Beta Version Disclaimer
Please note that this version of the API is currently in beta. While it offers advanced features for deeper integrations and flexible automations, we reserve the right to make breaking changes during this phase. Backwards compatibility may not be maintained. We encourage users to explore its capabilities but recommend caution in production environments as the API may undergo significant modifications.
Features
Added endpoints
Business units
GET /api/v2/business-units/summary
- Get the summary list of business units.
Components
GET /api/v2/components/{component-id}/visibility/users
- Gets the list of users with whom a project component is shared.
DELETE /api/v2/components/{component-id}/visibility/business-units/{business-unit-id}
- Stops sharing a project component with a specific business unit.
GET /api/v2/components/{component-id}/visibility/business-units
- Gets the list of business units with whom a project component is shared.
POST /api/v2/components/{component-id}/visibility/business-units
- Shares a project component with a new business unit.
DELETE /api/v2/components/{component-id}/visibility/users/{username}
- Stops sharing a project component with a specific user.
POST /api/v2/components/{component-id}/visibility/users
- Shares a project component with a new user.
Custom fields
GET /api/v2/custom-fields/groups
- Get all the custom field groups.
GET /api/v2/custom-fields/groups/{custom-field-group-id}
- Get the custom field group details.
DELETE /api/v2/custom-fields/types/{custom-field-type-id}/values/{custom-field-type-value-id}
- Delete a custom field type value.
GET /api/v2/custom-fields/types/{custom-field-type-id}
- Get the custom field type details.
PUT /api/v2/custom-fields/types/{custom-field-type-id}/values/{custom-field-type-value-id}
- Update a value for a custom field type.
POST /api/v2/custom-fields/types
- Create a custom field type.
POST /api/v2/custom-fields/types/{custom-field-type-id}/values
- Create a new value for a custom field type.
POST /api/v2/custom-fields/groups
- Create new custom field group.
DELETE /api/v2/custom-fields/{custom-field-id}
- Delete a custom field.
GET /api/v2/custom-fields/{custom-field-id}
- Get the custom field details
GET /api/v2/custom-fields/types
- Get all the custom field types.
GET /api/v2/custom-fields/types/{custom-field-type-id}/values
- Get all the values from a custom field type.
PUT /api/v2/custom-fields/types/{custom-field-type-id}
- Modify a custom field type.
GET /api/v2/custom-fields
- Get all the custom fields.
PUT /api/v2/custom-fields/{custom-field-id}
- Modify the custom field.
POST /api/v2/custom-fields
- Create a custom field.
PUT /api/v2/custom-fields/groups/{custom-field-group-id}
- Modify the custom field group.
DELETE /api/v2/custom-fields/groups/{custom-field-group-id}
- Delete a custom field group.
DELETE /api/v2/custom-fields/types/{custom-field-type-id}
- Delete a custom field type.
Features
GET /api/v2/features/settings
- Retrieves the configuration for the features of the application.
Libraries
POST /api/v2/libraries/countermeasures/comments
- Create a comment in a library countermeasure.
GET /api/v2/libraries/{library-id}/risk-patterns
- Get all the risk patterns in a library.
GET /api/v2/libraries/countermeasures
- Get all the library countermeasures.
DELETE /api/v2/libraries/threats/{threat-id}
- Delete a threat.
GET /api/v2/libraries/weaknesses/{weakness-id}
- Get a weakness in a library context
DELETE /api/v2/libraries/{library-id}
- Deletes a risk pattern library by id
POST /api/v2/libraries/use-cases
- Create a new use case within a risk pattern.
DELETE /api/v2/libraries/use-cases/{use-case-id}
- Delete an use case in a library context
GET /api/v2/libraries/countermeasures/{countermeasure-id}
- Get a countermeasure in a library context
POST /api/v2/libraries/import
- Import risk pattern library from XML file.
GET /api/v2/libraries
- Get all libraries.
GET /api/v2/libraries/threats/{threat-id}/comments
- Get all the comments of a threat in a library context.
DELETE /api/v2/libraries/countermeasures/{countermeasure-id}
- Delete a countermeasure in a library context.
GET /api/v2/libraries/countermeasures/{countermeasure-id}/comments
- Get all the comments of a countermeasure in a library context.
POST /api/v2/libraries/weaknesses
- Create a new weakness within a risk pattern.
PUT /api/v2/libraries/{library-id}
- Modify the library.
POST /api/v2/libraries/{library-id}/disable
- Disable risk pattern library by id.
PUT /api/v2/libraries/threats/{threat-id}
- Modify the threat.
GET /api/v2/libraries/{library-id}/risk-patterns/summary
- Get the summary list of risk patterns in a library.
PUT /api/v2/libraries/weaknesses/{weakness-id}
- Update a weakness in a library context
PUT /api/v2/libraries/risk-patterns/{risk-pattern-id}
- Modify the risk pattern in a library context
GET /api/v2/libraries/threats/{threat-id}/weaknesses
- Get all the library weaknesses in a threat.
GET /api/v2/libraries/{library-id}/export
- Get risk pattern library as XML file by id
GET /api/v2/libraries/weaknesses
- Get all the library weaknesses.
DELETE /api/v2/libraries/weaknesses/{weakness-id}
- Delete a weakness in a library context
POST /api/v2/libraries/{library-id}/enable
- Enable risk pattern library by id.
GET /api/v2/libraries/{library-id}
- Get risk pattern library by id
PUT /api/v2/libraries/countermeasures/{countermeasure-id}
- Update a countermeasure in a library context
GET /api/v2/libraries/threats/{threat-id}/countermeasures
- Get all the library countermeasures in a threat.
POST /api/v2/libraries/{library-id}/update-with-file
- Modify the library from a XML file.
POST /api/v2/libraries/countermeasures
- Create a new countermeasure within a risk pattern.
DELETE /api/v2/libraries/risk-patterns/{risk-pattern-id}
- Delete a risk pattern in a library context.
GET /api/v2/libraries/threats/{threat-id}
- Get a threat by id
POST /api/v2/libraries
- Create a risk pattern library
PUT /api/v2/libraries/use-cases/{use-case-id}
- Update a use case in a library context
GET /api/v2/libraries/threats
- Get all threats for a given use case.
POST /api/v2/libraries/threats/comments
- Create a comment in a library threat.
GET /api/v2/libraries/use-cases/{use-case-id}
- Get a use case in a library context
GET /api/v2/libraries/summary
- Gets all the libraries registered in the system.
POST /api/v2/libraries/threats
- Create a new threat within a use case.
GET /api/v2/libraries/risk-patterns/{risk-pattern-id}
- Get a risk pattern in a library context
POST /api/v2/libraries/risk-patterns
- Create a risk pattern in a library.
GET /api/v2/libraries/risk-patterns/{risk-pattern-id}/use-cases
- Get all the use cases of a risk pattern in a library context.
Projects
GET /api/v2/projects/{project-id}/threats
- Get all the threats
POST /api/v2/projects/threats/comments
- Create a new comment for a threat.
GET /api/v2/projects/{project-id}/analytics/risk/average
- Gets the risk average of a project.
POST /api/v2/projects/{project-id}/ownership/business-units/{business-unit-id}
- Add the business unit as owner of a project based on it id.
GET /api/v2/projects/{project-id}/standards
- Returns all available security standards for the project.
GET /api/v2/projects/{project-id}/use-cases
- Get all the use cases by project.
GET /api/v2/projects/{project-id}/ownership/users
- Get the users who have ownership for a project.
POST /api/v2/projects/countermeasures/analytics/states/implemented/timeline/query
- Obtains the implemented countermeasures timeline.
POST /api/v2/projects/{project-id}/apply-standard
- Apply a standard to the recommended countermeasures of the project.
POST /api/v2/projects/import
- Create a new project based on the uploaded XML file.
GET /api/v2/projects/threats/{threat-id}/countermeasures
- Get all countermeasures for a threat.
POST /api/v2/projects/countermeasures/analytics/states/distribution/query
- Obtains the number of countermeasures grouped by state.
GET /api/v2/projects/components/{component-id}/questionnaire
- Retrieves the current status of the component questionnaire.
POST /api/v2/projects/analytics/summary/query
- Gets the summary of the projects visible to the user.
GET /api/v2/projects/{project-id}/components
- Get all the components by project.
GET /api/v2/projects/weaknesses/{weakness-id}/countermeasures
- Get all countermeasures for a weakness.
GET /api/v2/projects/use-cases/{use-case-id}
- Get the use case by ID.
GET /api/v2/projects/{project-id}/ownership/business-units
- Get the business units who have ownership for a project.
DELETE /api/v2/projects/versions/{version-id}
- Deletes a project version.
GET /api/v2/projects/components/{component-id}
- Get component by ID.
PUT /api/v2/projects/weaknesses/{weakness-id}
- Updates the weakness
GET /api/v2/projects/{project-id}/countermeasures/analytics/states/distribution
- Gets the number of countermeasures in each state for a project.
GET /api/v2/projects/weaknesses/{weakness-id}
- Get the weakness that matches the id.
GET /api/v2/projects/{project-id}/analytics/risk/distribution
- Obtains the project risk distribution.
POST /api/v2/projects/countermeasures/analytics/impact/top/query
- Obtains the top ten countermeasures with the most impact.
GET /api/v2/projects/components/{component-id}/use-cases
- Get all the use cases by component.
POST /api/v2/projects/{project-id}/ownership/users/{username}
- Add a user as owner of a project based on it id.
GET /api/v2/projects/threats/{threat-id}/comments
- Gets the comments of a threat.
DELETE /api/v2/projects/{project-id}/ownership/users/{username}
- Removes the user as owner of a project based on it id.
POST /api/v2/projects/{project-id}/component-project
- Create a new component of type project.
POST /api/v2/projects/{project-id}/import-template
- Import the selected templates into a project.
POST /api/v2/projects/analytics/risk/average/query
- Gets the global risk of the projects visible to the user.
GET /api/v2/projects/use-cases/{use-case-id}/threats
- Get all the threats by use case.
DELETE /api/v2/projects/{project-id}/ownership/business-units/{business-unit-id}
- Removes the business unit as owner of a project based on it id.
POST /api/v2/projects/components/{component-id}/questionnaire
- Executes an update of the component questionnaire.
POST /api/v2/projects/components/{component-id}/questionnaire/simulate
- Executes a simulation of the outcome of running this component questionnaire.
GET /api/v2/projects/{project-id}/weaknesses/tests/analytics/results/distribution
- Gets the weakness test distribution of a project.
GET /api/v2/projects/{project-id}/countermeasures
- Get all countermeasures for a project.
Roles
PUT /api/v2/roles/{role-id}/custom-field-permissions/bulk
- Update a custom field permission.
Standards
POST /api/v2/standards/analytics/compliance/summary/query
- Obtains the standard compliance summary.
Templates
POST /api/v2/templates/{template-id}/upload
- Updates an existing template from an XML file
GET /api/v2/templates/{template-id}/analytics/risk/average
- Gets the risk average of a template.
GET /api/v2/templates/{template-id}/countermeasures/analytics/states/distribution
- Gets the number of countermeasures in each state for a template.
GET /api/v2/templates/{project-id}/weaknesses/tests/analytics/results/distribution
- Gets the weakness test distribution of a template.
GET /api/v2/templates/{template-id}/analytics/risk/distribution
- Obtains the template risk distribution.
Users
GET /api/v2/users/summary
- Retrieve all users available for selection by the current user in custom fields or property selectors.
Workflows
GET /api/v2/workflow/summary
- Retrieve all workflow states from the workflow.
Removed endpoints
Components
GET /api/v2/components/available-libraries
- Gets all the libraries registered in the system.
Projects
POST /api/v2/projects/{project-id}/project-component
- Create a new project component.
GET /api/v2/projects/{project-id}/ownerships/users
- Get the users who have ownership for a project.
DELETE /api/v2/projects/{project-id}/ownerships/users
- Delete the user who have ownership for a project.
POST /api/v2/projects/{project-id}/ownerships/users
- Update the users who have ownership for a project.
DELETE /api/v2/projects/version/{version-id}
- Deletes a project version.
DELETE /api/v2/projects/{project-id}/ownerships/business-units
- Delete the business unit who have ownership for a project.
GET /api/v2/projects/{project-id}/ownerships/business-units
- Get the business units who have ownership for a project.
POST /api/v2/projects/{project-id}/ownerships/business-units
- Update the business unit ownership for a project.
Changed request bodies
PUT /api/v2/projects/{project-id}/settings
- The property
general
has been added.
PUT /api/v2/test-trackers/settings
- The property
microFocusFortify
has been added.
- The property
hpFortify
has been removed.
Comments
0 comments
Article is closed for comments.