Configure a ThreatConnect API user to enable secure threat-intelligence ingestion into AiStrike, using an API Access ID + Secret Key or an API Token.
Prerequisites
-
Administrator access to ThreatConnect Organization Settings.
-
An AiStrike tenant ready to accept API-based threat-intel ingestion.
-
Network connectivity between AiStrike and ThreatConnect API endpoints.
Step 1: Create an API user
-
In the ThreatConnect Console, go to Settings > Org Settings.
-
On the Membership tab, click Create API User.
-
Provide identifiable details (e.g. AiStrike / Integration) and set the System Role — Api User for standard v2/v3 access, or Exchange Admin for full access. Set an Organization Role (e.g. Standard User) and optional token expiration.
Step 2: Generate authentication
-
Access ID + Secret Key: record the Secret Key immediately (not shown again), then click Save.
-
API Token: click Save User and Generate Token; a token is generated per the expiration settings.
Step 3: Configure in AiStrike
Go to Integrations → ThreatConnect and enter:
-
API URL:
https://<your-threatconnect-instance>/api -
API Access ID and Secret Key
-
Organization Name (default API organization)
Save and test the connection.
Verify
GET /api/v3/victims HTTP/1.1
Host: <your-threatconnect-instance>
Authorization: TC-Token <your-api-token>
Content-Type: application/json
A JSON response (a list of victims or an empty dataset) confirms the connection is valid.