You can track API usage by a user without the need to provide user credentials such as the username and password.
API usage can be tracked using the X-Powered-By HTTP header which includes a unique ID generated for each subscription and a unique ID generated for each user. Once enabled, the X-Powered-By HTTP header is returned for each API request made by a user. The X-Powered-By HTTP header will be returned for both valid and invalid requests. However, it will not be returned if an invalid URL is hit or when user authentication fails.
Contact Qualys Support to get the X-Powered-By HTTP header enabled.
The X-Powered-By header is returned in the following format:
X-Powered-By: Qualys:<POD_ID>:<SUB_UUID>:<USER_UUID>
where,
- POD_ID is the shared POD or a PCP. Shared POD is USPOD1, USPOD2, etc.
- SUB_UUID is the unique ID generated for the subscription
- USER_UUID is the unique ID generated for the user. You can use the USER_UUID to track API usage per user.
Sample X-Powered-By header
X-Powered-By: Qualys:QAPOD4SJC:f972e2cc-69d6-7ebd-80e67b9a931475d8:06198167-43f3-7591-802a-1c400a0e81b1
Here are sample outputs showing the X-Powered-By HTTP header.
Sample output for VM, PC
...
< HTTP/1.1 200 OK
< Date: Thu, 14 Sep 2017 09:11:21 GMT
< Server: Qualys < X-XSS-Protection: 1
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< X-Powered-By: Qualys:USPOD1:d9a7e94c-0a9d-c745-82e9980877cc5043:f178af1e-4049-7fce-81ca-75584feb8e93
< X-RateLimit-Limit: 300
< X-RateLimit-Window-Sec: 3600
< X-Concurrency-Limit-Limit: 500
< X-Concurrency-Limit-Running: 0
< X-RateLimit-ToWait-Sec: 0
< X-RateLimit-Remaining: 298
< X-Qualys-Application-Version: QWEB-8.11.0.0-SNAPSHOT20170914072818#4205
< X-Server-Virtual-Host: qualysapi.qualys.com
< X-Server-Http-Host: qualysapi.qualys.com
< Transfer-Encoding: chunked < Content-Type: text/xml;charset=UTF-8
...
Sample output for other Qualys apps
...
229HTTP/1.1 200 OK
X-Powered-By: Qualys:QAPOD4SJC:f972e2cc-69d6-7ebd-80e67b9a931475d8:06198167-43f3-7591-802a-1c400a0e81b1
Content-Type: application/xml
Transfer-Encoding: chunked
Date: Mon, 04 Dec 2017 05:36:29 GMT
Server: Apache
LBDEBUG: NS=10.44.1.12,SERVER=10.44.77.81:50205,CSW=cs-p04-qualysapi443,VSERVER=vs-p04-papi-80,ACTIVE-SERVICES=2,HEALTH=100
...