WhiteHat Security API Suite
This section provides a brief description of each API within the WhiteHat Security API suite. This should help you to identify which APIs you need to call to perform a particular function.
Version Recommendation
As part of WhiteHat Security's drive for customer success, we are constantly reviewing our APIs and making changes where necessary. Some of the APIs below are available in v1.0 and v2.0. This is to facilitate customers who wish to keep using v1.0 for some APIs, but v2.0 for others. It is recommended that customers use v2.0 where possible.
Applications
API Name | Version | Description |
|---|---|---|
2.0 | This resource allows you to manage your API assets, test credentials, and initiate scans relating to Sentinel Auto API. | |
1.0 | The Appliance resource allows you to manage your WhiteHat appliance via the API. | |
2.0 | This is the latest release of the Appliance API. Always use v2.0, unless there is a specific reason why you must use v1.0. The description is the same as the v1.0 description above. | |
1.0 | The Application resource allows you to perform tasks related to applications within your organization. An application can be code in a code base or repository, or it can be a binary file if binary analysis is enabled for your account. | |
1.0 | This resource allows you to see your assets. | |
2.0 | This is the latest release of the Asset API. Always use the latest v2.0, unless there is a specific reason why you must use v1.0. In addition to allowing you to see your assets, this allows you to do some management of those assets as well. | |
2.0 | The Asset Onboarding Workflow resource allows you to create or update an existing DAST workflow in Salesforce. This functionality is restricted to who have permission to add and manage full scans of applications. | |
2.0 | The Business Logic Assessment (BLA) workflow allows you to perform functions relating to any BLA assessments that have been carried out against your applications. | |
2.0 | The Cases resource allows you to create a new Customer Support or request additional licenses. | |
1.0 | The Job resource allows you to perform tasks related to jobs within your organization. A job is an action that can be run against an identified asset, such as a scan or a vulnerability retest. | |
2.0 | The Mobile resource allows you to perform tasks related to your mobile assets. | |
1.0 | The Schedule resource allows you to view or delete your scanning schedule(s) via the API. | |
2.0 | This is the latest release of the Schedule API. Always use v2.0, unless there is a specific reason why you must use v1.0. This version also allows batch creation and deletion of schedules. | |
1.0 | The Site resource allows you to view, modify, add, or delete information about existing sites. | |
2.0 | This is the latest release of the Site API. Always use v2.0, unless there is a specific reason why you must use v1.0. There are many differences between this and the previous version. Two main differences between v1.0 and v2.0, are:
| |
2.0 | The Source Applications resource allows you to handle source application provisioning and scanning. |
Clients
API Name | Version | Description |
|---|---|---|
2.0 | The Activity Log resource is the latest release of the Event API v1.0. Always use v2.0, unless there is a specific reason why you must use v1.0. | |
2.0 | The Capabilities resource allows you to retrieve client-level capabilities, preferences, enabled features, clients you have access to, and a custom logo for your client if one exists. It also allows you to manage client-level preferences. | |
1.0 | The Client Preference resource allows you to perform tasks relating to client-level preferences for a Sentinel client. | |
2.0 | The Custom Policies resource returns information about all of the custom policies to which the you have access. | |
1.0 | The Event resource returns the Activity Log for your organization. | |
2.0 | The Event Subscriptions resource allows you to retrieve and update your event subscription information. | |
2.0 | The Licenses resource returns information about all the licenses associated with your organization. |
Users
API Name | Version | Description |
|---|---|---|
2.0 | The Access Control Management API allows you to perform administrative tasks on the roles and privileges associated with users within your organization. | |
1.0 | The Group resource enables you to cluster your assets in groups for greater ease in controlling access, refining reports, and performing bulk actions. | |
2.0 | This is the latest release of the Group v1.0 API. Always use the latest v2.0, unless there is a specific reason why you must use v1.0. The description is the same as the v1.0 description above. | |
1.0 | The Role resource allows you to retrieve information about user roles and the privileges associated with those roles. | |
1.0 | The User resource allows you to view, modify, create, or delete user information. |
Vulnerabilities
API Name | Version | Description |
|---|---|---|
2.0 | The Findings resource allows you to perform tasks relating to the results of scans performed against your assets. | |
2.0 | The Scan URLs resource allows you to add new entry points for your sites. | |
1.0 | The Source Vulnerability resource allows you to retrieve vulnerability information for your SAST (application) assets. GET is the only method that can be used with this resource, but the resource will allow you to get one or more vulnerabilities by class, by application, or by vulnerability ID and view one or more traces for a particular vulnerability down to the level of individual steps in the trace. | |
1.0 | The Vulnerability resource allows you to perform tasks relating to DAST (site) vulnerabilities and attack vector information. | |
1.0 | The Vulnerability Custom Policy resource allows you to view, create, update, or delete custom vulnerability policies. (For more information on these policies, please see Customizing Your Risk Ratings in Sentinel Help.) | |
1.0 | The Vulnerability Policy resource allows you to create, edit, delete, or retrieve information about your Risk Management Policy for DAST (site) assets. You can create a Risk Management Policy to customize or accept the business risk of one or more vulnerability class(es) for one or more asset(s). Note: This API has nothing to do with the custom policies handled in Vuln Custom Policy API v1.0. |
Updated over 1 year ago