Getting Started with WhiteHat Dynamic APIs

This section will help you get started with the WhiteHat Dynamic API suite.

What are WhiteHat Dynamic APIs?

Synopsys has created a number of APIs that allow customers to add and manage assets, schedule scans, and access vulnerability reports programmatically rather than through the WhiteHat PortaI interface. This enables you to build application security into your development pipeline.

This site provides the reference documentation that ensures you have the knowledge and resources to make the most of the flexibility offered by the WhiteHat Dynamic API suite.

RESTful Architecture

WhiteHat Dynamic APIs are web-based and use a representational state transfer (RESTful) architecture. This means that the client sends a request when it is ready to move to a new state, and while requests are outstanding the client is “in transition”. The representation of each application state includes links that can be used the next time the client initiates a state transition. The APIs' RESTful architecture allows for independent deployment of components, uses interface generality, is scalable, and can use intermediary components to enforce security and reduce latency.

Be aware of the following general constraints of REST architectures:

  • Because clients can cache responses, responses must (implicitly or explicitly) define themselves as cacheable or not; otherwise, clients may re-use stale or inappropriate data in response to further requests.
  • A uniform interface separates clients from servers; this means, for instance, that clients are not concerned with data storage (which is internal to the server), improving portability, and servers are not concerned with the user state, improving scalability.
  • No client context is stored on the server. Each request contains all the information needed to service the request. Any state information for the session is kept in the client.

Supported Operations

Operational methods available within WhiteHat Dynamic API resources include:

  • GET - Retrieve information
  • PUT - Replace information
  • POST - Create information
  • DELETE - Delete information
  • PATCH - Modify information

To use these methods, ensure that:

  • The request line shows the method name and the resource path for the component you’re referencing, e.g. POST/api/user.
  • The header includes the correct content type, e.g. Content-type: application/json.