Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

so i am looking at using an api gateway to allow off network hosts to still check into fleet hosted internally. Im aware that after the initial enrollment clients use the node key for future auths to fleet. What api endpoint / path does the client use to pass that key? Hoping to see if I can only permit access thru the gateway if that secret is known?

Thanks

<https://fleetdm.com/guides/what-api-endpoints-to-expose-to-the-public-internet#basic-article>

just curious why /api/v1/fleet isnt on this list i see it referenced quite a bit in other docs/configs ive seen... is there something im missing here?

directionally this is helpful... but id like to do some additional security where possible to ensure only my clients are able to hit my api gateway... since mtls is for fleet premium. was curious if theres a way to have the clients send a custom token of some sort in the header

I see `/api/v1/fleet/*` under "Using fleetctl CLI from outsite (sp) of your network". I'll file a pr for the typo :wink: