Enabling API access for Dark Web ID

This article explains how to enable and authenticate API access for Dark Web ID, specifically in environments where Require Log In with KaseyaOne is enabled.

The API authentication behavior described in this article is not related to K365 licensing. API authentication failures typically occur when:

Require Log In with KaseyaOne is enabled, and
The user does not yet have a Dark Web ID-specific password configured.

Who can access the API

Dark Web ID API access is available only to partner users. API access cannot be provided to SMB users.

Partner administrators control API access. By enabling the Permit access to web services option, administrators can grant API access to themselves and to other partner administrators or partner agents.

Where API access is enabled

The Permit access to web services option is available on the following pages:

My Account > My Settings
Create New User

Edit User

When Permit access to web services is selected for a user, the Help menu provides a link to the API Documentation.

IP address allowlisting requirements

When API access is enabled for a user, Dark Web ID requires IP allowlisting to control where API requests can originate.

To access the Dark Web ID API services, you must enter the public (external) IPv4 address from which the API requests will be made in the IP Address whitelist field.

These must be:

Static, publicly routable IPv4 addresses
The outbound (egress) IP address visible to Dark Web ID when the API request is received
Internal or private IP addresses (for example, 10.x.x.x, 192.168.x.x, or 172.16–31.x.x) are not supported and will not work for API allowlisting.

Example: If API requests originate from a system behind a firewall, proxy, or NAT gateway, use the external egress IP address of that network device or service, not the internal IP address of the host making the request.

Only IPv4 addresses are supported in the IP Address whitelist field.

API authentication requirements

To use the Dark Web ID API, a Dark Web ID-specific password is required.

This password is:

Separate from KaseyaOne authentication
Used only for Dark Web ID API access
Required even when Permit access to web services is enabled

If a user does not have a Dark Web ID-specific password configured, API authentication will fail.

In environments where Require Log In with KaseyaOne is enabled, this password cannot always be set directly using standard login flows.

Additional consideration: KaseyaOne-enabled users without required KaseyaOne login

In some environments, KaseyaOne may be enabled but not strictly required for all users.

In this scenario, a user may still be unable to authenticate to the Dark Web ID API even when API access has been configured.

Suggested approach

If API authentication continues to fail in this configuration, consider using a dedicated user for API access:

Create a separate user with an email address not associated with KaseyaOne authentication
Enable Permit access to web services for that user
Configure the required Dark Web ID-specific password
Add the required IP address to the IP Address whitelist

This approach isolates API authentication from KaseyaOne login behavior.

KaseyaOne-enforced login and User Overrides

When Require Log In with KaseyaOne is enabled, authentication behavior in Dark Web ID changes in ways that affect API configuration.

If Require Log In with KaseyaOne is enabled, interactive login to Dark Web ID is handled exclusively through KaseyaOne.

As a result, users authenticated only through KaseyaOne cannot directly set or manage a Dark Web ID–specific password. User Overrides provide a controlled way to temporarily bypass this limitation for configuration purposes.

To select a user in the User Overrides section, Require Log In with KaseyaOne must be enabled.

Using User Overrides to set a Dark Web ID API password

When a Dark Web ID–specific password cannot be set directly due to KaseyaOne‑enforced login, User Overrides can be used temporarily to allow the password to be created.

Adding a user to User Overrides

Log in to Dark Web ID at https://secure.darkwebid.com/
Click your profile icon in the upper‑right corner and select Organization Settings.
Select the KaseyaOne tab.
Confirm that Require Log In with KaseyaOne is enabled.
In the User Overrides section, select the user.

The integration now allows additional authentication steps.

Setting the Dark Web ID–specific password

After the user is added to User Overrides:

Use the Forgot Password option on the Dark Web ID login page.
Set a Dark Web ID–specific password.
Use this password for Dark Web ID API authentication.

Optional cleanup for strict KaseyaOne‑only environments

If the organization requires exclusive KaseyaOne login with no long‑term overrides:

The user can be removed from User Overrides after the Dark Web ID password is set.
The user can continue using the Dark Web ID API with the previously created Dark Web ID password.
On interactive login, the user will still be redirected to KaseyaOne.

This approach allows:

API access using the Dark Web ID password
Continued enforcement of KaseyaOne authentication for UI access

Key takeaways

Permit access to web services enables API access but does not replace authentication requirements.
The Dark Web ID API requires a Dark Web ID–specific password, even when KaseyaOne is used.
Require Log In with KaseyaOne controls login behavior and must be enabled to manage User Overrides.
User Overrides can be used temporarily to set the required API password without relaxing long‑term KaseyaOne enforcement.
In environments where KaseyaOne is enabled but not required for all users, API authentication may still be affected. A dedicated API-only user may be required.

	Need help? Submit a Kaseya Helpdesk request.
	Want to talk about it? Head over to Kaseya Community.
	Have a new feature idea? Visit the Kaseya Ideas portal.
	Provide feedback for the Documentation team.