The values returned by this Canarytokens API correspond to the kind parameter used to create
Canarytokens. As an example, if you wanted to create a Cloned Web Canarytoken, you would check the
response to this Canarytokens API and use cloned-web to define the Canarytoken type you wish to create.
GET /api/v1/canarytokens/list
Lists the available Canarytokens on your Canary Console.
Required Parameters
auth_tokenstring
A valid auth token
Response
A JSON structure with result indicator and Canarytokens information.
An image file for use with web-image tokens (request must be multipart/form-data encoded if parameter is present, required when using web-image)
cloned_webstring
Domain to check against (required when creating cloned-web tokens)
s3_source_bucketstring
S3 bucket to monitor for access (required when creating aws-s3 tokens)
s3_log_bucketstring
S3 bucket where logs will be stored (required when creating aws-s3 tokens)
aws_access_keystring
AWS Secret Access Key (required if automating creation of AWS S3 token)
aws_regionstring
AWS region (required if automating creation of AWS S3 token)
browser_scanner_enabledboolean
Defaults to: true
Enables a Javascript scanner to retrieve more information (only valid with 'http' Canarytokens)
browser_redirect_urlstring
Browser redirect URL is the URL you want your Canarytoken server to redirect attackers to after they have triggered your Canarytoken token (required when creating fast-redirect and slow-redirect tokens)
exestring
The Windows executable that you would like tokened (required when creating signed-exe tokens)
web_imagefile
Upload an Image file (jpeg or png) that will be displayed on the Canarytokens URL (required when creating web-image tokens) With curl use the following flag: -F 'web_image=@upload-me.png; type=image/png' for png files -F 'web_image=@upload-me.jpg; type=image/jpeg' for jpeg files
docfile
Upload MS Word Document to canarytoken; optionally used with MS Word Document (doc-msword) token. With curl use the following flag -F 'doc=@upload-me.docx; type=application/vnd.openxmlformats-officedocument.wordprocessingml.document'
pdffile
Upload PDF file to canarytoken; optionally used with Adobe PDF canarytoken (pdf-acrobat-reader). With curl use the following flag -F pdf=@upload-me.pdf; type=application/pdf
process_namestring
Name of the process you want to monitor (required when creating sensitive-cmd tokens)
azure_id_cert_file_namestring
Azure ID config will use this as the file path to the certificate (required when creating Azure ID tokens).
Response
A JSON structure with the created Canarytoken information.
Delete a Canarytoken. You'll need to delete all incidents on a token before you can delete the token itself. If there are still incidents attached to the token, you can specify `clear_incidents=true` to delete them all.
{"result":"success","token":{"canarytoken":"<token_code>","created":"1585947523.255526","created_printable":"2020-04-03 20:58:43 (UTC)","enabled":true,"flock_id":"flock:default","hostname":"<token_hostname>","key":"<token_key>","kind":"dns","memo":"Updated Example Memo","triggered_count":0,"updated_id":4,"url":"<token_url>"}}