End-of-Life (EoL)

Main Account to Tenant Communication Encryption

In a multi-tenant deployment, communication is predominately from the main machine to the host machine, and then from the host to the tenants, unless when a host is first registered (communication from the host to the main machine).
Two-way communication should always be available between the main account and tenant account so that replies can be sent from the tenant account to the main account.


By default, requests are encrypted using TLS using a Cortex XSOAR self-signed certificate. You can replace the certificate by creating your own certificate and private key.

Validation and authorization

Cortex XSOAR uses an internal API key so that the tenants or hosts can verify that the request originates from a main account and not from an unauthorized third party. An internal API key is used in all communications, which is kept on the main account, and is passed to the tenants or host when they created. The internal API key is created for hosts on installer creation, and for tenants when they are created.
Requests that require authorization (such as a user wanting to view incidents from the main account) the user details are passed down in requests, so the tenant can decipher and query them.


API keys are created by Cortex XSOAR. Requests are sent from an external source, which is received by Cortex XSOAR (usually a tenant) and interpreted as a request from an administrator. In multi-tenant environments, you need to consider where to create the API key.
  • If created on a main account, it will propagate to all tenants, so anyone with that key can send requests to any tenant in the environment.
  • If created on a tenant, you can only send requests to that tenant.

Recommended For You