...
Retrieve an API Key that has the permission to start API Secure scans; API keys are available in the Data Theorem portal at https://pr-1593.demotheorem.com/mobile/sdlc/results_api_access .
Retrieve the GraphQL API’s ID from the API’s page in the Data Theorem portal:
An API scan can then started using the following CURL command:
Code Block curl -X POST https://api.securetheorem.com/apis/devops/v1/asset_scans/graphql_api_scans \ -H "Content-Type: application/json" \ -d '{"asset_id":"c94aa607-0cd0-46cb-8472-4a24b34e1b70", \ "asset_base_url":"https://graphql-test-api-sc.uc.r.appspot.com/"}' \ -H "Authorization: APIKey ABCD123456="
Once completed, the results of the scan will be visible in the Data Theorem portal in the GraphQL API’s asset page.
Starting a scan against all assets in an Asset Group
In addition Data Theorem’s API can also be used to start a scan against all API-type assets that are currently supported by the integration in a specified asset group:
Retrieve an API Key that has the permission to start API Secure scans; API keys are available in the Data Theorem portal at https://pr-1593.demotheorem.com/mobile/sdlc/results_api_access .
Retrieve the Asset Group’s ID from the API’s page in the Data Theorem portal:
An API scan can then started using the following CURL command:
Code Block curl -X POST https://api.securetheorem.com/apis/devops/v1/asset_scans/asset_group_scans \ -H "Content-Type: application/json" \ -d '{"asset_group_id":"e642b346-2589-4eea-bcda-cbf4c72723c9"}' \ -H "Authorization: APIKey ABCD123456="
One scan per supported asset in the asset group will be created, and once completed, the results of the individual scans will be visible in the Data Theorem portal on the API’s asset pages.
Integrating into a CI/CD pipeline
...