have access to the tenant portal.
  2. Tenant must have an API Key generated on the Platform UI.

Integrations

Steps to utilize the Export API in a custom Export Script:

  1. Generate an access token.
  2. Export data.

Generating an access token

To call the export API, generate an access token by sending a POST request to the platform API at /api/apikeys/token with the API key in the X-API-KEY header.

The generated access key is valid for 3600 seconds.
curl --location --request POST 'https://portal.forcepointone.com/api/apikeys/token' \
--header 'X-API-KEY: ****API_KEY****'

Export Data

You can use the access key generated in step 1 to access the Export API: api/export/{{PPCODE}}/{{COLLECTION}}.
  • PPCODE options: SSE
  • Collection options: Admin,DLP,CASBInline,CASBAPI,SWG,Health,and ZTNA
curl --location 'https://tenant-test.insights.forcepointone.com/api/export/SSE/Admin' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer ****access_token****' \
--data '{
    "fields": [],
    "starttime": "2025-08-26 07:09:02",
    "offset": 1,
    "limit": 2000,
    "filters": {
    }
}'

fields - Specify the dimensions and measures you want to export. If left empty, all fields will be exported. For example: [{“name”:”eventTime”}].

starttime - A mandatory datetime indicating the start time for data export in UTC.

offset - offset for 24-hour window*.

limit - The total number of records to export, with a maximum of 2000 records per API request.

filters - Any filters to apply. For example: {“nxd”:{“eq”:[“ID-1”]}}, which returns all records where the nxd ID matches ID-1.
Note:
  1. Exported fields would contain property as sanitized “display name”, eg. nxd would be exported as requestid.
  2. Filters are supported on dimension and measure for string, numbers, enums, date, datetime, datatype. Filters do not support Array.
  3. Data is exported in 24 hours window (calculated based on starttime provided), and offset is valid only for this window. Pagination needs to build around this.
  4. Exported data are in ascending order i.e. oldest data first based on eventinsertedtime.
  5. Mapping sheet is available here.
  6. API documentation is available here.