Tracking API usage per user

You can track API usage by a user without the need to provide user credentials such as the username and password.

Optional X-Powered-By header

API usage can be tracked using the X-Powered-By HTTP header which includes a unique ID generated for each subscription and a unique ID generated for each user. Once enabled, the X-Powered-By HTTP header is returned for each API request made by a user. The X-Powered-By HTTP header will be returned for both valid and invalid requests. However, it will not be returned if an invalid URL is hit or when user authentication fails.

Contact Qualys Support to get the X-Powered-By HTTP header enabled.

The X-Powered-By header is returned in the following format:

X-Powered-By: Qualys:<POD_ID>:<SUB_UUID>:<USER_UUID>  

where,  

- POD_ID is the shared POD or a PCP. Shared POD is USPOD1, USPOD2, etc.

- SUB_UUID is the unique ID generated for the subscription

- USER_UUID is the unique ID generated for the user. You can use the USER_UUID to track API usage per user.  

Sample X-Powered-By header

X-Powered-By: Qualys:QAPOD4SJC:f972e2cc-69d6-7ebd-80e67b9a931475d8:06198167-43f3-7591-802a-1c400a0e81b1

Sample outputs

Here are sample outputs showing the X-Powered-By HTTP header.

Sample output for VM, PC

 ...

< HTTP/1.1 200 OK

< Date: Thu, 14 Sep 2017 09:11:21 GMT

< Server: Qualys < X-XSS-Protection: 1

< X-Content-Type-Options: nosniff

< X-Frame-Options: SAMEORIGIN

< X-Powered-By: Qualys:USPOD1:d9a7e94c-0a9d-c745-82e9980877cc5043:f178af1e-4049-7fce-81ca-75584feb8e93

< X-RateLimit-Limit: 300

< X-RateLimit-Window-Sec: 3600

< X-Concurrency-Limit-Limit: 500

< X-Concurrency-Limit-Running: 0

< X-RateLimit-ToWait-Sec: 0

< X-RateLimit-Remaining: 298

< X-Qualys-Application-Version: QWEB-8.11.0.0-SNAPSHOT20170914072818#4205

< X-Server-Virtual-Host: qualysapi.qualys.com

< X-Server-Http-Host: qualysapi.qualys.com

< Transfer-Encoding: chunked < Content-Type: text/xml;charset=UTF-8

...  

Sample output for other Qualys apps

...

229HTTP/1.1 200 OK

X-Powered-By: Qualys:QAPOD4SJC:f972e2cc-69d6-7ebd-80e67b9a931475d8:06198167-43f3-7591-802a-1c400a0e81b1

Content-Type: application/xml

Transfer-Encoding: chunked

Date: Mon, 04 Dec 2017 05:36:29 GMT

Server: Apache

LBDEBUG: NS=10.44.1.12,SERVER=10.44.77.81:50205,CSW=cs-p04-qualysapi443,VSERVER=vs-p04-papi-80,ACTIVE-SERVICES=2,HEALTH=100

...