{"id":2906,"library":"crowdstrike-falconpy","title":"CrowdStrike FalconPy SDK","description":"CrowdStrike FalconPy is the official Python SDK for interacting with CrowdStrike Falcon APIs. It provides a standardized way to access various CrowdStrike services, enabling automation and integration. The library is currently at version 1.6.1 and receives frequent updates, typically focusing on new API operations, bug fixes, and minor enhancements.","status":"active","version":"1.6.1","language":"en","source_language":"en","source_url":"https://github.com/CrowdStrike/falconpy/tree/main/src/falconpy","tags":["security","crowdstrike","api-client","sdk","devsecops"],"install":[{"cmd":"pip install crowdstrike-falconpy","lang":"bash","label":"Install latest version"}],"dependencies":[],"imports":[{"note":"The primary API client is directly exposed under the top-level 'falconpy' package, not within submodules like 'api_harness'.","wrong":"from falconpy.api_harness import APIHarness","symbol":"APIHarness","correct":"from falconpy import APIHarness"},{"note":"Service classes like 'HostGroup' are also directly exposed at the top-level package.","symbol":"HostGroup","correct":"from falconpy import HostGroup"}],"quickstart":{"code":"import os\nfrom falconpy import APIHarness\n\n# Retrieve credentials from environment variables\nclient_id = os.environ.get('FALCON_CLIENT_ID', '')\nclient_secret = os.environ.get('FALCON_CLIENT_SECRET', '')\nbase_url = os.environ.get('FALCON_BASE_URL', 'https://api.crowdstrike.com')\n\nif not client_id or not client_secret:\n    print(\"Please set FALCON_CLIENT_ID and FALCON_CLIENT_SECRET environment variables.\")\nelse:\n    try:\n        # Initialize the APIHarness client\n        falcon = APIHarness(client_id=client_id, \n                            client_secret=client_secret, \n                            base_url=base_url)\n        \n        # Example: Get the Customer ID (CID)\n        response = falcon.get_cid()\n        \n        if response['status_code'] == 200:\n            print(f\"Successfully connected. Customer ID: {response['body']['cid']}\")\n        else:\n            print(f\"Error getting CID: {response['status_code']} - {response.get('body', {}).get('errors', 'Unknown error')}\")\n            \n    except Exception as e:\n        print(f\"An unexpected error occurred: {e}\")","lang":"python","description":"This quickstart demonstrates how to initialize the FalconPy APIHarness client using environment variables for authentication and retrieve the CrowdStrike Customer ID (CID). It highlights the recommended practice of externalizing credentials and includes basic error handling for API responses."},"warnings":[{"fix":"Upgrade your Python environment to version 3.8 or newer before upgrading to FalconPy v1.6.0+.","message":"Python 3.7 support was dropped in FalconPy v1.6.0. Projects using Python 3.7 or older will fail to install or run this version.","severity":"breaking","affected_versions":">=1.6.0"},{"fix":"Always refer to the official CrowdStrike API documentation for the latest operation names and best practices. Monitor release notes for deprecated operations and update your code accordingly.","message":"Specific API operations are periodically deprecated or replaced. For example, `combinedUserRolesV1` was deprecated in v1.5.1 in favor of `CombinedUserRolesV2`.","severity":"deprecated","affected_versions":">=1.5.1"},{"fix":"Explicitly pass the `base_url` argument to your `APIHarness` or service class initializer, e.g., `APIHarness(..., base_url='https://api.eu-1.crowdstrike.com')`.","message":"The `base_url` parameter must be set correctly for your CrowdStrike cloud region (e.g., api.us-1.crowdstrike.com, api.eu-1.crowdstrike.com). The default is `https://api.crowdstrike.com` (US-1).","severity":"gotcha","affected_versions":"All versions"},{"fix":"After any API call, inspect `response['status_code']` and `response.get('body', {}).get('errors')` to ensure both HTTP and application-level success.","message":"API responses should always be checked for `status_code` and the presence of an `errors` key in the response body. A successful HTTP status code (e.g., 200) does not always guarantee the absence of application-level errors.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Consult the `falconpy` release notes and the CrowdStrike API documentation when upgrading to ensure you are using the correct service class and operation names for your version.","message":"Service collection names and their associated operations can change over time. For example, 'Compliance Assessments' was renamed to 'Container Image Compliance' in v1.4.9.","severity":"gotcha","affected_versions":"All versions, especially major/minor updates"}],"env_vars":null,"last_verified":"2026-04-11T00:00:00.000Z","next_check":"2026-07-10T00:00:00.000Z"}