Examples of API calls¶

Requests to the server part¶

Important

The following examples use https://cloud.solidpoint.net as the address of the scanner instance. When making requests, you must use a personal address.

Specify the token in the X-Token header for subsequent use in authentication (more information on the Token Authentication page):
```
curl https://cloud.solidpoint.net/api/scans --header "X-Token: <token>"
```

Authenticate via Cookies:
```
--header 'Cookie: auth_token=jwt'
```

Authenticate via bearer token:
```
--header 'Authorization: Bearer jwt'
```

Change the password for the super administrator (single user mode):

curl --location --request PUT 'https://cloud.solidpoint.net/api/users/current/password'
--header 'Content-Type: application/json'
--data '{
    "newPassword": "admin",
    "oldPassword": ""
}'

Log in as a super administrator:

curl --location --request POST 'https://cloud.solidpoint.net/api/auth/login'
--header 'Content-Type: application/json'
--data-raw '{
    "tenantName": "",
    "email": "admin@fuchsia.local",
    "password": "admin"
}'

Register in the system:

curl --location --request POST 'https://cloud.solidpoint.net/api/auth/register'
--header 'Content-Type: application/json'
--data-raw '{
    "tenantName": "",
    "email": "user@test.ru",
    "password": "testuser123",
    "name": "user",
    "companyName": "test",
    "occupation": "test"
}'

Log in to the system:

curl --location --request POST 'https://cloud.solidpoint.net/api/auth/login'
--header 'Content-Type: application/json'
--data-raw '{
    "tenantName": "",
    "email": "user@test.ru",
    "password": "testuser123"
}'

Log out of the system:

curl --location --request POST 'https://cloud.solidpoint.net/api/auth/logout'
--header 'Cookie: auth_token=jwt'

Create a new tenant:

curl --location --request POST 'https://cloud.solidpoint.net/api/tenants'
--header 'Content-Type: application/json'
--header 'Authorization: Bearer jwt1'
--header 'Cookie: auth_token=jwt2'
--data '{
    "name": "test",
    "hostNameConstraints": ["test"],
    "scanEndpointsIDs": [1]
}'

Add or remove a restriction on the client's hostname:

curl --location --request PATCH 'https://cloud.solidpoint.net/api/tenants/2/host-name-constraints'
--header 'Content-Type: application/json'
--header 'Cookie: auth_token=jwt'
--data '{
    "add": ["test2", "test3"],
    "delete": ["test"]
}'

Requests to the scanner¶

Add an endpoint for scanning:

curl --location --request POST 'https://cloud.solidpoint.net/api/scan-endpoints'
--header 'Content-Type: application/json'
--header 'Cookie: auth_token=jwt'
--data '{
    "name": "test",
    "address": "unix:///tmp/fuchsia/fuchsiad.sock"
}'

Update the endpoint for scanning:

curl --location --request PATCH 'https://cloud.solidpoint.net/api/scan-endpoints/1'
--header 'Content-Type: application/json'
--header 'Cookie: auth_token=jwt'
--data '{
    "name": "new_name"
}'

Get an endpoint by ID:

curl --location --request GET 'https://cloud.solidpoint.net/api/scan-endpoints/1'
--header 'Cookie: auth_token=jwt'

Get all endpoints:

curl --location --request GET 'https://cloud.solidpoint.net/api/scan-endpoints'
--header 'Authorization: Bearer jwt'
--header 'Cookie: auth_token=jwt'

Add or remove tenant endpoints:

curl --location --request PATCH 'https://cloud.solidpoint.net/api/tenants/2/scan-endpoints'
--header 'Content-Type: application/json'
--header 'Cookie: auth_token=jwt'
--data '{
    "add": [1],
    "delete": []
}'

Get a tenant by ID:

curl --location --request GET 'https://cloud.solidpoint.net/api/tenants/2'
--header 'Cookie: auth_token=jwt'

Get a list of all tenants:

curl --location --request GET 'https://cloud.solidpoint.net/api/tenants'
--header 'Cookie: auth_token=jwt'

Get a list of all users with a given role in a certain tenant:

curl --location --request GET 'https://cloud.solidpoint.net/api/users?role=unknown&tenant=test'
--header 'Cookie: auth_token=jwt'

Add a user to the tenant:

curl --location --request POST 'https://cloud.solidpoint.net/api/users'
--header 'Content-Type: application/json'
--header 'Cookie: auth_token=jwt'
--data-raw '{
    "tenantName": "test",
    "email": "user@test.ru",
    "password": "testuser123",
    "name": "user",
    "role": "user",
    "companyName": "test",
    "occupation": "test"
}'

Activate a user by ID (you can specify tenantName instead of tenantId):

curl --location --request PUT 'https://cloud.solidpoint.net/api/users/2/activate'
--header 'Content-Type: application/json'
--header 'Cookie: auth_token=jwt'
--data '{
    "role": "user",
    "tenantID": 1
}'

Activate a user by email (you can specify tenantName instead of tenantId):

curl --location --request PUT 'https://cloud.solidpoint.net/api/users/user2@test.ru/activate'
--header 'Content-Type: application/json'
--header 'Cookie: auth_token=jwt'
--data '{
    "role": "user",
    "tenantID": 1
}'

Activate of all users:

curl --location --request PUT 'https://cloud.solidpoint.net/api/users/activate'
--header 'Content-Type: application/json'
--header 'Cookie: auth_token=jwt'
--data '{
    "role": "user"
}'

Work with scans¶

Start a new scan (you can use url instead of targetID):

curl --location 'https://cloud.solidpoint.net/api/scans'
--header 'Content-Type: application/json'
--header 'Cookie: auth_token=jwt'
--data '{
    "targetID": 1
}'

Complete a scan by ID:

curl --location --request PUT 'https://cloud.solidpoint.net/api/scans/cancel/:id'
--header 'Cookie: auth_token=jwt'

Examples of working with scan authentication parameters¶

Scan authentication parameters are handled through targets.

Work with HTTP Basic Auth:

curl --location --request PATCH 'https://cloud.solidpoint.net/api/targets/45'
--header 'Content-Type: application/json'
--header 'Cookie: auth_token=jwt'
--data '{
    "appAuth": {
        "httpBasicAuth": [
            {
                "userName": "test2",
                "password": "qwerty123"
            }
        ]
    }
}'

Work with Cookies:

curl --location --request PATCH 'https://cloud.solidpoint.net/api/targets/10'
--header 'Content-Type: application/json'
--header 'Cookie: auth_token=jwt'
--data '{
    "appAuth": {
        "cookies": [
            {
                "name": "session",
                "value": "429415c6-ee49-438b-a075-ef5e6fc141c1"
            }
        ]
    }
}'

Work with Headers:

curl --location --request PATCH 'https://cloud.solidpoint.net/api/targets/64'
--header 'Content-Type: application/json'
--header 'Cookie: auth_token=jwt'
--data '{
    "appAuth": {
        "headers": [
            {
                "name": "X-Auth-Token",
                "value": "91e58978-d3fd-49ce-857c-a6a17f82118b"
            }
        ]
    }
}'

Work with certificates:

curl --location --request PATCH 'https://cloud.solidpoint.net/api/targets/70'
--header 'Content-Type: application/json'
--header 'Cookie: auth_token=jwt'
--data '{
    "appAuth": {
        "certificates": [
            {
                "certificate": "crt",
                "key": "KeY"
            }
        ]
    }
}'

Change all authentication parameters to a certificate:

If a target has many different authentication parameters, then they can either be overwritten or reset to zero. This is done by sending an additional parameter rewriteAppAuth. For example, a target has HTTP Basic Auth and Cookies, but needs to have only a certificate. In this case only the certificate needs to be sent with the additional parameter rewriteAppAuth. When zeroing out, only one additional rewriteAppAuth parameter must be sent.
```
curl --location --request PATCH 'https://cloud.solidpoint.net/api/targets/70'
--header 'Content-Type: application/json'
--header 'Cookie: auth_token=jwt'
--data '{
    "rewriteAppAuth": true,
    "appAuth": {
        "certificates": [
            {
                "certificate": "...",
                "key": "..."
            }
        ]
    }
}'
```

Reset all authentication parameters of the target to zero:

curl --location --request PATCH 'https://cloud.solidpoint.net/api/targets/70'
--header 'Content-Type: application/json'
--header 'Cookie: auth_token=jwt'
--data '{
    "rewriteAppAuth": true
}'

Add LDAP Authentication:

curl --location --request POST 'https://cloud.solidpoint.net/api/auth'
--header 'Content-Type: application/json'
--header 'Cookie: auth_token=jwt'
--data '{
    "type": "LDAP",
    "parameters": {
        "label": "ldap",
        "host": "dev.solidwall.io",
        "port": 636,
        "baseDN": "ou=users,dc=solidwall,dc=io",
        "uid": "uid",
        "defaultAttributes": true,
        "tls": true,
        "roles": {
            "user": "objectClass=inetOrgPerson"
        }
    }
}'

Get a list of all configured authentications:

curl --location 'https://cloud.solidpoint.net/api/auth'
--header 'Cookie: auth_token=jwt'

Update authentication (URL contains record ID):

curl --location --request PATCH 'https://cloud.solidpoint.net/api/auth/17'
--header 'Content-Type: application/json'
--header 'Cookie: auth_token=jwt'
--data '{
    "disabled": true
}'

When updating parameters, they must be passed as a whole, as the nested key goes as the full value.

Delete an existing record (the URL contains the record ID):

curl --location --request DELETE 'https://cloud.solidpoint.net/api/auth/17'
--header 'Cookie: auth_token=jwt'

Examples of working with the specification for scans¶

Working with the specification for scans is done via targets. The specification is passed in base64 format (... is the designation in the examples below).

Create a target with a specification:

curl --location --request POST 'https://cloud.solidpoint.net/api/targets'
--header 'Content-Type: application/json'
--header 'Cookie: auth_token=jwt'
--data '{
    "url": "https://test.test",
    "specification": {
        "openAPI": {
            "specification": "..."
        },
        "disabled": true
    }
}'

Add a specification to an existing target:
```
curl --location --request PATCH 'https://cloud.solidpoint.net/api/targets/2'
--header 'Content-Type: application/json'
--header 'Cookie: auth_token=jwt'
--data '{
    "specification": {
        "openAPI": {
            "specification": "..."
        },
        "disabled": false
    }
}'
```
The disabled parameter is responsible for passing the specification to the scan. If disabled: true, the specification will not be passed to the scan request.

The target specification can also be either overwritten or reset to zero. This is done by sending an additional parameter rewriteSpec. For example, a target has several specifications, but it needs to have only one. In this case, only the required specification needs to be sent with the additional parameter rewriteSpec. When zeroing out, you need to send only the rewrite Spec parameter.

Important

When zeroing out, the disabled parameter gets set to false, but the specification will not get fetched during the scan, since it is empty (zeroed).
```
curl --location --request PATCH 'https://cloud.solidpoint.net/api/targets/2'
--header 'Content-Type: application/json'
--header 'Cookie: auth_token=jwt'
--data '{
    "rewriteSpec": true,
    "specification": {
        "openAPI": {
            "specification": "..."
        },
        "disabled": false
    }
}'
```

Transfer scans from the default tenant:

curl --location --request PATCH 'https://cloud.solidpoint.net/api/scans/replace-tenant'
--header 'Content-Type: application/json'
--header 'Cookie: auth_token=jwt'
--data '{
    "scanIDs": [1218, 1217, 1216, 850, 796, 797],
    "tenantID": 2
}'