Enterprise REST API Overview

All API calls require an API Token to be submitted. Depending on the type of API call you are making the authentication token will change.

For example if you are automating the deployment of a scan engine to scan a web application in an on demand scenario for highly changing environments. You will need the following API tokens.

  • System Administrator - All scan engine actions require a system administrator token.
  • Client Account - All scan configurations and the launching of the scan will require a client account's Token to be used.

Base URLs

  • http://{servername}/AppSpiderEnterprise/rest/v1/
  • https://{servername}/AppSpiderEnterprise/rest/v1/

Authentication

Before using the AppSpider Enterprise API, you need to first add your token to the Authorization header.

  1. Make a POST request to the login endpoint http://{servername}/AppSpiderEnterprise/rest/v1/Authentication/Login to get your token.
  2. Use the response Token in request headers as basic authorization token.
    1. For example,Authorization: Basic ABC0123

AppSpider Authentication

post

/AppSpiderEnterprise/rest/v1/Authentication/Login

Description Returns AppSpider authorization tokens.

Request Body

json
1
{
2
  "name": "string",
3
  "password": "string"
4
}

Example Request

bash
1
curl --request POST \
2
  --url http:///%7Bservername%7D/AppSpiderEnterprise/rest/v1/Authentication/Login \
3
  --header 'content-type: application/json' \
4
  --data '{"name":"string","password":"string"}'
ruby
1
require 'uri'
2
require 'net/http'
3


4
url = URI("http:///%7Bservername%7D/AppSpiderEnterprise/rest/v1/Authentication/Login")
5


6
http = Net::HTTP.new(url.host, url.port)
7


8
request = Net::HTTP::Post.new(url)
9
request["content-type"] = 'application/json'
10
request.body = "{\"name\":\"string\",\"password\":\"string\"}"
11


12
response = http.request(request)
13
puts response.read_body
python
1
import http.client
2


3
conn = http.client.HTTPConnection("insertConsole")
4


5
payload = "{\n    \"name\": \"insertUsername\",\n    \"password\": \"insertPassword\"\n}"
6


7
headers = {
8
    'content-type': "application/json",
9
    'cache-control': "no-cache"
10
    }
11


12
conn.request("POST", "/AppSpiderEnterprise/rest/v1/Authentication/Login", payload, headers)
13


14
res = conn.getresponse()
15
data = res.read()
16


17
print(data.decode("utf-8"))

Response

200 - OK

json
1
{
2
  "Token": "",
3
  "IsSuccess": true,
4
  "Reason": null,
5
  "ErrorMessage": null
6
}

400 - Bad Request

json
1
{
2
  "Token": null,
3
  "IsSuccess": false,
4
  "Reason": "InvalidCredentials",
5
  "ErrorMessage": "Invalid username or password."
6
}
NameDefinition
IsSuccessContains a boolean value and has true if method executed correctly.
ReasonText of error that occured.
ErrorMessageAdditional information about the error.