{% hint style="info" %} If you’re new to integrations in Rewst, read through our introductory integration documentation here. {% endhint %}
Our Huntress integration enables the automation of threat detection and response. Use the Huntress API within Rewst to manage incident reports and billing, and access detailed data for organizations and agents.
{% hint style="info" %} To enable the REST API Within your Huntress Account you may need to contact Huntress support.. You can find more about this process here. {% endhint %}
- Log in to your Huntress account.
- Click
> API Credentials. - Click +Add under User API Credentials. This will open a new dialog.
- Ensure that the correct user is selected, then click Create.

- Copy both the API key and API secret and store them somewhere secure. You'll need this information for further steps in Rewst. Note that after you close the dialog that contains these values, you won't be able to see them again.
Follow the below steps to configure a new integration:
- Navigate to Marketplace > Integrations in the left side menu of your Rewst platform.
- Search for
Huntressin the integrations page. - Click on the integration tile to launch the configuration setup page.

- Under Parameters, enter the information copied from Huntress into its relevant fields:
- Private API Key
- Public API Key
- Click Save Configuration.
- Rewst will do a quick validation of your input. Once completed, you'll see a new section beneath the configuration form for organization mapping. Complete your mapping as desired.
{% hint style="success" %} Got an idea for a new Integration? Rewst is constantly adding new integrations to our integrations page. Submit your idea or upvote existing ideas here in our Canny feedback collector. {% endhint %}
{% hint style="info" %} For more on how actions work in Rewst, check out our introductory actions documentation here. {% endhint %}
| Description | Method | Endpoint |
|---|---|---|
| List organizations | GET | /v1/organizations |
| List agents | GET | /v1/agents |
| List billing reports | GET | /v1/billing_reports |
| List reports | GET | /v1/reports |
| List incident reports | GET | /v1/incident_reports |
| List memberships | GET | /v1/memberships |
| Get a specific organization | GET | /v1/organizations/{id} |
| Get a specific agent | GET | /v1/agents/{id} |
| Get a specific incident report | GET | /v1/incident_reports/{id} |
| Get a specific report | GET | /v1/reports/{id} |
| Get a specific billing report | GET | /v1/billing_reports/{id} |
| Get current account info (test action) | GET | /v1/account |
| Create a new account (reseller) | POST | /v1/accounts |
| Create a new organization | POST | /v1/organizations |
| Create org under a specific account | POST | /v1/accounts/{account_id}/organizations |
| Resolve an incident report | POST | /v1/incident_reports/{id}/resolution |
| Resolve incident report (reseller) | POST | /v1/accounts/{account_id}/incident_reports/{id}/resolution |
| Bulk approve remediations | POST | /v1/incident_reports/{id}/remediations/bulk_approval |
| Bulk approve remediations (reseller) | POST | /v1/accounts/{account_id}/incident_reports/{id}/remediations/bulk_approval |
| Bulk reject remediations | POST | /v1/incident_reports/{id}/remediations/bulk_rejection |
| Bulk reject remediations (reseller) | POST | /v1/accounts/{account_id}/incident_reports/{id}/remediations/bulk_rejection |
| Invite user to org/account | POST | /v1/memberships |
| Invite user (reseller) | POST | /v1/accounts/{account_id}/memberships |
| Resolve an escalation | POST | /v1/escalations/{id}/resolution |
| Permanently disable account (irreversible) | DELETE | /v1/accounts/{account_id} |
| Delete organization & uninstall agents | DELETE | /v1/organizations/{id} |
| Delete org (reseller) | DELETE | /v1/accounts/{account_id}/organizations/{id} |
| Delete a membership | DELETE | /v1/memberships/{id} |
| Delete membership (reseller) | DELETE | /v1/accounts/{account_id}/memberships/{id} |
| Generic authenticated API request | * | (any) |
Reply…Also send to squad-ecosystem