Enterprise REST API Overview

All API calls require an API Token to be submitted. Depending on the type of API call you are making the authentication token will change.

For example if you are automating the deployment of a scan engine to scan a web application in an on demand scenario for highly changing environments. You will need the following API tokens.

  • System Administrator - All scan engine actions require a system administrator token.
  • Client Account - All scan configurations and the launching of the scan will require a client account’s Token to be used.

Base URLs

  • http://{servername}/AppSpiderEnterprise/rest/v1/
  • https://{servername}/AppSpiderEnterprise/rest/v1/

Authentication

Before using the AppSpider Enterprise API, you need to first add your token to the Authorization header.

  1. Make a POST request to the login endpoint http://{servername}/AppSpiderEnterprise/rest/v1/Authentication/Login to get your token.
  2. Use the response Token in request headers as basic authorization token.
    1. For example,Authorization: Basic ABC0123

AppSpider Authentication

/AppSpiderEnterprise/rest/v1/Authentication/Login

Description Returns AppSpider authorization tokens.

Request Body

{
  "name": "string",
  "password": "string"
}

Example Request

curl --request POST \
  --url http:///%7Bservername%7D/AppSpiderEnterprise/rest/v1/Authentication/Login \
  --header 'content-type: application/json' \
  --data '{"name":"string","password":"string"}'
require 'uri'
require 'net/http'
 
url = URI("http:///%7Bservername%7D/AppSpiderEnterprise/rest/v1/Authentication/Login")
 
http = Net::HTTP.new(url.host, url.port)
 
request = Net::HTTP::Post.new(url)
request["content-type"] = 'application/json'
request.body = "{\"name\":\"string\",\"password\":\"string\"}"
 
response = http.request(request)
puts response.read_body
import http.client
 
conn = http.client.HTTPConnection("insertConsole")
 
payload = "{\n    \"name\": \"insertUsername\",\n    \"password\": \"insertPassword\"\n}"
 
headers = {
    'content-type': "application/json",
    'cache-control': "no-cache"
    }
 
conn.request("POST", "/AppSpiderEnterprise/rest/v1/Authentication/Login", payload, headers)
 
res = conn.getresponse()
data = res.read()
 
print(data.decode("utf-8"))

Response

200 - OK

{
  "Token": "",
  "IsSuccess": true,
  "Reason": null,
  "ErrorMessage": null
}

400 - Bad Request

{
  "Token": null,
  "IsSuccess": false,
  "Reason": "InvalidCredentials",
  "ErrorMessage": "Invalid username or password."
}
NameDefinition
IsSuccessContains a boolean value and has true if method executed correctly.
ReasonText of error that occured.
ErrorMessageAdditional information about the error.