WhiteHat Security API Suite
This section provides a brief description of each API within the WhiteHat Security API suite. This should help you to identify which APIs you need to call to perform a particular function.
Version Recommendation
As part of WhiteHat Security's drive for customer success, we are constantly reviewing our APIs and making changes where necessary. Some of the APIs below are available in v1.0 and v2.0. This is to facilitate customers who wish to keep using v1.0 for some APIs, but v2.0 for others. It is recommended that customers use v2.0 where possible.
Applications
| API Name | Version | Description |
|---|---|---|
| API Assets API v2.0 | 2.0 | This resource allows you to manage your API assets, test credentials, and initiate scans relating to Sentinel Auto API. |
| Appliance API v1.0 | 1.0 | The Appliance resource allows you to manage your WhiteHat appliance via the API. |
| Appliances API v2.0 | 2.0 | This is the latest release of the Appliance API. Always use v2.0, unless there is a specific reason why you must use v1.0. The description is the same as the v1.0 description above. |
| Application API v1.0 | 1.0 | The Application resource allows you to perform tasks related to applications within your organization. An application can be code in a code base or repository, or it can be a binary file if binary analysis is enabled for your account. |
| Asset API v1.0 | 1.0 | This resource allows you to see your assets. |
| Assets API v2.0 | 2.0 | This is the latest release of the Asset API. Always use the latest v2.0, unless there is a specific reason why you must use v1.0. In addition to allowing you to see your assets, this allows you to do some management of those assets as well. |
| Asset Onboarding Workflows API v2.0 | 2.0 | The Asset Onboarding Workflow resource allows you to create or update an existing DAST workflow in Salesforce. This functionality is restricted to who have permission to add and manage full scans of applications. |
| Business Logic Assessments API v2.0 | 2.0 | The Business Logic Assessment (BLA) workflow allows you to perform functions relating to any BLA assessments that have been carried out against your applications. |
| Cases API v2.0 | 2.0 | The Cases resource allows you to create a new Customer Support or request additional licenses. |
| Job API v1.0 | 1.0 | The Job resource allows you to perform tasks related to jobs within your organization. A job is an action that can be run against an identified asset, such as a scan or a vulnerability retest. |
| Mobile API v2.0 | 2.0 | The Mobile resource allows you to perform tasks related to your mobile assets. |
| Schedule API v1.0 | 1.0 | The Schedule resource allows you to view or delete your scanning schedule(s) via the API. |
| Schedules API v2.0 | 2.0 | This is the latest release of the Schedule API. Always use v2.0, unless there is a specific reason why you must use v1.0. This version also allows batch creation and deletion of schedules. |
| Site API v1.0 | 1.0 | The Site resource allows you to view, modify, add, or delete information about existing sites. |
| Sites API v2.0 | 2.0 | This is the latest release of the Site API. Always use v2.0, unless there is a specific reason why you must use v1.0. There are many differences between this and the previous version. Two main differences between v1.0 and v2.0, are: - v2.0 has a separate operation to return DAST industries. - v2.0 can also provision (create) sites. |
| Source Applications API v2.0 | 2.0 | The Source Applications resource allows you to handle source application provisioning and scanning. |
Clients
| API Name | Version | Description |
|---|---|---|
| Activity Log API v2.0 | 2.0 | The Activity Log resource is the latest release of the Event API v1.0. Always use v2.0, unless there is a specific reason why you must use v1.0. |
| Capabilities API v2.0 | 2.0 | The Capabilities resource allows you to retrieve client-level capabilities, preferences, enabled features, clients you have access to, and a custom logo for your client if one exists. It also allows you to manage client-level preferences. |
| Client Preference API v1.0 | 1.0 | The Client Preference resource allows you to perform tasks relating to client-level preferences for a Sentinel client. |
| Custom Policies API v2.0 | 2.0 | The Custom Policies resource returns information about all of the custom policies to which the you have access. |
| Event API v1.0 | 1.0 | The Event resource returns the Activity Log for your organization. |
| Event Subscriptions API v2.0 | 2.0 | The Event Subscriptions resource allows you to retrieve and update your event subscription information. |
| Licenses API v2.0 | 2.0 | The Licenses resource returns information about all the licenses associated with your organization. |
Users
| API Name | Version | Description |
|---|---|---|
| Access Control Management API v2.0 | 2.0 | The Access Control Management API allows you to perform administrative tasks on the roles and privileges associated with users within your organization. |
| Group API v1.0 | 1.0 | The Group resource enables you to cluster your assets in groups for greater ease in controlling access, refining reports, and performing bulk actions. |
| Groups API v2.0 | 2.0 | This is the latest release of the Group v1.0 API. Always use the latest v2.0, unless there is a specific reason why you must use v1.0. The description is the same as the v1.0 description above. |
| Role API v1.0 | 1.0 | The Role resource allows you to retrieve information about user roles and the privileges associated with those roles. |
| User API v1.0 | 1.0 | The User resource allows you to view, modify, create, or delete user information. |
Vulnerabilities
| API Name | Version | Description |
|---|---|---|
| Findings API v2.0 | 2.0 | The Findings resource allows you to perform tasks relating to the results of scans performed against your assets. |
| Scan URLs API v2.0 | 2.0 | The Scan URLs resource allows you to add new entry points for your sites. |
| SourceVuln API v1.0 | 1.0 | The Source Vulnerability resource allows you to retrieve vulnerability information for your SAST (application) assets. GET is the only method that can be used with this resource, but the resource will allow you to get one or more vulnerabilities by class, by application, or by vulnerability ID and view one or more traces for a particular vulnerability down to the level of individual steps in the trace. |
| Vuln API v1.0 | 1.0 | The Vulnerability resource allows you to perform tasks relating to DAST (site) vulnerabilities and attack vector information. |
| Vuln Custom Policy API v1.0 | 1.0 | The Vulnerability Custom Policy resource allows you to view, create, update, or delete custom vulnerability policies. (For more information on these policies, please see Customizing Your Risk Ratings in Sentinel Help.) |
| VulnPolicy API v1.0 | 1.0 | The Vulnerability Policy resource allows you to create, edit, delete, or retrieve information about your Risk Management Policy for DAST (site) assets. You can create a Risk Management Policy to customize or accept the business risk of one or more vulnerability class(es) for one or more asset(s). Note: This API has nothing to do with the custom policies handled in Vuln Custom Policy API v1.0. |
Updated about 2 years ago