From rocketcyber
Provides patterns for RocketCyber API v3: Bearer token auth, regional base URLs, pagination, rate limiting, error handling, and provider-customer account hierarchy.
How this skill is triggered — by the user, by Claude, or both
Slash command
/rocketcyber:api-patternsWhen to use
When working with authentication, Bearer token flow, base URL selection, pagination, rate limiting, error handling, and account hierarchy in the RocketCyber API. Use when: rocketcyber api, rocketcyber authentication, rocketcyber query, rocketcyber pagination, rocketcyber rate limit, rocketcyber token, rocketcyber base url, or soc api.
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
The RocketCyber REST API v3 provides programmatic access to managed SOC data including security incidents, agents, accounts, applications, and threat events. This skill covers authentication, endpoint patterns, pagination, error handling, and account hierarchy navigation.
The RocketCyber REST API v3 provides programmatic access to managed SOC data including security incidents, agents, accounts, applications, and threat events. This skill covers authentication, endpoint patterns, pagination, error handling, and account hierarchy navigation.
RocketCyber uses Bearer token authentication. The API key is generated per provider account and grants access to all customer sub-accounts under that provider.
┌─────────────┐ API Request with Bearer Token ┌─────────────────┐
│ Client │ ──────────────────────────────────> │ RocketCyber │
│ │ Authorization: Bearer {key} │ API v3 │
│ │ <──────────────────────────────────── │ │
└─────────────┘ JSON Response └─────────────────┘
Token characteristics:
The API base URL is region-specific:
| Region | Base URL |
|---|---|
| US (default) | https://api-us.rocketcyber.com/v3 |
Note: Additional regional endpoints may exist. Verify with RocketCyber documentation if operating outside the US.
RocketCyber uses a provider-customer hierarchy:
Provider Account (your MSP)
├── Customer Account A
├── Customer Account B
├── Customer Account C
└── ...
accountId to scope to a specific customeraccountId typically returns data across all customer accounts| Header | Value | Description |
|---|---|---|
Authorization | Bearer {api_key} | Required. API authentication token |
Content-Type | application/json | Required for POST/PUT/PATCH requests |
| Parameter | Type | Description |
|---|---|---|
accountId | integer | Filter results to a specific customer account |
page | integer | Page number for paginated results (verify against API docs) |
limit | integer | Number of results per page (verify against API docs) |
startDate | string | Filter by start date (ISO 8601 format, verify against API docs) |
endDate | string | Filter by end date (ISO 8601 format, verify against API docs) |
# Verify API key is valid by listing accounts
curl -s "https://api-${ROCKETCYBER_REGION:-us}.rocketcyber.com/v3/accounts" \
-H "Authorization: Bearer ${ROCKETCYBER_API_KEY}" \
-H "Content-Type: application/json"
Success Response (200):
{
"data": [
{
"id": 12345,
"name": "Acme Corporation",
"type": "customer",
"status": "active"
}
],
"totalCount": 1,
"page": 1,
"limit": 50
}
Pagination likely follows a page/limit model (verify against API docs):
# First page
curl -s "https://api-us.rocketcyber.com/v3/incidents?page=1&limit=50" \
-H "Authorization: Bearer ${ROCKETCYBER_API_KEY}"
# Next page
curl -s "https://api-us.rocketcyber.com/v3/incidents?page=2&limit=50" \
-H "Authorization: Bearer ${ROCKETCYBER_API_KEY}"
Pagination response fields (verify against API docs):
{
"data": [...],
"totalCount": 245,
"page": 1,
"limit": 50
}
Iterating all pages:
totalCount against page * limitMost endpoints accept accountId to scope results:
# Incidents for a specific customer
curl -s "https://api-us.rocketcyber.com/v3/incidents?accountId=12345" \
-H "Authorization: Bearer ${ROCKETCYBER_API_KEY}"
# Agents for a specific customer
curl -s "https://api-us.rocketcyber.com/v3/agents?accountId=12345" \
-H "Authorization: Bearer ${ROCKETCYBER_API_KEY}"
| Code | Meaning | Resolution |
|---|---|---|
| 200 | Success | Request completed |
| 400 | Bad Request | Check query parameters and request body |
| 401 | Unauthorized | Verify API key is correct and not revoked |
| 403 | Forbidden | API key may lack permissions for this resource |
| 404 | Not Found | Resource does not exist or invalid endpoint |
| 429 | Too Many Requests | Rate limited -- back off and retry |
| 500 | Internal Server Error | RocketCyber server error -- retry with backoff |
{
"error": {
"code": 401,
"message": "Unauthorized: Invalid API key"
}
}
Rate limits are not publicly documented. Use conservative backoff:
| Error | Cause | Fix |
|---|---|---|
| 401 Unauthorized | Invalid or expired API key | Regenerate key in Provider Settings > API |
| 403 Forbidden | Key lacks access to resource | Verify provider account has the required subscription |
| Empty response for accountId | Account does not exist or has no data | Verify account ID with accounts endpoint |
All endpoints are relative to https://api-{region}.rocketcyber.com/v3.
| Method | Endpoint | Description |
|---|---|---|
| GET | /accounts | List all accounts (verify against API docs) |
| GET | /accounts/{id} | Get account by ID (verify against API docs) |
| GET | /incidents | List incidents with filters (verify against API docs) |
| GET | /incidents/{id} | Get incident details (verify against API docs) |
| GET | /agents | List agents with filters (verify against API docs) |
| GET | /agents/{id} | Get agent details (verify against API docs) |
| GET | /apps | List applications (verify against API docs) |
| GET | /defender | Defender status per endpoint (verify against API docs) |
| GET | /events | Threat events and detection logs (verify against API docs) |
Important: Endpoint paths are inferred from the Celerium PowerShell wrapper and may differ from the actual API. Verify each endpoint against current RocketCyber API documentation before use in production.
npx claudepluginhub wyre-technology/msp-claude-plugins --plugin rocketcyberManages RocketCyber account hierarchy, including provider/customer CRUD, sub-account navigation, and security policy configuration for MSP environments.
Provides patterns for the Huntress MCP API including authentication, pagination, rate limiting, and error handling. Activates when working with Huntress tools or API.
Authenticates, paginates, filters (OData), and handles errors for the ConnectWise Automate REST API. Covers token management and best practices for integrations.