API Interface
Current Version
By default, all requests receive the v1 version of the API. We encourage you to explicitly request this version via the Accept header.
1
Accept: application/vnd.dynapi; v=1
Schema
All API access is over HTTPS, and accessed through dyn.dev/pro/api
. All data is sent and received as JSON.
Blank fields are included as null
instead of being omitted.
All timestamps are returned in ISO 8601 format:
YYYY-MM-DDTHH:MM:SSZ
HTTP Verbs
Where possible, the API strives to use appropriate HTTP verbs for each action.
HEAD
: Can be issued against any resource to get just the HTTP header info.GET
: Used for retrieving resources.POST
: Used for creating resourcesPUT
: Used for updating resources with partial JSON data. A PUT request may accept one or more of the attributes to update the resource.DELETE
: Used for deleting resources.
Parameters
For POST, PATCH, PUT, and DELETE requests, parameters should be encoded as JSON with a Content-Type
of application/json
:
1
2
3
4
5
$ curl \
-H 'Authorization: Token token="xMsNwttqN5bVNEYcrIF01s65"' \
-H 'Content-type: application/json' \
-d '{"team":{"name":"Test Client 4"}}' \
https://dyn-pro.dev/pro/api/teams
Authentication
The API supports two different authentication modes: API token and HTTP Basic.
API token
Provide your token as part of the HTTP Authorization header:
1
Authorization: Token token="<API_token>"
Note that the header requires you to use double-quotes (").
For example:
1
2
3
$ curl \
-H 'Authorization: Token token="xMsNwttqN5bVNEYcrIF01s65"' \
https://dyn-pro.dev/pro/api/projects/1
Basic Authentication
Use the same credentials you log in with:
1
2
$ curl -u 'your@email.com' https://dyn-pro.dev/pro/api/projects/1
Enter host password for user 'your@email.com':
Error codes
These are the possible types of errors on API calls. The response will include a JSON object with the description and the proper HTTP status code:
401 | Authentication required | No authentication credentials have been provided. Use one of the supported authentication methods (token or basic authentication). |
403 | Forbidden | The authenticated user does not have access to this operation. Use a different user or ask the administrator to set the needed permissions for the current user. |
404 | Not found | The resource couldn't be found. |
415 | JSON required | Content-Type header needs to be set to 'application/json' for this request |
422 | Validation error | Some fields have invalid values. Check the "errors" array in the response for further information. |
500 | Internal server error | The application found an unexpected condition that prevented it from fulfilling the request. |
Endpoints Cheatsheet
Check out the following pages for more details on each of the available endpoints:
Retrieve details about the Teams on your instance. | |
Retrieve content about all of the projects or work with a specific project. | |
Retrieve and work with the Nodes in a specific project. | |
Retrieve and work with the Issues in a specific project. | |
Retrieve and work with the Evidence associated with specific Nodes in your project. | |
Retrieve and work with the Content Blocks in a specific project. | |
Retrieve and work with the Notes associated with specific Nodes in your project. | |
Retrieve and work with the Attachments associated with specific Nodes in your project. | |
Retrieve and work with the Document Properties in a specific project. | |
Retrieve and work with the IssueLibrary entries on your instance. |
Teams endpoint
GET /pro/api/teams
Retrieves all teams, ordered by name.
Sample request:
1
2
3
$ curl \
-H 'Authorization: Token token="xMsNwttqN5bVNEYcrIF01s65"' \
https://dyn-pro.dev/pro/api/teams
Result:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
[
{
"id": 1,
"name": "Test Team 1",
"team_since": "2015-05-21",
"created_at": "2015-05-21T16:30:45Z",
"updated_at": "2015-07-29T11:01:37Z",
"projects": [
{
"id": 1,
"name": "Test Project"
},
{
"id": 2,
"name": "Test Project 2"
},
{
"id": 3,
"name": "Test Project 3"
}
]
},
{
"id": 2,
"name": "Test Team 2",
"team_since": "2015-07-29",
"created_at": "2015-07-29T11:00:24Z",
"updated_at": "2015-07-29T11:02:02Z",
"projects": [
]
},
{
"id": 3,
"name": "Test Team 3",
"team_since": "2015-07-29",
"created_at": "2015-07-29T11:02:11Z",
"updated_at": "2015-07-29T11:02:11Z",
"projects": [
]
}
]
GET /pro/api/teams/:id
Retrieves a single team.
Sample request:
1
2
3
$ curl \
-H 'Authorization: Token token="xMsNwttqN5bVNEYcrIF01s65"' \
https://dyn-pro.dev/pro/api/teams/1
Result:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
{
"id": 1,
"name": "Test Team 1",
"team_since": "2015-05-21",
"created_at": "2015-05-21T16:30:45Z",
"updated_at": "2015-07-29T11:01:37Z",
"projects": [
{
"id": 1,
"name": "Test Project"
},
{
"id": 2,
"name": "Test Project 2"
},
{
"id": 3,
"name": "Test Project 3"
}
]
}
POST /pro/api/teams
Creates a team. The attributes for the team must be provided in the POST body as JSON. HTTP status 201
will be returned if the creation completes successfully, and a Location
header will be sent with the response, set to the URL of the newly created resource.
| Pass it the |
| Pass it the name of the team you want to create within dyn |
| Pass the date you started working with this team in |
Sample request:
1
2
3
4
5
6
$ curl \
-H 'Authorization: Token token="xMsNwttqN5bVNEYcrIF01s65"' \
-H 'Content-type: application/json' \
-X POST \
-d '{"team":{"name":"Test Team 4", "team_since":"2017-12-31"}}' \
https://dyn-pro.dev/pro/api/teams
Result:
1
2
3
4
5
6
7
8
9
10
{
"id": 4,
"name": "Test Team 4",
"team_since": "2017-12-31",
"created_at": "2018-10-26T02:51:58.000Z",
"updated_at": "2018-10-26T02:51:58.000Z",
"projects": [
]
}
PUT /pro/api/teams/:id
Updates a team. The attributes to be updated must be provided in the POST body as JSON. HTTP status 200
will be returned if the update completes successfully.
See POST
above for details on accepted parameters
Sample request:
1
2
3
4
5
6
$ curl \
-H 'Authorization: Token token="xMsNwttqN5bVNEYcrIF01s65"' \
-H 'Content-type: application/json' \
-X PUT \
-d '{"team":{"name":"Test Team 4 - Updated"}}' \
https://dyn-pro.dev/pro/api/teams/4
Result:
1
2
3
4
5
6
7
8
9
10
{
"id": 4,
"name": "Test Team 4 - Updated",
"team_since": "2017-12-31",
"created_at": "2018-10-26T02:51:58.000Z",
"updated_at": "2018-10-27T02:51:58.000Z",
"projects": [
]
}
DELETE /pro/api/teams/:id
Deletes a team. HTTP status 200
will be returned if the deletion completes successfully.
Sample request:
1
2
3
4
$ curl \
-H 'Authorization: Token token="xMsNwttqN5bVNEYcrIF01s65"' \
-X DELETE \
https://dyn-pro.dev/pro/api/teams/4
Result:
1
2
3
{
message: "Resource deleted successfully"
}
Users endpoint
The Users endpoint is read-only. You cannot create, update, or destroy a user via the REST API.
GET /pro/api/users
Retrieves all users, ordered by id.
Sample request:
1
2
3
$ curl \
-H 'Authorization: Token token="xMsNwttqN5bVNEYcrIF01s65"' \
https://dyn-pro.dev/pro/api/users
Result:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
[
{
"id": 1,
"name": "Admin",
"email": "admin@securityroots.com",
"created_at": "2018-12-12T15:03:00.000Z",
"updated_at": "2018-12-14T20:39:16.000Z"
},
{
"id": 3,
"name": "Daniel",
"email": "daniel@securityroots.com",
"created_at": "2019-01-08T16:15:24.000Z",
"updated_at": "2019-01-08T16:15:24.000Z"
}
]
GET /pro/api/users/:id
Retrieves a single user.
Sample request:
1
2
3
$ curl \
-H 'Authorization: Token token="xMsNwttqN5bVNEYcrIF01s65"' \
https://dyn-pro.dev/pro/api/users/3
Result:
1
2
3
4
5
6
7
{
"id": 3,
"name": "Daniel",
"email": "daniel@securityroots.com",
"created_at": "2019-01-08T16:15:24.000Z",
"updated_at": "2019-01-08T16:15:24.000Z"
}
Projects endpoint
GET /pro/api/projects
Retrieves all projects, ordered by modification time (most recent first).
Sample request:
1
2
3
$ curl \
-H 'Authorization: Token token="xMsNwttqN5bVNEYcrIF01s65"' \
https://dyn-pro.dev/pro/api/projects
Result:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
[
{
"id": 3,
"name": "Test Project 3",
"client": {
"id": 1,
"name": "Security Roots"
},
"created_at": "2015-07-27T13:12:31Z",
"updated_at": "2015-07-27T13:12:31Z",
"authors": [
{
"email": "my@email.com"
}
],
"owners": [
{
"email": "my@email.com"
}
],
"custom_fields": [
{
"id": 1,
"name": "Assessment Type",
"value": "Webapp"
}
]
},
{
"id": 2,
"name": "Test Project 2",
"client": {
"id": 1,
"name": "Security Roots"
},
"created_at": "2015-07-27T13:11:18Z",
"updated_at": "2015-07-27T13:11:18Z",
"authors": [
{
"email": "my@email.com"
}
],
"owners": [
{
"email": "my@email.com"
}
],
"custom_fields": [
{
"id": 1,
"name": "Assessment Type",
"value": "Webapp"
}
]
},
{
"id": 1,
"name": "Test Project 1",
"client": {
"id": 1,
"name": "Security Roots"
},
"created_at": "2015-07-06T15:55:30Z",
"updated_at": "2015-07-07T08:28:22Z",
"authors": [
{
"email": "my@email.com"
}
],
"owners": [
{
"email": "my@email.com"
}
],
"custom_fields": [
{
"id": 1,
"name": "Assessment Type",
"value": "PenTest"
}
]
}
]
GET /pro/api/projects/:id
Retrieves a single project.
Sample request:
1
2
3
$ curl \
-H 'Authorization: Token token="xMsNwttqN5bVNEYcrIF01s65"' \
https://dyn-pro.dev/pro/api/projects/1
Result:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
{
"id": 1,
"name": "Test Project 1",
"client": {
"id": 1,
"name": "Security Roots"
},
"created_at": "2015-07-06T15:55:30Z",
"updated_at": "2015-07-07T08:28:22Z",
"authors": [
{
"email": "my@email.com"
}
],
"owners": [
{
"email": "my@email.com"
}
],
"custom_fields": [
{
"id": 1,
"name": "Assessment Type",
"value": "Webapp"
},
{
"id": 2,
"name": "Recurrence",
"value": "One off"
}
]
}
POST /pro/api/projects
Creates a project. The attributes for the project must be provided in the POST body as JSON. HTTP status 201
will be returned if the creation completes successfully, and a Location
header will be sent with the response, set to the URL of the newly created resource.
| Pass it the |
| Pass it the name of the project you want to create within dyn |
| Assigns the project to a client. Pass it the ID number of the client the project should be associated with within dyn. |
| Assigns a default report template to the project |
| Assigns users as authors to the project. If not specified, only the user performing the request will be added as author. |
| Associate with a project template to pre-populate the project with data. Pass this the project template name. |
Sample request:
1
2
3
4
5
6
$ curl \
-H 'Authorization: Token token="xMsNwttqN5bVNEYcrIF01s65"'\
-H 'Content-type: application/json' \
-X POST \
-d '{"project":{"name":"Test Project 4","team_id":"1", "report_template_properties_id":"4", "author_ids": [4, 5], "template":"Welcome Project Template"}}' \
https://dyn-pro.dev/pro/api/projects
Result:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
{
"id": 4,
"name": "Test Project 4",
"client": {
"id": 1,
"name": "Security Roots"
},
"created_at": "2015-07-28T15:14:24Z",
"updated_at": "2015-07-28T15:14:24Z",
"authors": [
{
"email": "my@email.com",
},
{
"email": "user4@email.com",
},
{
"email": "user5@email.com",
}
],
"owners": [
{
"email": "my@email.com"
}
]
}
PUT /pro/api/projects/:id
Updates a project. The attributes to be updated must be provided in the POST body as JSON. HTTP status 200 will be returned if the update completes successfully.
See POST
above for details on the accepted parameters.
Sample request:
1
2
3
4
5
6
$ curl \
-H 'Authorization: Token token="xMsNwttqN5bVNEYcrIF01s65"' \
-H 'Content-type: application/json' \
-X PUT \
-d '{"project":{"name":"Test Project 4 - Updated"}}' \
https://dyn-pro.dev/pro/api/projects/4
Result:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
{
"id": 4,
"name": "Test Project 4 - Updated",
"client": {
"id": 1,
"name": "Security Roots"
},
"created_at": "2015-07-28T15:14:24Z",
"updated_at": "2015-07-28T15:14:24Z",
"authors": [
{
"id": 1,
"email": "my@email.com"
}
],
"owners": [
{
"id": 1,
"email": "my@email.com"
}
]
}
PUT /pro/api/projects/:id/owner
Updates a project's owner. The attributes to be updated must be provided in the POST body as JSON. HTTP status 200 will be returned if the update completes successfully.
| Pass it the |
| Pass it the ID number of the user you want to assign as the new project owner |
Sample request:
1
2
3
4
5
6
$ curl \
-H 'Authorization: Token token="xMsNwttqN5bVNEYcrIF01s65"' \
-H 'Content-type: application/json' \
-X PUT \
-d '{"project":{"owner_id":"7"}}' \
https://dyn-pro.dev/pro/api/projects/4/owner
Result:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
{
"id": 4,
"name": "Test Project 4 - Updated",
"client": {
"id": 1,
"name": "Security Roots"
},
"created_at": "2015-07-28T15:14:24Z",
"updated_at": "2015-07-28T15:14:24Z",
"authors": [
{
"id": 1,
"email": "my@email.com"
}
],
"owners": [
{
"id": 7,
"email": "owner@email.com"
}
]
}
DELETE /pro/api/projects/:id
Deletes a project. HTTP status 200
will be returned if the deletion completes successfully.
Sample request:
1
2
3
4
5
$ curl \
-H 'Authorization: Token token="xMsNwttqN5bVNEYcrIF01s65"' \
-H 'Content-type: application/json' \
-X DELETE \
https://dyn-pro.dev/pro/api/projects/4
Result:
1
2
3
{
message: "Resource deleted successfully"
}
Nodes endpoint
Nodes belong to a Project
When working with data for a specific Project like Issues or Nodes, make sure to define the dyn-Project-Id
HTTP header like so:
1
2
3
4
$ curl \
-H 'Authorization: Token token="xMsNwttqN5bVNEYcrIF01s65"' \
-H 'dyn-Project-Id: 3' \
https://dyn-pro.dev/pro/api/nodes
GET /pro/api/nodes
Retrieves all the Nodes in your specific project, ordered by the created_at
timestamp.
You can paginate the results for 25 views per page by appending e.g. \page\1
and \page\2
, so e.g. http://dyn-pro.dev/pro/api/nodes\page\1
.
Sample request:
1
2
3
4
curl \
-H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \
-H 'dyn-Project-Id: 3' \
http://dyn-pro.dev/pro/api/nodes
Result:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
[
{
"id": 29,
"label": "Scope",
"type_id": 1,
"parent_id": 16,
"position": 0,
"created_at": "2016-04-11T16:36:30.708Z",
"updated_at": "2016-04-11T16:36:30.728Z",
"evidence": [
],
"notes": [
{
"id": 43,
"category_id": 2,
"title": "Project Properties",
"fields": {
"Title": "Project Properties",
"dyn.Client": "Security Roots, Ltd",
"dyn.Author": "William Adama",
"dyn.Title": "Penetration Test",
"dyn.Subtitle": "Mobile Banking Application"
},
"text": "#[Title]#\nProject Properties\n\n#[dyn.Client]#\nSecurity Roots, Ltd\n\n#[dyn.Author]#\nWilliam Adama\n\n#[dyn.Title]#\nPenetration Test#[dyn.Subtitle]#\nMobile Banking Application\n"
}
]
},
{
"id": 28,
"label": "plugin.output",
"type_id": 0,
"parent_id": null,
"position": 0,
"created_at": "2016-04-11T16:36:30.698Z",
"updated_at": "2016-04-11T16:36:30.698Z",
"evidence": [
],
"notes": [
]
}
]
GET /pro/api/nodes/:id
Retrieves a single Node from your specified project and displays all the Evidence and Notes associated with the Node.
Sample request:
1
2
3
4
curl \
-H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \
-H 'dyn-Project-Id: 3' \
http://dyn-pro.dev/pro/api/nodes/27
Result:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
{
"id": 27,
"label": "10.0.0.1",
"type_id": 0,
"parent_id": null,
"position": 0,
"created_at": "2016-04-11T16:36:30.418Z",
"updated_at": "2016-04-11T16:36:30.418Z",
"evidence": [
{
"id": 52,
"content": "#[Description]#\r\nbc. Placeholder evidence content ",
"fields": {
"Description": "bc. Placeholder evidence content",
"Label": "Uploaded files"
},
"issue": {
"id": 51,
"title": "Dangerous HTTP methods: TRACE",
"url": "http://dyn-pro.dev/api/issues/51"
}
}
],
"notes": [
]
}
POST /pro/api/nodes
Creates a Node in the specified project. The attributes for the Node must be provided in the POST body as JSON.
HTTP status 201
will be returned if the creation completes successfully, and a Location
header will be sent with the response, set to the URL of the newly created resource.
| Pass it the |
| Pass it the name of the Node you want to create within your dyn project. |
| Pass |
| Pass |
| Pass |
Sample request:
1
2
3
4
5
6
7
curl \
-H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \
-H 'dyn-Project-Id: 3' \
-H 'Content-type: application/json' \
-X POST \
-d '{"node": {"label": "New Node", "type_id": 1, "parent_id": 16, "position": 3}}' \
http://dyn-pro.dev/pro/api/nodes
Result:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
{
"id": 31,
"label": "New Node",
"type_id": 1,
"parent_id": 16,
"position": 3,
"created_at": "2016-04-12T20:50:41.559Z",
"updated_at": "2016-04-12T20:50:41.559Z",
"evidence": [
],
"notes": [
]
}
PUT /pro/api/nodes/:id
Updates a Node in your specified project. You can update some or all of the Node attributes with PUT
. See the POST
method above for details on the different options and attributes available for the Node endpoint.
HTTP status 200
will be returned if the update completes successfully.
See POST
above for details on the accepted parameters.
Sample request:
1
2
3
4
5
6
7
curl \
-H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \
-H 'dyn-Project-Id: 3' \
-H 'Content-type: application/json' \
-X PUT \
-d '{"node": {"parent_id": null}}' \
http://dyn-pro.dev/pro/api/nodes/31
Result:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
{
"id": 31,
"label": "Updated Node Title",
"type_id": 1,
"parent_id": null,
"position": 12,
"created_at": "2016-04-12T20:50:41.559Z",
"updated_at": "2016-04-12T21:00:24.634Z",
"evidence": [
],
"notes": [
]
}
DELETE /pro/api/nodes/:id
Deletes a Node from your specified project. HTTP status 200
will be returned if the deletion completes successfully.
Sample request:
1
2
3
4
5
6
curl \
-H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \
-H 'dyn-Project-Id: 3' \
-H 'Content-type: application/json' \
-X DELETE \
http://dyn-pro.dev/pro/api/nodes/31
Result:
1
2
3
{
"message": "Resource deleted successfully"
}
Issues endpoint
Issues belong to a Project
When working with data for a specific Project like Issues or Nodes, make sure to define the dyn-Project-Id
HTTP header like so:
1
2
3
4
$ curl \
-H 'Authorization: Token token="xMsNwttqN5bVNEYcrIF01s65"' \
-H 'dyn-Project-Id: 3' \
https://dyn-pro.dev/pro/api/issues
GET /pro/api/issues
Retrieves all the Issues in your specific project, ordered by the created_at
timestamp.
You can paginate the results for 25 views per page by appending e.g. \page\1
and \page\2
, so e.g. http://dyn-pro.dev/pro/api/issues\page\1
.
Sample request:
1
2
3
4
curl \
-H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \
-H 'dyn-Project-Id: 3' \
http://dyn-pro.dev/pro/api/issues
Result:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
[
{
"id": 45,
"title": "Insecure cookie configuration: Secure flag",
"fields": {
"Title": "Insecure cookie configuration: Secure flag",
"Rating": "Low",
"Description": "If the Secure attribute is set on a cookie, the browser will ensure that the cookie is only attached to requests going over SSL.",
"Mitigation": "At the bare minimum, the Secure flag should be set in all cookies containing session tokens. However, if the application uses SSL transport, it is best to set the Secure flag in all cookies to ensure they are never sent over clear-text channels.",
"References": "http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)#Description_of_the_Issue"
},
"text": "#[Title]#\r\nInsecure cookie configuration: Secure flag\r\n\r\n#[Rating]#\r\nLow\r\n\r\n#[Description]#\r\nIf the Secure attribute is set on a cookie, the browser will ensure that the cookie is only attached to requests going over SSL. \r\n\r\n#[Mitigation]#\r\nAt the bare minimum, the Secure flag should be set in all cookies containing session tokens. However, if the application uses SSL transport, it is best to set the Secure flag in all cookies to ensure they are never sent over clear-text channels.\r\n\r\n#[References]#\r\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)#Description_of_the_Issue\r\n",
"created_at": "2016-04-12T16:25:17.486Z",
"updated_at": "2016-04-12T16:37:05.363Z"
},
{
"id": 44,
"title": "Weak SSL ciphers",
"fields": {
"Title": "Weak SSL ciphers",
"Rating": "Critical",
"Description": "Some of the ciphers enabled in the SSL service cannot considered to be cryptographically secure. When the key length of the cipher is under 56 bits, it is reasonable to assume that an adversary could mount a successful brute-force attack.",
"Mitigation": "All ciphers with key lengths smaller than 128 bits should be disabled",
"References": "https://www.owasp.org/index.php/Testing_for_SSL-TLS_%28OWASP-CM-001%29"
},
"text": "#[Title]#\r\nWeak SSL ciphers\r\n\r\n#[Rating]#\r\nCritical\r\n\r\n#[Description]#\r\nSome of the ciphers enabled in the SSL service cannot considered to be cryptographically secure. When the key length of the cipher is under 56 bits, it is reasonable to assume that an adversary could mount a successful brute-force attack.\r\n\r\n#[Mitigation]#\r\nAll ciphers with key lengths smaller than 128 bits should be disabled\r\n\r\n#[References]#\r\nhttps://www.owasp.org/index.php/Testing_for_SSL-TLS_%28OWASP-CM-001%29\r\n",
"created_at": "2016-04-11T16:49:15.657Z",
"updated_at": "2016-04-12T16:37:12.343Z"
}
]
GET /pro/api/issues/:id
Retrieves a single Issue from your specified project.
Sample request:
1
2
3
4
curl \
-H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \
-H 'dyn-Project-Id: 3' \
http://dyn-pro.dev/pro/api/issues/45
Result:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
{
"id": 45,
"title": "Insecure cookie configuration: Secure flag",
"fields": {
"Title": "Insecure cookie configuration: Secure flag",
"Rating": "Low",
"Description": "If the Secure attribute is set on a cookie, the browser will ensure that the cookie is only attached to requests going over SSL.",
"Mitigation": "At the bare minimum, the Secure flag should be set in all cookies containing session tokens. However, if the application uses SSL transport, it is best to set the Secure flag in all cookies to ensure they are never sent over clear-text channels.",
"References": "http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)#Description_of_the_Issue",
"Test": ""
},
"text": "#[Title]#\r\nInsecure cookie configuration: Secure flag\r\n\r\n#[Rating]#\r\nLow\r\n\r\n#[Description]#\r\nIf the Secure attribute is set on a cookie, the browser will ensure that the cookie is only attached to requests going over SSL. \r\n\r\n#[Mitigation]#\r\nAt the bare minimum, the Secure flag should be set in all cookies containing session tokens. However, if the application uses SSL transport, it is best to set the Secure flag in all cookies to ensure they are never sent over clear-text channels.\r\n\r\n#[References]#\r\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)#Description_of_the_Issue\r\n\r\n#[Test]#\r\n",
"created_at": "2016-04-12T16:25:17.486Z",
"updated_at": "2016-04-12T16:38:39.932Z"
}
POST /pro/api/issues
Creates an Issue in the specified project. The attributes for the Issue must be provided in the POST body as JSON.
HTTP status 201
will be returned if the creation completes successfully, and a Location
header will be sent with the response, set to the URL of the newly created resource.
| Pass it the |
| Pass it the content of the Issue using JSON on one line subbing in |
Sample request:
1
2
3
4
5
6
7
curl \
-H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \
-H 'dyn-Project-Id: 3' \
-H 'Content-type: application/json' \
-X POST \
-d '{"issue":{"text": "#[Title]#\r\nDangerous HTTP methods: TRACE\r\n\r\n#[Rating]#\r\nMedium\r\n\r\n#[Description]#\r\nThe TRACE HTTP method is used as a debugging mechanism that allows the client to see what is being received at the other end of the request chain and use that data for testing and diagnostic information."}}' \
http://dyn-pro.dev/pro/api/issues
Result:
1
2
3
4
5
6
7
8
9
10
11
12
{
"id": 51,
"title": "Dangerous HTTP methods: TRACE",
"fields": {
"Title": "Dangerous HTTP methods: TRACE",
"Rating": "Medium",
"Description": "The TRACE HTTP method is used as a debugging mechanism that allows the client to see what is being received at the other end of the request chain and use that data for testing and diagnostic information."
},
"text": "#[Title]#\r\nDangerous HTTP methods: TRACE\r\n\r\n#[Rating]#\r\nMedium\r\n\r\n#[Description]#\r\nThe TRACE HTTP method is used as a debugging mechanism that allows the client to see what is being received at the other end of the request chain and use that data for testing and diagnostic information.",
"created_at": "2016-04-12T20:18:12.090Z",
"updated_at": "2016-04-12T20:18:12.090Z"
}
PUT /pro/api/issues/:id
Updates an Issue in the specified project. The attributes to be updated must be provided in the body as JSON. Like the POST method, make sure to write out the new content of the Issue using JSON on one line subbing in \r\n
to create newlines as needed.
HTTP status 200
will be returned if the update completes successfully.
See POST
above for more details on the accepted parameters.
Sample request:
1
2
3
4
5
6
7
curl \
-H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \
-H 'dyn-Project-Id: 3' \
-H 'Content-type: application/json' \
-X PUT \
-d '{"issue":{"text": "#[Title]#\r\nUpdated Issue Title\r\n\r\n#[Rating]#\r\nMedium\r\n\r\n#[Description]#\r\nUpdated sample Issue description"}}' \
http://dyn-pro.dev/pro/api/issues/45
Result:
1
2
3
4
5
6
7
8
9
10
11
12
{
"id": 45,
"title": "Updated Issue Title",
"fields": {
"Title": "Updated Issue Title",
"Rating": "Medium",
"Description": "Updated sample Issue description"
},
"text": "#[Title]#\r\nUpdated Issue Title\r\n\r\n#[Rating]#\r\nMedium\r\n\r\n#[Description]#\r\nUpdated sample Issue description",
"created_at": "2016-04-12T16:25:17.486Z",
"updated_at": "2016-04-12T20:24:02.471Z"
}
DELETE /pro/api/issues/:id
Deletes an Issue from your specified project. HTTP status 200
will be returned if the deletion completes successfully.
Sample request:
1
2
3
4
5
6
curl \
-H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \
-H 'dyn-Project-Id: 3' \
-H 'Content-type: application/json' \
-X DELETE \
http://dyn-pro.dev/pro/api/issues/45
Result:
1
2
3
{
"message": "Resource deleted successfully"
}
Evidence endpoint
Instances of Evidence belong to a Node in a Project
When working with data for a specific Project like Issues or Evidence, make sure to define the dyn-Project-Id
HTTP header like so:
1
2
3
4
$ curl \
-H 'Authorization: Token token="xMsNwttqN5bVNEYcrIF01s65"' \
-H 'dyn-Project-Id: 3' \
https://dyn-pro.dev/pro/api/nodes/8/evidence
GET /pro/api/nodes/:node_id/evidence
Retrieves all the Evidence associated with the specific Node in your project, ordered by evidence id
descending.
You can paginate the results for 25 views per page by appending e.g. \page\1
and \page\2
, so e.g. http://dyn-pro.dev/pro/api/nodes/8/evidence\page\1
.
Sample request:
1
2
3
4
curl \
-H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \
-H 'dyn-Project-Id: 3' \
http://dyn-pro.dev/pro/api/nodes/8/evidence
Result:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
[
{
"id": 12,
"content": "bc. Placeholder Evidence content.",
"fields": {
"Label": "scanme.insecure.org"
},
"issue": {
"id": 30,
"title": "DNS Server Recursive Query Cache Poisoning Weakness",
"url": "http://dyn-pro.dev/pro/api/issues/30"
}
},
{
"id": 11,
"content": "bc. Placeholder Evidence content.",
"fields": {
"Label": "scanme.insecure.org"
},
"issue": {
"id": 33,
"title": "DNS Server Cache Snooping Information Disclosure",
"url": "http://dyn-pro.dev/pro/api/issues/33"
}
}
]
GET /pro/api/nodes/:node_id/evidence/:evidence_id
Retrieves a single piece of Evidence from a Node in your project.
Sample request:
1
2
3
4
curl \
-H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \
-H 'dyn-Project-Id: 3' \
http://dyn-pro.dev/pro/api/nodes/8/evidence/11
Result:
1
2
3
4
5
6
7
8
9
10
11
12
13
{
"id": 11,
"content": "bc. Placeholder Evidence content.",
"fields": {
"Label": "scanme.insecure.org"
},
"issue": {
"id": 33,
"title": "DNS Server Cache Snooping Information Disclosure",
"url": "https://dyn-pro.dev/pro/api/issues/33"
}
}
POST /pro/api/nodes/:node_id/evidence
Creates a piece of Evidence on the specified Node in your project. The attributes for the Evidence must be provided in the POST body as JSON.
HTTP status 201
will be returned if the creation completes successfully, and a Location
header will be sent with the response, set to the URL of the newly created resource.
| Pass it the |
| Pass it the content of the Evidence using JSON on one line subbing in |
| Pass it the ID of the you want to associate the Evidence with. |
Sample request:
1
2
3
4
5
6
7
curl \
-H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \
-H 'dyn-Project-Id: 3' \
-H 'Content-type: application/json' \
-X POST \
-d '{"evidence":{"content": "#[Description]#\r\nbc. Placeholder evidence content.", "issue_id": "24" }}' \
http://dyn-pro.dev/pro/api/nodes/8/evidence
Result:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
{
"id": 16,
"content": "#[Description]#\r\nbc. Placeholder evidence content.",
"fields": {
"Description": "bc. Placeholder evidence content.",
"Label": "scanme.insecure.org"
},
"issue": {
"id": 24,
"title": "Backported Security Patch Detection (WWW)",
"url": "http://dyn-pro.dev/pro/api/issues/24"
}
}
PUT /pro/api/nodes/:node_id/evidence/:evidence_id
Updates a specific piece of Evidence on a Node in your project. The attributes to be updated must be provided in the body as JSON. Like the POST method, make sure to write out the new content of the Issue using JSON on one line subbing in \r\n
to create newlines as needed and using the #[ ]#
syntax for field names.
HTTP status 200
will be returned if the update completes successfully.
See POST
above for more details on the accepted parameters.
Sample request:
1
2
3
4
5
6
7
curl \
-H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \
-H 'dyn-Project-Id: 3' \
-H 'Content-type: application/json' \
-X PUT \
-d '{"evidence":{"content": "#[Description]#\r\nUpdated evidence content.", "issue_id": "24" }}' \
http://dyn-pro.dev/pro/api/nodes/8/evidence/16
Result:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
{
"id": 16,
"content": "#[Description]#\r\nUpdated evidence content.",
"fields": {
"Description": "Updated evidence content.",
"Label": "scanme.insecure.org"
},
"issue": {
"id": 24,
"title": "Backported Security Patch Detection (WWW)",
"url": "https://dyn-pro.dev/pro/api/issues/24"
}
}
DELETE /pro/api/node/:node_id/evidence/:evidence_id
Deletes a piece of Evidence from the specified Node in your project. HTTP status 200
will be returned if the deletion completes successfully.
Sample request:
1
2
3
4
5
6
curl \
-H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \
-H 'dyn-Project-Id: 3' \
-H 'Content-type: application/json' \
-X DELETE \
http://dyn-pro.dev/pro/api/nodes/8/evidence/16
Result:
1
2
3
{
"message": "Resource deleted successfully"
}
Content Blocks endpoint
Content Blocks are found on the Report Content page of your project
When working with data for a specific Project like Content Blocks, make sure to define the dyn-Project-Id
HTTP header like so:
1
2
3
4
$ curl \
-H 'Authorization: Token token="xMsNwttqN5bVNEYcrIF01s65"' \
-H 'dyn-Project-Id: 3' \
https://dyn-pro.dev/pro/api/content_blocks/
GET /pro/api/content_blocks
Retrieves all of the Content Blocks in your project, ordered by the Content Block id
, ascending.
Sample request:
1
2
3
4
curl \
-H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \
-H 'dyn-Project-Id: 3' \
http://dyn-pro.dev/pro/api/content_blocks
Result:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
[
{
"id": 4,
"block_group": "Conclusions",
"title": "Conclusions and Recommendations",
"fields": {
"Title": "Conclusions and Recommendations",
"Type": "Conclusions",
"Description": "Any data you put in this Description field will export out into the Conclusions and Recommendations section of your welcome pack report template."
},
"content": "#[Title]#\r\nConclusions and Recommendations\r\n\r\n#[Type]#\r\nConclusions\r\n\r\n#[Description]#\r\nAny data you put in this Description field will export out into the Conclusions and Recommendations section of your welcome pack report template. "
},
{
"id": 5,
"block_group": "Appendix",
"title": "Example Appendix Content",
"fields": {
"Title": "Example Appendix Content",
"Type": "Appendix",
"Description": "Any data you put in this Description field will export out into Appendix B of your welcome pack report template."
},
"content": "#[Title]#\r\nExample Appendix Content\r\n\r\n#[Type]#\r\nAppendix\r\n\r\n#[Description]#\r\nAny data you put in this Description field will export out into Appendix B of your welcome pack report template."
}
]
GET /pro/api/content_blocks/:block_id
Retrieves a single Content Block from your project.
Sample request:
1
2
3
4
curl \
-H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \
-H 'dyn-Project-Id: 3' \
http://dyn-pro.dev/pro/api/content_blocks/4
Result:
1
2
3
4
5
6
7
8
9
10
11
12
{
"id": 4,
"block_group": "Conclusions",
"title": "Conclusions and Recommendations",
"fields": {
"Title": "Conclusions and Recommendations",
"Type": "Conclusions",
"Description": "Any data you put in this Description field will export out into the Conclusions and Recommendations section of your welcome pack report template."
},
"content": "#[Title]#\r\nConclusions and Recommendations\r\n\r\n#[Type]#\r\nConclusions\r\n\r\n#[Description]#\r\nAny data you put in this Description field will export out into the Conclusions and Recommendations section of your welcome pack report template."
}
POST /pro/api/content_blocks
Creates a Content Block in your project. The attributes for the Content Block must be provided in the POST body as JSON.
HTTP status 201
will be returned if the creation completes successfully, and a Location
header will be sent with the response, set to the URL of the newly created resource.
| Pass it the |
| Pass it the content of the Content Block using JSON on one line subbing in |
| Pass this the name of the Block Group you want to assign to your Content Block. For example, pass it a value of . |
Sample request:
1
2
3
4
5
6
7
curl \
-H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \
-H 'dyn-Project-Id: 3' \
-H 'Content-type: application/json' \
-X POST \
-d '{"content_block": {"content": "#[Title]#\r\nNew Content Block\r\n\r\n#[Description]#\r\nSample content.", "block_group": "Conclusions"}}' \
http://dyn-pro.dev/pro/api/content_blocks
Result:
1
2
3
4
5
6
7
8
9
10
11
{
"id": 6,
"block_group": "Conclusions",
"title": "New Content Block",
"fields": {
"Title": "New Content Block",
"Description": "Sample content."
},
"content": "#[Title]#\r\nNew Content Block\r\n\r\n#[Description]#\r\nSample content."
}
PUT /pro/api/content_blocks/:block_id
Updates a specific Content Block in your project. The attributes to be updated must be provided in the body as JSON. Like the POST method, make sure to write out the new content of the Content Block using JSON on one line subbing in \r\n
to create new lines create fields using the #[ ]#
syntax.
HTTP status 200
will be returned if the update completes successfully.
See POST
above for more details on the accepted parameters.
Sample request:
1
2
3
4
5
6
7
curl \
-H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \
-H 'dyn-Project-Id: 3' \
-H 'Content-type: application/json' \
-X PUT \
-d '{"content_block": {"content": "#[Title]#\r\nUpdated Content Block\r\n\r\n#[Description]#\r\nUpdated content.", "block_group": "Conclusions"}}' \
http://dyn-pro.dev/pro/api/content_blocks/6
Result:
1
2
3
4
5
6
7
8
9
10
11
{
"id": 6,
"block_group": "Conclusions",
"title": "Updated Content Block",
"fields": {
"Title": "Updated Content Block",
"Description": "Updated content."
},
"content": "#[Title]#\r\nUpdated Content Block\r\n\r\n#[Description]#\r\nUpdated content."
}
DELETE /pro/api/content_blocks/:block_id
Deletes a specific Content Block from your project. HTTP status 200
will be returned if the deletion completes successfully.
Sample request:
1
2
3
4
5
6
curl \
-H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \
-H 'dyn-Project-Id: 3' \
-H 'Content-type: application/json' \
-X DELETE \
http://dyn-pro.dev/pro/api/content_blocks/6
Result:
1
2
3
{
"message": "Resource deleted successfully"
}
Notes endpoint
Notes belong to a Node in a Project
When working with data for a specific Project like Notes, make sure to define the dyn-Project-Id
HTTP header like so:
1
2
3
4
$ curl \
-H 'Authorization: Token token="xMsNwttqN5bVNEYcrIF01s65"' \
-H 'dyn-Project-Id: 3' \
https://dyn-pro.dev/pro/api/nodes/8/notes
GET /pro/api/nodes/:node_id/notes
Retrieves all of the Notes associated with the specific Node in your project, ordered by the note id
, descending.
You can paginate the results for 25 views per page by appending e.g. \page\1
and \page\2
, so e.g. http://dyn-pro.dev/pro/api/nodes/8/notes\page\1
.
Sample request:
1
2
3
4
curl \
-H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \
-H 'dyn-Project-Id: 3' \
http://dyn-pro.dev/pro/api/nodes/8/notes
Result:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
[
{
"id": 14,
"category_id": 1,
"title": "Host Details",
"fields": {
"Title": "Host Details",
"Type": "Details",
"Description": "Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nullam fringilla tristique nisi, id cursus elit tincidunt egestas. Nunc sagittis libero eu hendrerit aliquam."
},
"text": "#[Title]#\r\nHost Details\r\n\r\n#[Type]#\r\nDetails\r\n\r\n#[Description]#\r\nLorem ipsum dolor sit amet, consectetur adipiscing elit. Nullam fringilla tristique nisi, id cursus elit tincidunt egestas. Nunc sagittis libero eu hendrerit aliquam."
},
{
"id": 13,
"category_id": 6,
"title": "Host info",
"fields": {
"Title": "Host info",
"Host information": "Name: scanme.insecure.org\nIP address: 64.13.134.52\nFQDN: scanme.insecure.org\nOS: NetBSD 3.0\nMac address: n/a\nNetbios name: n/a",
"Scan information": "Scan started: Fri Dec 11 02:57:52 2009\nScan ended: Fri Dec 11 03:07:22 2009"
},
"text": "#[Title]#\nHost info\n\n#[Host information]#\nName: scanme.insecure.org\nIP address: 64.13.134.52\nFQDN: scanme.insecure.org\nOS: NetBSD 3.0\nMac address: n/a\nNetbios name: n/a\n\n#[Scan information]#\nScan started: Fri Dec 11 02:57:52 2009\nScan ended: Fri Dec 11 03:07:22 2009\n"
}
]
GET /pro/api/nodes/:node_id/notes/:note_id
Retrieves a single Note from the specific Node in your project.
Sample request:
1
2
3
4
curl \
-H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \
-H 'dyn-Project-Id: 3' \
http://dyn-pro.dev/pro/api/nodes/8/notes/13
Result:
1
2
3
4
5
6
7
8
9
10
11
12
{
"id": 13,
"category_id": 6,
"title": "Host info",
"fields": {
"Title": "Host info",
"Host information": "Name: scanme.insecure.org\nIP address: 64.13.134.52\nFQDN: scanme.insecure.org\nOS: NetBSD 3.0\nMac address: n/a\nNetbios name: n/a",
"Scan information": "Scan started: Fri Dec 11 02:57:52 2009\nScan ended: Fri Dec 11 03:07:22 2009"
},
"text": "#[Title]#\nHost info\n\n#[Host information]#\nName: scanme.insecure.org\nIP address: 64.13.134.52\nFQDN: scanme.insecure.org\nOS: NetBSD 3.0\nMac address: n/a\nNetbios name: n/a\n\n#[Scan information]#\nScan started: Fri Dec 11 02:57:52 2009\nScan ended: Fri Dec 11 03:07:22 2009\n"
}
POST /pro/api/nodes/:node_id/notes
Creates a Note on the specified Node in your project. The attributes for the Issue must be provided in the POST body as JSON.
HTTP status 201
will be returned if the creation completes successfully, and a Location
header will be sent with the response, set to the URL of the newly created resource.
| Pass it the |
| Pass it the content of the Note using JSON on one line subbing in |
| Pass this the numeric value of the category you want to assign to your Note. For example, pass it a value of |
Sample request:
1
2
3
4
5
6
7
curl \
-H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \
-H 'dyn-Project-Id: 3' \
-H 'Content-type: application/json' \
-X POST \
-d '{"note": {"text": "#[Title]#\r\nNew Note\r\n\r\n#[Description]#\r\nSample note content.", "category_id": "1"}}' \
http://dyn-pro.dev/pro/api/nodes/8/notes
Result:
1
2
3
4
5
6
7
8
9
10
11
{
"id": 15,
"category_id": 1,
"title": "New Note",
"fields": {
"Title": "New Note",
"Description": "Sample note content."
},
"text": "#[Title]#\r\nNew Note\r\n\r\n#[Description]#\r\nSample note content."
}
PUT /pro/api/nodes/:node_id/notes/:note_id
Updates a Note on the specified Node in your project. The attributes to be updated must be provided in the body as JSON. Like the POST method, make sure to write out the new content of the Issue using JSON on one line subbing in \r\n
to create new lines create fields using the #[ ]#
syntax.
HTTP status 200
will be returned if the update completes successfully.
See POST
above for more details on the accepted parameters.
Sample request:
1
2
3
4
5
6
7
curl \
-H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \
-H 'dyn-Project-Id: 3' \
-H 'Content-type: application/json' \
-X PUT \
-d '{"note": {"text": "#[Title]#\r\nUpdated Note\r\n\r\n#[Description]#\r\nUpdated note content.", "category_id": "6"}}' \
http://dyn-pro.dev/pro/api/nodes/8/notes/15
Result:
1
2
3
4
5
6
7
8
9
10
11
{
"id": 15,
"category_id": 6,
"title": "Updated Note",
"fields": {
"Title": "Updated Note",
"Description": "Updated note content."
},
"text": "#[Title]#\r\nUpdated Note\r\n\r\n#[Description]#\r\nUpdated note content."
}
DELETE /pro/api/nodes/:node_id/notes/:note_id
Deletes a Note from the specified Node in your project. HTTP status 200
will be returned if the deletion completes successfully.
Sample request:
1
2
3
4
5
6
curl \
-H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \
-H 'dyn-Project-Id: 3' \
-H 'Content-type: application/json' \
-X DELETE \
http://dyn-pro.dev/pro/api/nodes/8/notes/15
Result:
1
2
3
{
message: "Resource deleted successfully"
}
Attachments endpoint
Attachments belong to a Node in a Project
When working with data for a specific Project like Issues or Attachments, make sure to define the dyn-Project-Id
HTTP header like so:
1
2
3
4
$ curl \
-H 'Authorization: Token token="xMsNwttqN5bVNEYcrIF01s65"' \
-H 'dyn-Project-Id: 3' \
https://dyn-pro.dev/pro/api/nodes/8/attachments
GET /pro/api/nodes/:node_id/attachments
Retrieves all the Attachments associated with the specific Node in your project.
Sample request:
1
2
3
4
curl \
-H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \
-H 'dyn-Project-Id: 3' \
http://dyn-pro.dev/pro/api/nodes/8/attachments
Result:
1
2
3
4
5
6
7
8
9
10
11
[
{
"filename": "file%201.png",
"link": "/pro/projects/3/nodes/8/attachments/file%201.png"
},
{
"filename": "file%202.csv",
"link": "/pro/projects/3/nodes/8/attachments/file%202.csv"
}
]
GET /pro/api/nodes/:node_id/attachments/:filename
Retrieves a single attachment from a Node in your project.
Sample request:
1
2
3
4
curl \
-H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \
-H 'dyn-Project-Id: 3' \
http://dyn-pro.dev/pro/api/nodes/8/attachments/file%201.png
Result:
1
2
3
4
5
{
"filename": "file 1.png",
"link": "/pro/projects/3/nodes/8/attachments/file%201.png"
}
POST /pro/api/nodes/:node_id/attachments
Creates an Attachment on the specified Node in your project. The files to be the attached must be provided in the POST using using the Content-Type: multipart/form-data
.
HTTP status 201
will be returned if the creation completes successfully.
| Pass it the files to be uploaded, as a web browser does with an input of type field. More than 1 Attachment can be created on a single request. |
Sample request:
1
2
3
4
5
6
7
curl \
-H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \
-H 'dyn-Project-Id: 3' \
-H 'Content-Type: multipart/form-data' \
-X POST \
-F 'files[]=@/your/own/path/file 1.png' -F 'files[]=@/your/own/path/file 1.png' \
http://dyn-pro.dev/pro/api/nodes/8/attachments
Result:
1
2
3
4
5
6
7
8
9
10
11
[
{
"filename": "file 1.png",
"link": "/pro/projects/3/nodes/8/attachments/file%201.png"
},
{
"filename": "file 1_copy-01.png",
"link": "/pro/projects/3/nodes/8/attachments/file%201_copy-01.png"
}
]
PUT /pro/api/nodes/:node_id/attachments/:filename
Renames a specific Attachment on a Node in your project. The new name to must be provided in the body as JSON.
HTTP status 200
will be returned if the update completes successfully.
Sample request:
1
2
3
4
5
6
7
curl \
-H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \
-H 'dyn-Project-Id: 3' \
-H 'Content-type: application/json' \
-X PUT \
-d '{"attachment":{"filename": "new_name.png" }}' \
http://dyn-pro.dev/pro/api/nodes/8/attachments/file%201.png
Result:
1
2
3
4
5
{
"filename": "new_name.png",
"link": "/pro/projects/3/nodes/8/attachments/new_name.png"
}
DELETE /pro/api/node/:node_id/attachments/:filename
Deletes an Attachment from the specified Node in your project. HTTP status 200
will be returned if the deletion completes successfully.
Sample request:
1
2
3
4
5
6
curl \
-H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \
-H 'dyn-Project-Id: 3' \
-H 'Content-type: application/json' \
-X DELETE \
http://dyn-pro.dev/pro/api/nodes/8/attachments/file%201.png
Result:
1
2
3
{
"message": "Resource deleted successfully"
}
Document Properties endpoint
When working with data for a specific Project, make sure to define the dyn-Project-Id
HTTP header like so:
1
2
3
4
$ curl \
-H 'Authorization: Token token="xMsNwttqN5bVNEYcrIF01s65"' \
-H 'dyn-Project-Id: 3' \
https://dyn-pro.dev/pro/api/document_properties
GET /pro/api/document_properties
Retrieves all of the Document Properties associated with the specific project.
Sample request:
1
2
3
4
curl \
-H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \
-H 'dyn-Project-Id: 3' \
http://dyn-pro.dev/pro/api/document_properties
Result:
1
2
3
4
5
6
7
8
[
{
"test1": "test1"
},
{
"test2": "test2"
}
]
GET /pro/api/document_properties/:document_property_id
Retrieves a single Document Property from the specific Node in your project.
Sample request:
1
2
3
4
curl \
-H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \
-H 'dyn-Project-Id: 3' \
http://dyn-pro.dev/pro/api/document_properties/dyn.client
Result:
1
2
3
4
{
"dyn.client": "ACME Ltd."
}
POST /pro/api/document_properties
Creates a Document Property in your project. The attributes for the Document Property must be provided in the POST body as JSON.
HTTP status 201
will be returned if the creation completes successfully, and a Location
header will be sent with the response, set to the URL of the newly created resource.
| Pass it the |
| Pass it the list of Document Properties to be created. If a property exists it will be overwritten |
Sample request:
1
2
3
4
5
6
7
curl \
-H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \
-H 'dyn-Project-Id: 3' \
-H 'Content-type: application/json' \
-X POST \
-d '{"document_properties": {"dyn.client": "ACME Ltd.", "dyn.project": "Test"}}' \
http://dyn-pro.dev/pro/api/document_properties
Result:
1
2
3
4
5
6
7
8
9
[
{
"dyn.client": "ACME Ltd."
},
{
"dyn.project": "Test"
}
]
PUT /pro/api/nodes/document_properties/:document_property
Updates a Note on the specified Node in your project. The attributes to be updated must be provided in the body as JSON. Like the POST method, make sure to write out the new content of the Issue using JSON on one line subbing in \r\n
to create new lines create fields using the #[ ]#
syntax.
HTTP status 200
will be returned if the update completes successfully.
See POST
above for more details on the accepted parameters.
Sample request:
1
2
3
4
5
6
7
curl \
-H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \
-H 'dyn-Project-Id: 3' \
-H 'Content-type: application/json' \
-X PUT \
-d '{"document_property": {"value": "updated2!"}}' \
http://dyn-pro.dev/pro/api/document_properties/dyn.client
Result:
1
2
3
4
{
"dyn.client": "updated!"
}
DELETE /pro/api/document_properties/:document_property
Deletes a Document Property in your project. HTTP status 200
will be returned if the deletion completes successfully.
Sample request:
1
2
3
4
5
6
curl \
-H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \
-H 'dyn-Project-Id: 3' \
-H 'Content-type: application/json' \
-X DELETE \
http://dyn-pro.dev/pro/api/document_properties/dyn.client
Result:
1
2
3
{
"message": "Resource deleted successfully"
}
IssueLibrary endpoint
GET /pro/api/addons/issuelib/entries
Retrieves all of the IssueLibrary entries from your instance.
Sample request:
1
2
3
curl \
-H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \
http://dyn-pro.dev/pro/api/addons/issuelib/entries
Result:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
[
{
"id": 1,
"title": ".NET assemblies were not obfuscated",
"fields": {
"Title": ".NET assemblies were not obfuscated",
"Description": "The client-side assemblies were found to be strongly-named (which can help against tampering)...",
"id": 1
},
"state": 0,
"content": "#[Title]#\r\n.NET assemblies were not obfuscated\r\n\r\n\r\n#[Description]#\r\nThe client-side assemblies were found to be strongly-named (which can help against tampering)...",
"created_at": "2019-03-14T20:35:45.000Z",
"updated_at": "2019-03-14T20:59:09.000Z"
},
{
"id": 2,
"title": "SQL injection",
"fields": {
"Title": "SQL injection",
"Description": "Structured Query Language (SQL) is a computer language designed for the retrieval and management of data in relation databases...",
"id": 2
},
"state": 0,
"content": "#[Title]#\r\nSQL injection\r\n\r\n\r\n#[Description]#\r\nStructured Query Language (SQL) is a computer language designed for the retrieval and management of data in relation databases...",
"created_at": "2019-03-14T20:59:29.000Z",
"updated_at": "2019-03-14T20:59:29.000Z"
}
]
GET /pro/api/addons/issuelib/entries/:issuelibrary_entry_id
Retrieves a single IssueLibrary entry.
Sample request:
1
2
3
curl \
-H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \
http://dyn-pro.dev/pro/api/addons/issuelib/entries/2
Result:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
{
"id": 2,
"title": "SQL injection",
"fields": {
"Title": "SQL injection",
"Description": "Structured Query Language (SQL) is a computer language designed for the retrieval and management of data in relation databases...",
"id": 2
},
"state": 0,
"content": "#[Title]#\r\nSQL injection\r\n\r\n\r\n#[Description]#\r\nStructured Query Language (SQL) is a computer language designed for the retrieval and management of data in relation databases...",
"created_at": "2019-03-14T20:59:29.000Z",
"updated_at": "2019-03-14T20:59:29.000Z"
}
POST /pro/api/addons/issuelib/entries
Creates an IssueLibrary entry. The attributes for the IssueLibrary entry must be provided in the POST body as JSON.
HTTP status 201
will be returned if the creation completes successfully, and a Location
header will be sent with the response, set to the URL of the newly created resource.
| Pass it the |
| Pass it the content of the IssueLibrary entry to be created. |
Sample request:
1
2
3
4
5
6
curl \
-H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \
-H 'Content-type: application/json' \
-X POST \
-d '{"entry":{"content": "#[Title]#\r\nDangerous HTTP methods: TRACE\r\n\r\n#[Rating]#\r\nMedium\r\n\r\n#[Description]#\r\nThe TRACE HTTP method is used as a debugging mechanism that allows the client to see what is being received at the other end of the request chain and use that data for testing and diagnostic information."}}' \
http://dyn-pro.dev/pro/api/addons/issuelib/entries
Result:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
{
"id": 3,
"title": "Dangerous HTTP methods: TRACE",
"fields": {
"Title": "Dangerous HTTP methods: TRACE",
"Rating": "Medium",
"Description": "The TRACE HTTP method is used as a debugging mechanism that allows the client to see what is being received at the other end of the request chain and use that data for testing and diagnostic information.",
"id": 3
},
"state": 0,
"content": "#[Title]#\r\nDangerous HTTP methods: TRACE\r\n\r\n#[Rating]#\r\nMedium\r\n\r\n#[Description]#\r\nThe TRACE HTTP method is used as a debugging mechanism that allows the client to see what is being received at the other end of the request chain and use that data for testing and diagnostic information.",
"created_at": "2019-03-14T21:10:53.000Z",
"updated_at": "2019-03-14T21:10:53.000Z"
}
PUT /pro/api/addons/issuelib/entries/:issuelibrary_entry_id
Updates a specific IssueLibrary entry. The attributes to be updated must be provided in the body as JSON. Like the POST method, make sure to write out the new content of the IssueLibrary entry using JSON on one line subbing in \r\n
to create new lines and creating fields using the #[ ]#
syntax. If your content contains any special characters, be sure to escape them using /
.
HTTP status 200
will be returned if the update completes successfully.
See POST
above for more details on the accepted parameters.
Sample request:
1
2
3
4
5
6
curl \
-H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \
-H 'Content-type: application/json' \
-X PUT \
-d '{"entry":{"content": "#[Title]#\r\nDangerous HTTP methods: TRACE\r\n\r\n#[Rating]#\r\nMedium\r\n\r\n#[Description]#\r\nUpdated sample IssueLibrary entry description"}}' \
http://dyn-pro.dev/pro/pro/api/addons/issuelib/entries/3
Result:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
{
"id": 3,
"title": "Dangerous HTTP methods: TRACE",
"fields": {
"Title": "Dangerous HTTP methods: TRACE",
"Rating": "Medium",
"Description": "Updated sample IssueLibrary entry description",
"id": 3
},
"state": 0,
"content": "#[Title]#\r\nDangerous HTTP methods: TRACE\r\n\r\n#[Rating]#\r\nMedium\r\n\r\n#[Description]#\r\nUpdated sample IssueLibrary entry description",
"created_at": "2019-03-14T21:10:53.000Z",
"updated_at": "2019-03-14T21:14:33.000Z"
}
DELETE /pro/api/addons/issuelib/entries/:issuelibrary_entry_id
Deletes a specific IssueLibrary entry from your instance. HTTP status 200
will be returned if the deletion completes successfully.
Sample request:
1
2
3
4
curl \
-H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \
-X DELETE \
http://dyn-pro.dev/pro/pro/api/addons/issuelib/entries/3
Result:
1
2
3
{
"message": "Resource deleted successfully"
}
COPYRIGHT (C) 2014-2022 SECURITY REVIEWER SRL. ALL RIGHTS RESERVED.