Skip to main content
Endpoint security integrations pull agent and coverage data from your protection platforms into MSP Recapp. Once synced, you can map which devices across your RMM or PSA have — or are missing — endpoint protection, helping you identify coverage gaps before they become incidents.
Endpoint security data in Recapp is used for coverage analysis. Recapp does not modify threat policies, quarantine files, or take any action inside your security platforms.

Available endpoint security integrations

Syncs: Agents, Threats, Applications, PoliciesSentinelOne connects via a management console API token. Recapp syncs your SentinelOne sites and their associated agents to give you full visibility into endpoint coverage.Required credentials
FieldDescription
Instance URLYour SentinelOne management console URL, e.g. https://usea1-xxx.sentinelone.net
API TokenYour SentinelOne API token — generated in Settings → Users → API Token Generation
Syncs: Organizations, AgentsHuntress is a managed detection and response (MDR) platform. Recapp connects via the Huntress API using a key and secret pair to sync your organizations and their agents.Required credentials
FieldDescription
API KeyYour Huntress API key, found in Settings → API Credentials in the Huntress dashboard
API SecretYour Huntress API secret from the same location
Syncs: Tenants, EndpointsSophos Central uses an OAuth 2.0 client credentials flow scoped to your MSP partner account. Recapp syncs your managed tenants and their associated endpoints.Required credentials
FieldDescription
Client IDYour Sophos Central API Client ID — create API credentials under Global Settings → API Credentials in the Sophos Central admin console
Client SecretYour Sophos Central API Client Secret from the same location
After a successful connection test, Recapp displays the detected account type, account ID, and data region. Confirm these match your Sophos Central partner account before saving.
Syncs: Endpoints, Threats, Console UsersWebroot connects via the Webroot Unity API, which requires five separate credentials: a login email, password, OAuth client ID, client secret, and a GSM keycode.Required credentials
FieldDescription
Username (Email)Your Webroot GSM console login email
PasswordYour Webroot GSM console password
Client IDYour Webroot Unity API Client ID
Client SecretYour Webroot Unity API Client Secret
GSM Key (Keycode)Your GSM keycode — found under Account Settings in the Webroot GSM Console
Syncs: Agents, Sites, PoliciesThreatLocker is a zero-trust endpoint security platform. Recapp connects via the ThreatLocker Portal API using an API token. You can optionally specify your portal instance to target the correct regional endpoint.Required credentials
FieldDescription
Portal InstanceYour ThreatLocker instance letter (a–z), a hostname like portalapi.b, or a full Portal API URL. Leave blank to use the default failover endpoint.
API TokenYour ThreatLocker Portal API token — found in ThreatLocker Portal → Settings → API
If you’re unsure of your instance letter, check the URL you use to access the ThreatLocker portal. The instance letter appears in the subdomain, e.g. portalapi.b.threatlocker.com.
Syncs: Accounts, Endpoints, ThreatsField Effect is a managed security service. Recapp connects with a single API key to sync your accounts and their associated endpoints.Required credentials
FieldDescription
API KeyYour Field Effect API key — found in Settings → API in the Field Effect portal
Syncs: Locations, AgentsDatto EDR (formerly Infocyte) is an endpoint detection and response platform. Recapp connects via the Datto EDR API using a URL and API key.Required credentials
FieldDescription
API URLYour Datto EDR API endpoint URL, including /api at the end, e.g. https://api.dattoedr.com/api
API KeyYour Datto EDR API key
The API URL varies by Datto EDR instance. If you are on a custom or regional instance (e.g. an .infocyte.com subdomain), use that instance’s /api endpoint instead of the default.
Syncs: Customers, EndpointsZorus provides DNS filtering and web security for MSPs. Recapp connects via the Zorus API using a single API token to sync your customers and their associated endpoints.Required credentials
FieldDescription
API TokenYour Zorus API token — obtain it from the Zorus developer portal

Coverage gap detection

Once you have endpoint security integrations synced alongside your RMM or PSA, you can use Recapp’s reconciliation view to identify devices that appear in your RMM but have no matching agent in your endpoint security platform — and vice versa. This highlights unprotected endpoints and orphaned agents before your next client review.