Getting Started with WhiteHat Security APIs

This section will help you get started with the WhiteHat Security API portfolio.

What are WhiteHat Security APIs?

WhiteHat Security has created a number of APIs that allow customers to add and manage assets, schedule scans, and access vulnerability reports programmatically rather than through the WhiteHat Sentinel UI. This enables you to build application security into your development pipeline.

This site provides the reference documentation which ensures that you have the knowledge and resources to make the most of the flexibility offered by the WhiteHat Security API suite.

RESTful Architecture

The Sentinel API is web-based, and uses a representational state transfer (RESTful) architecture in which the client sends a request when it is ready to move to a new state, and while requests are outstanding the client is “in transition.” The representation of each application state includes links that can be used the next time the client initiates a state transition. WhiteHat uses RESTful architecture because it allows independent deployment of components, uses interface generality, is scalable, and can use intermediary components to enforce security and reduce latency. REST does have the following constraints:

  • Because clients can cache responses, responses must (implicitly or explicitly) define themselves as cacheable or not; otherwise, clients may re-use stale or inappropriate data in response to further requests.
  • A uniform interface separates clients from servers; this means, for instance, that clients are not concerned with data storage (which is internal to the server), improving portability, and servers are not concerned with the user state, improving scalability.
  • No client context is stored on the server. Each request contains all information needed to service the request. Any state information for the session is kept in the client.

Supported Operations

Operational methods available within the WhiteHat API Resources include:

  • GET (Retrieve information)
  • PUT (Replace information)
  • POST (Create information)
  • DELETE (Delete information)
  • PATCH (Modify information)

To use these methods, ensure that the request line shows the method name and the resource path for the component you’re referencing (e.g. POST/api/user), and that the header includes the correct content type (e.g. Content-type: application/json).