Authentication

Requesting a Token

Obtain an access token using Request-FalconToken with your API Client ID and Secret. The module defaults to the us-1 cloud.

Request-FalconToken -ClientId $env:FALCON_CLIENT_ID -ClientSecret $env:FALCON_CLIENT_SECRET

Specifying a Cloud

Use the -Cloud parameter to target a different CrowdStrike cloud.

Request-FalconToken -ClientId $env:FALCON_CLIENT_ID -ClientSecret $env:FALCON_CLIENT_SECRET -Cloud us-2

Supported values: us-1, us-2, eu-1, us-gov-1.

Alternatively, use the -Hostname parameter to specify the full base URL directly.

Verifying a Token

Check whether an active token exists in the module cache.

Test-FalconToken

Returns a boolean status.

Revoking a Token

Remove the cached authorization token.

Revoke-FalconToken

Credential Security

Rather than hardcoding credentials, CrowdStrike recommends using Microsoft.PowerShell.SecretStore for secure credential storage. This cross-platform module allows you to vault API credentials and retrieve them programmatically.

Install-Module -Name Microsoft.PowerShell.SecretManagement, Microsoft.PowerShell.SecretStore -Scope CurrentUser
Register-SecretVault -Name SecretStore -ModuleName Microsoft.PowerShell.SecretStore -DefaultVault

Set-Secret -Name FalconClientId -Secret "your-client-id"
Set-Secret -Name FalconClientSecret -Secret "your-client-secret"

Request-FalconToken -ClientId (Get-Secret -Name FalconClientId -AsPlainText) -ClientSecret (Get-Secret -Name FalconClientSecret -AsPlainText)

Multi-CID Operations (MSSP / Flight Control)

In MSSP environments, use the -MemberCid parameter to target a specific child tenant.

Request-FalconToken -ClientId $env:FALCON_CLIENT_ID -ClientSecret $env:FALCON_CLIENT_SECRET -MemberCid "child-cid-here"

For iterating across multiple member CIDs, include a brief pause between authentication attempts to respect rate limits.

Cached tokens are automatically refreshed as needed during command execution.

Page Updated: v2.2