API Interface

Current Version

By default, all requests receive the v1 version of the API. We encourage you to explicitly request this version via the Accept header.

1 Accept: application/vnd.dynapi; v=1

Schema

All API access is over HTTPS, and accessed through dyn.dev/pro/api. All data is sent and received as JSON.

Blank fields are included as null instead of being omitted.

All timestamps are returned in ISO 8601 format:

YYYY-MM-DDTHH:MM:SSZ

HTTP Verbs

Where possible, the API strives to use appropriate HTTP verbs for each action.

  • HEAD: Can be issued against any resource to get just the HTTP header info.

    GET: Used for retrieving resources.

    POST: Used for creating resources

    PUT: Used for updating resources with partial JSON data. A PUT request may accept one or more of the attributes to update the resource.

    DELETE: Used for deleting resources.

Parameters

For POST, PATCH, PUT, and DELETE requests, parameters should be encoded as JSON with a Content-Type of application/json:

1 2 3 4 5 $ curl \ -H 'Authorization: Token token="xMsNwttqN5bVNEYcrIF01s65"' \ -H 'Content-type: application/json' \ -d '{"team":{"name":"Test Client 4"}}' \ https://dyn-pro.dev/pro/api/teams

Authentication

The API supports two different authentication modes: API token and HTTP Basic.

API token

Provide your token as part of the HTTP Authorization header:

1 Authorization: Token token="<API_token>"

Note that the header requires you to use double-quotes (").

For example:

1 2 3 $ curl \ -H 'Authorization: Token token="xMsNwttqN5bVNEYcrIF01s65"' \ https://dyn-pro.dev/pro/api/projects/1

Basic Authentication

Use the same credentials you log in with:

1 2 $ curl -u 'your@email.com' https://dyn-pro.dev/pro/api/projects/1 Enter host password for user 'your@email.com':

Error codes

These are the possible types of errors on API calls. The response will include a JSON object with the description and the proper HTTP status code:

HTTP Status

Message

Description

HTTP Status

Message

Description

401

Authentication required

No authentication credentials have been provided. Use one of the supported authentication methods (token or basic authentication).

403

Forbidden

The authenticated user does not have access to this operation. Use a different user or ask the administrator to set the needed permissions for the current user.

404

Not found

The resource couldn't be found.

415

JSON required

Content-Type header needs to be set to 'application/json' for this request

422

Validation error

Some fields have invalid values. Check the "errors" array in the response for further information.

500

Internal server error

The application found an unexpected condition that prevented it from fulfilling the request.

Endpoints Cheatsheet

Check out the following pages for more details on each of the available endpoints:

Endpoint

Description

Endpoint

Description

Teams

Retrieve details about the Teams on your instance.

Projects

Retrieve content about all of the projects or work with a specific project.

Nodes

Retrieve and work with the Nodes in a specific project.

Issues

Retrieve and work with the Issues in a specific project.

Evidence

Retrieve and work with the Evidence associated with specific Nodes in your project.

Content Blocks

Retrieve and work with the Content Blocks in a specific project.

Notes

Retrieve and work with the Notes associated with specific Nodes in your project.

Attachments

Retrieve and work with the Attachments associated with specific Nodes in your project.

Document Properties

Retrieve and work with the Document Properties in a specific project.

IssueLibrary

Retrieve and work with the IssueLibrary entries on your instance.

Teams endpoint

GET /pro/api/teams

Retrieves all teams, ordered by name.

Sample request:

1 2 3 $ curl \ -H 'Authorization: Token token="xMsNwttqN5bVNEYcrIF01s65"' \ https://dyn-pro.dev/pro/api/teams

Result:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 [ { "id": 1, "name": "Test Team 1", "team_since": "2015-05-21", "created_at": "2015-05-21T16:30:45Z", "updated_at": "2015-07-29T11:01:37Z", "projects": [ { "id": 1, "name": "Test Project" }, { "id": 2, "name": "Test Project 2" }, { "id": 3, "name": "Test Project 3" } ] }, { "id": 2, "name": "Test Team 2", "team_since": "2015-07-29", "created_at": "2015-07-29T11:00:24Z", "updated_at": "2015-07-29T11:02:02Z", "projects": [ ] }, { "id": 3, "name": "Test Team 3", "team_since": "2015-07-29", "created_at": "2015-07-29T11:02:11Z", "updated_at": "2015-07-29T11:02:11Z", "projects": [ ] } ]

GET /pro/api/teams/:id

Retrieves a single team.

Sample request:

1 2 3 $ curl \ -H 'Authorization: Token token="xMsNwttqN5bVNEYcrIF01s65"' \ https://dyn-pro.dev/pro/api/teams/1

Result:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 { "id": 1, "name": "Test Team 1", "team_since": "2015-05-21", "created_at": "2015-05-21T16:30:45Z", "updated_at": "2015-07-29T11:01:37Z", "projects": [ { "id": 1, "name": "Test Project" }, { "id": 2, "name": "Test Project 2" }, { "id": 3, "name": "Test Project 3" } ] }

POST /pro/api/teams

Creates a team. The attributes for the team must be provided in the POST body as JSON. HTTP status 201 will be returned if the creation completes successfully, and a Location header will be sent with the response, set to the URL of the newly created resource.

Accepted Parameter

Use

Accepted Parameter

Use

client

Pass it the name parameter

name

Pass it the name of the team you want to create within dyn

team_since (optional)

Pass the date you started working with this team in yyyy-mm-dd format. Otherwise, today's date will be used.

Sample request:

1 2 3 4 5 6 $ curl \ -H 'Authorization: Token token="xMsNwttqN5bVNEYcrIF01s65"' \ -H 'Content-type: application/json' \ -X POST \ -d '{"team":{"name":"Test Team 4", "team_since":"2017-12-31"}}' \ https://dyn-pro.dev/pro/api/teams

Result:

1 2 3 4 5 6 7 8 9 10 { "id": 4, "name": "Test Team 4", "team_since": "2017-12-31", "created_at": "2018-10-26T02:51:58.000Z", "updated_at": "2018-10-26T02:51:58.000Z", "projects": [ ] }

PUT /pro/api/teams/:id

Updates a team. The attributes to be updated must be provided in the POST body as JSON. HTTP status 200 will be returned if the update completes successfully.

See POST above for details on accepted parameters

Sample request:

1 2 3 4 5 6 $ curl \ -H 'Authorization: Token token="xMsNwttqN5bVNEYcrIF01s65"' \ -H 'Content-type: application/json' \ -X PUT \ -d '{"team":{"name":"Test Team 4 - Updated"}}' \ https://dyn-pro.dev/pro/api/teams/4

Result:

1 2 3 4 5 6 7 8 9 10 { "id": 4, "name": "Test Team 4 - Updated", "team_since": "2017-12-31", "created_at": "2018-10-26T02:51:58.000Z", "updated_at": "2018-10-27T02:51:58.000Z", "projects": [ ] }

DELETE /pro/api/teams/:id

Deletes a team. HTTP status 200 will be returned if the deletion completes successfully.

Sample request:

1 2 3 4 $ curl \ -H 'Authorization: Token token="xMsNwttqN5bVNEYcrIF01s65"' \ -X DELETE \ https://dyn-pro.dev/pro/api/teams/4

Result:

1 2 3 { message: "Resource deleted successfully" }

Users endpoint

The Users endpoint is read-only. You cannot create, update, or destroy a user via the REST API.

GET /pro/api/users

Retrieves all users, ordered by id.

Sample request:

1 2 3 $ curl \ -H 'Authorization: Token token="xMsNwttqN5bVNEYcrIF01s65"' \ https://dyn-pro.dev/pro/api/users

Result:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 [ { "id": 1, "name": "Admin", "email": "admin@securityroots.com", "created_at": "2018-12-12T15:03:00.000Z", "updated_at": "2018-12-14T20:39:16.000Z" }, { "id": 3, "name": "Daniel", "email": "daniel@securityroots.com", "created_at": "2019-01-08T16:15:24.000Z", "updated_at": "2019-01-08T16:15:24.000Z" } ]

GET /pro/api/users/:id

Retrieves a single user.

Sample request:

1 2 3 $ curl \ -H 'Authorization: Token token="xMsNwttqN5bVNEYcrIF01s65"' \ https://dyn-pro.dev/pro/api/users/3

Result:

1 2 3 4 5 6 7 { "id": 3, "name": "Daniel", "email": "daniel@securityroots.com", "created_at": "2019-01-08T16:15:24.000Z", "updated_at": "2019-01-08T16:15:24.000Z" }

Projects endpoint

GET /pro/api/projects

Retrieves all projects, ordered by modification time (most recent first).

Sample request:

1 2 3 $ curl \ -H 'Authorization: Token token="xMsNwttqN5bVNEYcrIF01s65"' \ https://dyn-pro.dev/pro/api/projects

Result:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 [ { "id": 3, "name": "Test Project 3", "client": { "id": 1, "name": "Security Roots" }, "created_at": "2015-07-27T13:12:31Z", "updated_at": "2015-07-27T13:12:31Z", "authors": [ { "email": "my@email.com" } ], "owners": [ { "email": "my@email.com" } ], "custom_fields": [ { "id": 1, "name": "Assessment Type", "value": "Webapp" } ] }, { "id": 2, "name": "Test Project 2", "client": { "id": 1, "name": "Security Roots" }, "created_at": "2015-07-27T13:11:18Z", "updated_at": "2015-07-27T13:11:18Z", "authors": [ { "email": "my@email.com" } ], "owners": [ { "email": "my@email.com" } ], "custom_fields": [ { "id": 1, "name": "Assessment Type", "value": "Webapp" } ] }, { "id": 1, "name": "Test Project 1", "client": { "id": 1, "name": "Security Roots" }, "created_at": "2015-07-06T15:55:30Z", "updated_at": "2015-07-07T08:28:22Z", "authors": [ { "email": "my@email.com" } ], "owners": [ { "email": "my@email.com" } ], "custom_fields": [ { "id": 1, "name": "Assessment Type", "value": "PenTest" } ] } ]

GET /pro/api/projects/:id

Retrieves a single project.

Sample request:

1 2 3 $ curl \ -H 'Authorization: Token token="xMsNwttqN5bVNEYcrIF01s65"' \ https://dyn-pro.dev/pro/api/projects/1

Result:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 { "id": 1, "name": "Test Project 1", "client": { "id": 1, "name": "Security Roots" }, "created_at": "2015-07-06T15:55:30Z", "updated_at": "2015-07-07T08:28:22Z", "authors": [ { "email": "my@email.com" } ], "owners": [ { "email": "my@email.com" } ], "custom_fields": [ { "id": 1, "name": "Assessment Type", "value": "Webapp" }, { "id": 2, "name": "Recurrence", "value": "One off" } ] }

POST /pro/api/projects

Creates a project. The attributes for the project must be provided in the POST body as JSON. HTTP status 201 will be returned if the creation completes successfully, and a Location header will be sent with the response, set to the URL of the newly created resource.

Accepted Parameter

Use

Accepted Parameter

Use

project

Pass it the name, team_id and report_template_properties_id parameters

name

Pass it the name of the project you want to create within dyn

team_id

Assigns the project to a client. Pass it the ID number of the client the project should be associated with within dyn.

report_template_properties_id (optional)

Assigns a default report template to the project

author_ids (optional)

Assigns users as authors to the project. If not specified, only the user performing the request will be added as author.

template (optional)

Associate with a project template to pre-populate the project with data. Pass this the project template name.

Sample request:

1 2 3 4 5 6 $ curl \ -H 'Authorization: Token token="xMsNwttqN5bVNEYcrIF01s65"'\ -H 'Content-type: application/json' \ -X POST \ -d '{"project":{"name":"Test Project 4","team_id":"1", "report_template_properties_id":"4", "author_ids": [4, 5], "template":"Welcome Project Template"}}' \ https://dyn-pro.dev/pro/api/projects

Result:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 { "id": 4, "name": "Test Project 4", "client": { "id": 1, "name": "Security Roots" }, "created_at": "2015-07-28T15:14:24Z", "updated_at": "2015-07-28T15:14:24Z", "authors": [ { "email": "my@email.com", }, { "email": "user4@email.com", }, { "email": "user5@email.com", } ], "owners": [ { "email": "my@email.com" } ] }

PUT /pro/api/projects/:id

Updates a project. The attributes to be updated must be provided in the POST body as JSON. HTTP status 200 will be returned if the update completes successfully.

See POST above for details on the accepted parameters.

Sample request:

1 2 3 4 5 6 $ curl \ -H 'Authorization: Token token="xMsNwttqN5bVNEYcrIF01s65"' \ -H 'Content-type: application/json' \ -X PUT \ -d '{"project":{"name":"Test Project 4 - Updated"}}' \ https://dyn-pro.dev/pro/api/projects/4

Result:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 { "id": 4, "name": "Test Project 4 - Updated", "client": { "id": 1, "name": "Security Roots" }, "created_at": "2015-07-28T15:14:24Z", "updated_at": "2015-07-28T15:14:24Z", "authors": [ { "id": 1, "email": "my@email.com" } ], "owners": [ { "id": 1, "email": "my@email.com" } ] }

PUT /pro/api/projects/:id/owner

Updates a project's owner. The attributes to be updated must be provided in the POST body as JSON. HTTP status 200 will be returned if the update completes successfully.

Accepted Parameter

Use

Accepted Parameter

Use

project

Pass it the owner parameter

owner_id

Pass it the ID number of the user you want to assign as the new project owner

Sample request:

1 2 3 4 5 6 $ curl \ -H 'Authorization: Token token="xMsNwttqN5bVNEYcrIF01s65"' \ -H 'Content-type: application/json' \ -X PUT \ -d '{"project":{"owner_id":"7"}}' \ https://dyn-pro.dev/pro/api/projects/4/owner

Result:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 { "id": 4, "name": "Test Project 4 - Updated", "client": { "id": 1, "name": "Security Roots" }, "created_at": "2015-07-28T15:14:24Z", "updated_at": "2015-07-28T15:14:24Z", "authors": [ { "id": 1, "email": "my@email.com" } ], "owners": [ { "id": 7, "email": "owner@email.com" } ] }

DELETE /pro/api/projects/:id

Deletes a project. HTTP status 200 will be returned if the deletion completes successfully.

Sample request:

1 2 3 4 5 $ curl \ -H 'Authorization: Token token="xMsNwttqN5bVNEYcrIF01s65"' \ -H 'Content-type: application/json' \ -X DELETE \ https://dyn-pro.dev/pro/api/projects/4

Result:

1 2 3 { message: "Resource deleted successfully" }

Nodes endpoint

Nodes belong to a Project

When working with data for a specific Project like Issues or Nodes, make sure to define the dyn-Project-Id HTTP header like so:

1 2 3 4 $ curl \ -H 'Authorization: Token token="xMsNwttqN5bVNEYcrIF01s65"' \ -H 'dyn-Project-Id: 3' \ https://dyn-pro.dev/pro/api/nodes

GET /pro/api/nodes

Retrieves all the Nodes in your specific project, ordered by the created_at timestamp.

You can paginate the results for 25 views per page by appending e.g. \page\1 and \page\2, so e.g. http://dyn-pro.dev/pro/api/nodes\page\1.

Sample request:

1 2 3 4 curl \ -H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \ -H 'dyn-Project-Id: 3' \ http://dyn-pro.dev/pro/api/nodes

Result:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 [ { "id": 29, "label": "Scope", "type_id": 1, "parent_id": 16, "position": 0, "created_at": "2016-04-11T16:36:30.708Z", "updated_at": "2016-04-11T16:36:30.728Z", "evidence": [ ], "notes": [ { "id": 43, "category_id": 2, "title": "Project Properties", "fields": { "Title": "Project Properties", "dyn.Client": "Security Roots, Ltd", "dyn.Author": "William Adama", "dyn.Title": "Penetration Test", "dyn.Subtitle": "Mobile Banking Application" }, "text": "#[Title]#\nProject Properties\n\n#[dyn.Client]#\nSecurity Roots, Ltd\n\n#[dyn.Author]#\nWilliam Adama\n\n#[dyn.Title]#\nPenetration Test#[dyn.Subtitle]#\nMobile Banking Application\n" } ] }, { "id": 28, "label": "plugin.output", "type_id": 0, "parent_id": null, "position": 0, "created_at": "2016-04-11T16:36:30.698Z", "updated_at": "2016-04-11T16:36:30.698Z", "evidence": [ ], "notes": [ ] } ]

GET /pro/api/nodes/:id

Retrieves a single Node from your specified project and displays all the Evidence and Notes associated with the Node.

Sample request:

1 2 3 4 curl \ -H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \ -H 'dyn-Project-Id: 3' \ http://dyn-pro.dev/pro/api/nodes/27

Result:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 { "id": 27, "label": "10.0.0.1", "type_id": 0, "parent_id": null, "position": 0, "created_at": "2016-04-11T16:36:30.418Z", "updated_at": "2016-04-11T16:36:30.418Z", "evidence": [ { "id": 52, "content": "#[Description]#\r\nbc. Placeholder evidence content ", "fields": { "Description": "bc. Placeholder evidence content", "Label": "Uploaded files" }, "issue": { "id": 51, "title": "Dangerous HTTP methods: TRACE", "url": "http://dyn-pro.dev/api/issues/51" } } ], "notes": [ ] }

POST /pro/api/nodes

Creates a Node in the specified project. The attributes for the Node must be provided in the POST body as JSON.

HTTP status 201 will be returned if the creation completes successfully, and a Location header will be sent with the response, set to the URL of the newly created resource.

Accepted Parameter

Use

Accepted Parameter

Use

node

Pass it the label, type_id, parent_id, and position parameters.

label

Pass it the name of the Node you want to create within your dyn project.

type_id

Pass type_id a value of 0 to create a Default Node or a value of 1 to create a Host Node.

parent_id

Pass parent_id the ID of your desired parent Node to create a subnode. Or, use "parent_id": null, to create a top-level Node.

position

Pass position a numeric value to insert the new Node at a specific location within the existing Node structure

Sample request:

1 2 3 4 5 6 7 curl \ -H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \ -H 'dyn-Project-Id: 3' \ -H 'Content-type: application/json' \ -X POST \ -d '{"node": {"label": "New Node", "type_id": 1, "parent_id": 16, "position": 3}}' \ http://dyn-pro.dev/pro/api/nodes

Result:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 { "id": 31, "label": "New Node", "type_id": 1, "parent_id": 16, "position": 3, "created_at": "2016-04-12T20:50:41.559Z", "updated_at": "2016-04-12T20:50:41.559Z", "evidence": [ ], "notes": [ ] }

PUT /pro/api/nodes/:id

Updates a Node in your specified project. You can update some or all of the Node attributes with PUT. See the POST method above for details on the different options and attributes available for the Node endpoint.

HTTP status 200 will be returned if the update completes successfully.

See POST above for details on the accepted parameters.

Sample request:

1 2 3 4 5 6 7 curl \ -H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \ -H 'dyn-Project-Id: 3' \ -H 'Content-type: application/json' \ -X PUT \ -d '{"node": {"parent_id": null}}' \ http://dyn-pro.dev/pro/api/nodes/31

Result:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 { "id": 31, "label": "Updated Node Title", "type_id": 1, "parent_id": null, "position": 12, "created_at": "2016-04-12T20:50:41.559Z", "updated_at": "2016-04-12T21:00:24.634Z", "evidence": [ ], "notes": [ ] }

DELETE /pro/api/nodes/:id

Deletes a Node from your specified project. HTTP status 200 will be returned if the deletion completes successfully.

Sample request:

1 2 3 4 5 6 curl \ -H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \ -H 'dyn-Project-Id: 3' \ -H 'Content-type: application/json' \ -X DELETE \ http://dyn-pro.dev/pro/api/nodes/31

Result:

1 2 3 { "message": "Resource deleted successfully" }

Issues endpoint

Issues belong to a Project

When working with data for a specific Project like Issues or Nodes, make sure to define the dyn-Project-Id HTTP header like so:

1 2 3 4 $ curl \ -H 'Authorization: Token token="xMsNwttqN5bVNEYcrIF01s65"' \ -H 'dyn-Project-Id: 3' \ https://dyn-pro.dev/pro/api/issues

GET /pro/api/issues

Retrieves all the Issues in your specific project, ordered by the created_at timestamp.

You can paginate the results for 25 views per page by appending e.g. \page\1 and \page\2, so e.g. http://dyn-pro.dev/pro/api/issues\page\1.

Sample request:

1 2 3 4 curl \ -H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \ -H 'dyn-Project-Id: 3' \ http://dyn-pro.dev/pro/api/issues

Result:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 [ { "id": 45, "title": "Insecure cookie configuration: Secure flag", "fields": { "Title": "Insecure cookie configuration: Secure flag", "Rating": "Low", "Description": "If the Secure attribute is set on a cookie, the browser will ensure that the cookie is only attached to requests going over SSL.", "Mitigation": "At the bare minimum, the Secure flag should be set in all cookies containing session tokens. However, if the application uses SSL transport, it is best to set the Secure flag in all cookies to ensure they are never sent over clear-text channels.", "References": "http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)#Description_of_the_Issue" }, "text": "#[Title]#\r\nInsecure cookie configuration: Secure flag\r\n\r\n#[Rating]#\r\nLow\r\n\r\n#[Description]#\r\nIf the Secure attribute is set on a cookie, the browser will ensure that the cookie is only attached to requests going over SSL. \r\n\r\n#[Mitigation]#\r\nAt the bare minimum, the Secure flag should be set in all cookies containing session tokens. However, if the application uses SSL transport, it is best to set the Secure flag in all cookies to ensure they are never sent over clear-text channels.\r\n\r\n#[References]#\r\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)#Description_of_the_Issue\r\n", "created_at": "2016-04-12T16:25:17.486Z", "updated_at": "2016-04-12T16:37:05.363Z" }, { "id": 44, "title": "Weak SSL ciphers", "fields": { "Title": "Weak SSL ciphers", "Rating": "Critical", "Description": "Some of the ciphers enabled in the SSL service cannot considered to be cryptographically secure. When the key length of the cipher is under 56 bits, it is reasonable to assume that an adversary could mount a successful brute-force attack.", "Mitigation": "All ciphers with key lengths smaller than 128 bits should be disabled", "References": "https://www.owasp.org/index.php/Testing_for_SSL-TLS_%28OWASP-CM-001%29" }, "text": "#[Title]#\r\nWeak SSL ciphers\r\n\r\n#[Rating]#\r\nCritical\r\n\r\n#[Description]#\r\nSome of the ciphers enabled in the SSL service cannot considered to be cryptographically secure. When the key length of the cipher is under 56 bits, it is reasonable to assume that an adversary could mount a successful brute-force attack.\r\n\r\n#[Mitigation]#\r\nAll ciphers with key lengths smaller than 128 bits should be disabled\r\n\r\n#[References]#\r\nhttps://www.owasp.org/index.php/Testing_for_SSL-TLS_%28OWASP-CM-001%29\r\n", "created_at": "2016-04-11T16:49:15.657Z", "updated_at": "2016-04-12T16:37:12.343Z" } ]

GET /pro/api/issues/:id

Retrieves a single Issue from your specified project.

Sample request:

1 2 3 4 curl \ -H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \ -H 'dyn-Project-Id: 3' \ http://dyn-pro.dev/pro/api/issues/45

Result:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 { "id": 45, "title": "Insecure cookie configuration: Secure flag", "fields": { "Title": "Insecure cookie configuration: Secure flag", "Rating": "Low", "Description": "If the Secure attribute is set on a cookie, the browser will ensure that the cookie is only attached to requests going over SSL.", "Mitigation": "At the bare minimum, the Secure flag should be set in all cookies containing session tokens. However, if the application uses SSL transport, it is best to set the Secure flag in all cookies to ensure they are never sent over clear-text channels.", "References": "http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)#Description_of_the_Issue", "Test": "" }, "text": "#[Title]#\r\nInsecure cookie configuration: Secure flag\r\n\r\n#[Rating]#\r\nLow\r\n\r\n#[Description]#\r\nIf the Secure attribute is set on a cookie, the browser will ensure that the cookie is only attached to requests going over SSL. \r\n\r\n#[Mitigation]#\r\nAt the bare minimum, the Secure flag should be set in all cookies containing session tokens. However, if the application uses SSL transport, it is best to set the Secure flag in all cookies to ensure they are never sent over clear-text channels.\r\n\r\n#[References]#\r\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)#Description_of_the_Issue\r\n\r\n#[Test]#\r\n", "created_at": "2016-04-12T16:25:17.486Z", "updated_at": "2016-04-12T16:38:39.932Z" }

POST /pro/api/issues

Creates an Issue in the specified project. The attributes for the Issue must be provided in the POST body as JSON.

HTTP status 201 will be returned if the creation completes successfully, and a Location header will be sent with the response, set to the URL of the newly created resource.

Accepted Parameter

Use

Accepted Parameter

Use

issue

Pass it the text parameter.

text

Pass it the content of the Issue using JSON on one line subbing in \r\n for new lines. Don't forget to include field names with the #[ ]# syntax.

Sample request:

1 2 3 4 5 6 7 curl \ -H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \ -H 'dyn-Project-Id: 3' \ -H 'Content-type: application/json' \ -X POST \ -d '{"issue":{"text": "#[Title]#\r\nDangerous HTTP methods: TRACE\r\n\r\n#[Rating]#\r\nMedium\r\n\r\n#[Description]#\r\nThe TRACE HTTP method is used as a debugging mechanism that allows the client to see what is being received at the other end of the request chain and use that data for testing and diagnostic information."}}' \ http://dyn-pro.dev/pro/api/issues

Result:

1 2 3 4 5 6 7 8 9 10 11 12 { "id": 51, "title": "Dangerous HTTP methods: TRACE", "fields": { "Title": "Dangerous HTTP methods: TRACE", "Rating": "Medium", "Description": "The TRACE HTTP method is used as a debugging mechanism that allows the client to see what is being received at the other end of the request chain and use that data for testing and diagnostic information." }, "text": "#[Title]#\r\nDangerous HTTP methods: TRACE\r\n\r\n#[Rating]#\r\nMedium\r\n\r\n#[Description]#\r\nThe TRACE HTTP method is used as a debugging mechanism that allows the client to see what is being received at the other end of the request chain and use that data for testing and diagnostic information.", "created_at": "2016-04-12T20:18:12.090Z", "updated_at": "2016-04-12T20:18:12.090Z" }

PUT /pro/api/issues/:id

Updates an Issue in the specified project. The attributes to be updated must be provided in the body as JSON. Like the POST method, make sure to write out the new content of the Issue using JSON on one line subbing in \r\n to create newlines as needed.

HTTP status 200 will be returned if the update completes successfully.

See POST above for more details on the accepted parameters.

Sample request:

1 2 3 4 5 6 7 curl \ -H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \ -H 'dyn-Project-Id: 3' \ -H 'Content-type: application/json' \ -X PUT \ -d '{"issue":{"text": "#[Title]#\r\nUpdated Issue Title\r\n\r\n#[Rating]#\r\nMedium\r\n\r\n#[Description]#\r\nUpdated sample Issue description"}}' \ http://dyn-pro.dev/pro/api/issues/45

Result:

1 2 3 4 5 6 7 8 9 10 11 12 { "id": 45, "title": "Updated Issue Title", "fields": { "Title": "Updated Issue Title", "Rating": "Medium", "Description": "Updated sample Issue description" }, "text": "#[Title]#\r\nUpdated Issue Title\r\n\r\n#[Rating]#\r\nMedium\r\n\r\n#[Description]#\r\nUpdated sample Issue description", "created_at": "2016-04-12T16:25:17.486Z", "updated_at": "2016-04-12T20:24:02.471Z" }

DELETE /pro/api/issues/:id

Deletes an Issue from your specified project. HTTP status 200 will be returned if the deletion completes successfully.

Sample request:

1 2 3 4 5 6 curl \ -H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \ -H 'dyn-Project-Id: 3' \ -H 'Content-type: application/json' \ -X DELETE \ http://dyn-pro.dev/pro/api/issues/45

Result:

1 2 3 { "message": "Resource deleted successfully" }

Evidence endpoint

Instances of Evidence belong to a Node in a Project

When working with data for a specific Project like Issues or Evidence, make sure to define the dyn-Project-Id HTTP header like so:

1 2 3 4 $ curl \ -H 'Authorization: Token token="xMsNwttqN5bVNEYcrIF01s65"' \ -H 'dyn-Project-Id: 3' \ https://dyn-pro.dev/pro/api/nodes/8/evidence

GET /pro/api/nodes/:node_id/evidence

Retrieves all the Evidence associated with the specific Node in your project, ordered by evidence id descending.

You can paginate the results for 25 views per page by appending e.g. \page\1 and \page\2, so e.g. http://dyn-pro.dev/pro/api/nodes/8/evidence\page\1.

Sample request:

1 2 3 4 curl \ -H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \ -H 'dyn-Project-Id: 3' \ http://dyn-pro.dev/pro/api/nodes/8/evidence

Result:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 [ { "id": 12, "content": "bc. Placeholder Evidence content.", "fields": { "Label": "scanme.insecure.org" }, "issue": { "id": 30, "title": "DNS Server Recursive Query Cache Poisoning Weakness", "url": "http://dyn-pro.dev/pro/api/issues/30" } }, { "id": 11, "content": "bc. Placeholder Evidence content.", "fields": { "Label": "scanme.insecure.org" }, "issue": { "id": 33, "title": "DNS Server Cache Snooping Information Disclosure", "url": "http://dyn-pro.dev/pro/api/issues/33" } } ]

GET /pro/api/nodes/:node_id/evidence/:evidence_id

Retrieves a single piece of Evidence from a Node in your project.

Sample request:

1 2 3 4 curl \ -H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \ -H 'dyn-Project-Id: 3' \ http://dyn-pro.dev/pro/api/nodes/8/evidence/11

Result:

1 2 3 4 5 6 7 8 9 10 11 12 13 { "id": 11, "content": "bc. Placeholder Evidence content.", "fields": { "Label": "scanme.insecure.org" }, "issue": { "id": 33, "title": "DNS Server Cache Snooping Information Disclosure", "url": "https://dyn-pro.dev/pro/api/issues/33" } }

POST /pro/api/nodes/:node_id/evidence

Creates a piece of Evidence on the specified Node in your project. The attributes for the Evidence must be provided in the POST body as JSON.

HTTP status 201 will be returned if the creation completes successfully, and a Location header will be sent with the response, set to the URL of the newly created resource.

Accepted Parameter

Use

Accepted Parameter

Use

evidence

Pass it the content and issue_id parameters.

content

Pass it the content of the Evidence using JSON on one line subbing in \r\n for new lines. Don't forget to include field names with the #[ ]# syntax.

issue_id

Pass it the ID of the

Issue

you want to associate the Evidence with.

Sample request:

1 2 3 4 5 6 7 curl \ -H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \ -H 'dyn-Project-Id: 3' \ -H 'Content-type: application/json' \ -X POST \ -d '{"evidence":{"content": "#[Description]#\r\nbc. Placeholder evidence content.", "issue_id": "24" }}' \ http://dyn-pro.dev/pro/api/nodes/8/evidence

Result:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 { "id": 16, "content": "#[Description]#\r\nbc. Placeholder evidence content.", "fields": { "Description": "bc. Placeholder evidence content.", "Label": "scanme.insecure.org" }, "issue": { "id": 24, "title": "Backported Security Patch Detection (WWW)", "url": "http://dyn-pro.dev/pro/api/issues/24" } }

PUT /pro/api/nodes/:node_id/evidence/:evidence_id

Updates a specific piece of Evidence on a Node in your project. The attributes to be updated must be provided in the body as JSON. Like the POST method, make sure to write out the new content of the Issue using JSON on one line subbing in \r\n to create newlines as needed and using the #[ ]# syntax for field names.

HTTP status 200 will be returned if the update completes successfully.

See POST above for more details on the accepted parameters.

Sample request:

1 2 3 4 5 6 7 curl \ -H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \ -H 'dyn-Project-Id: 3' \ -H 'Content-type: application/json' \ -X PUT \ -d '{"evidence":{"content": "#[Description]#\r\nUpdated evidence content.", "issue_id": "24" }}' \ http://dyn-pro.dev/pro/api/nodes/8/evidence/16

Result:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 { "id": 16, "content": "#[Description]#\r\nUpdated evidence content.", "fields": { "Description": "Updated evidence content.", "Label": "scanme.insecure.org" }, "issue": { "id": 24, "title": "Backported Security Patch Detection (WWW)", "url": "https://dyn-pro.dev/pro/api/issues/24" } }

DELETE /pro/api/node/:node_id/evidence/:evidence_id

Deletes a piece of Evidence from the specified Node in your project. HTTP status 200 will be returned if the deletion completes successfully.

Sample request:

1 2 3 4 5 6 curl \ -H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \ -H 'dyn-Project-Id: 3' \ -H 'Content-type: application/json' \ -X DELETE \ http://dyn-pro.dev/pro/api/nodes/8/evidence/16

Result:

1 2 3 { "message": "Resource deleted successfully" }

Content Blocks endpoint

Content Blocks are found on the Report Content page of your project

When working with data for a specific Project like Content Blocks, make sure to define the dyn-Project-Id HTTP header like so:

1 2 3 4 $ curl \ -H 'Authorization: Token token="xMsNwttqN5bVNEYcrIF01s65"' \ -H 'dyn-Project-Id: 3' \ https://dyn-pro.dev/pro/api/content_blocks/

GET /pro/api/content_blocks

Retrieves all of the Content Blocks in your project, ordered by the Content Block id, ascending.

Sample request:

1 2 3 4 curl \ -H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \ -H 'dyn-Project-Id: 3' \ http://dyn-pro.dev/pro/api/content_blocks

Result:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 [ { "id": 4, "block_group": "Conclusions", "title": "Conclusions and Recommendations", "fields": { "Title": "Conclusions and Recommendations", "Type": "Conclusions", "Description": "Any data you put in this Description field will export out into the Conclusions and Recommendations section of your welcome pack report template." }, "content": "#[Title]#\r\nConclusions and Recommendations\r\n\r\n#[Type]#\r\nConclusions\r\n\r\n#[Description]#\r\nAny data you put in this Description field will export out into the Conclusions and Recommendations section of your welcome pack report template. " }, { "id": 5, "block_group": "Appendix", "title": "Example Appendix Content", "fields": { "Title": "Example Appendix Content", "Type": "Appendix", "Description": "Any data you put in this Description field will export out into Appendix B of your welcome pack report template." }, "content": "#[Title]#\r\nExample Appendix Content\r\n\r\n#[Type]#\r\nAppendix\r\n\r\n#[Description]#\r\nAny data you put in this Description field will export out into Appendix B of your welcome pack report template." } ]

GET /pro/api/content_blocks/:block_id

Retrieves a single Content Block from your project.

Sample request:

1 2 3 4 curl \ -H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \ -H 'dyn-Project-Id: 3' \ http://dyn-pro.dev/pro/api/content_blocks/4

Result:

1 2 3 4 5 6 7 8 9 10 11 12 { "id": 4, "block_group": "Conclusions", "title": "Conclusions and Recommendations", "fields": { "Title": "Conclusions and Recommendations", "Type": "Conclusions", "Description": "Any data you put in this Description field will export out into the Conclusions and Recommendations section of your welcome pack report template." }, "content": "#[Title]#\r\nConclusions and Recommendations\r\n\r\n#[Type]#\r\nConclusions\r\n\r\n#[Description]#\r\nAny data you put in this Description field will export out into the Conclusions and Recommendations section of your welcome pack report template." }

POST /pro/api/content_blocks

Creates a Content Block in your project. The attributes for the Content Block must be provided in the POST body as JSON.

HTTP status 201 will be returned if the creation completes successfully, and a Location header will be sent with the response, set to the URL of the newly created resource.

Accepted Parameter

Use

Accepted Parameter

Use

content_block

Pass it the text parameter.

content

Pass it the content of the Content Block using JSON on one line subbing in \r\n for new lines. Don't forget to include field names with the #[ ]# syntax.

block_group (optional)

Pass this the name of the Block Group you want to assign to your Content Block. For example, pass it a value of Conclusions to set your Content Block to the Conclusions Block Group you've defined in your

Report Template Properties

.

Sample request:

1 2 3 4 5 6 7 curl \ -H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \ -H 'dyn-Project-Id: 3' \ -H 'Content-type: application/json' \ -X POST \ -d '{"content_block": {"content": "#[Title]#\r\nNew Content Block\r\n\r\n#[Description]#\r\nSample content.", "block_group": "Conclusions"}}' \ http://dyn-pro.dev/pro/api/content_blocks

Result:

1 2 3 4 5 6 7 8 9 10 11 { "id": 6, "block_group": "Conclusions", "title": "New Content Block", "fields": { "Title": "New Content Block", "Description": "Sample content." }, "content": "#[Title]#\r\nNew Content Block\r\n\r\n#[Description]#\r\nSample content." }

PUT /pro/api/content_blocks/:block_id

Updates a specific Content Block in your project. The attributes to be updated must be provided in the body as JSON. Like the POST method, make sure to write out the new content of the Content Block using JSON on one line subbing in \r\n to create new lines create fields using the #[ ]# syntax.

HTTP status 200 will be returned if the update completes successfully.

See POST above for more details on the accepted parameters.

Sample request:

1 2 3 4 5 6 7 curl \ -H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \ -H 'dyn-Project-Id: 3' \ -H 'Content-type: application/json' \ -X PUT \ -d '{"content_block": {"content": "#[Title]#\r\nUpdated Content Block\r\n\r\n#[Description]#\r\nUpdated content.", "block_group": "Conclusions"}}' \ http://dyn-pro.dev/pro/api/content_blocks/6

Result:

1 2 3 4 5 6 7 8 9 10 11 { "id": 6, "block_group": "Conclusions", "title": "Updated Content Block", "fields": { "Title": "Updated Content Block", "Description": "Updated content." }, "content": "#[Title]#\r\nUpdated Content Block\r\n\r\n#[Description]#\r\nUpdated content." }

DELETE /pro/api/content_blocks/:block_id

Deletes a specific Content Block from your project. HTTP status 200 will be returned if the deletion completes successfully.

Sample request:

1 2 3 4 5 6 curl \ -H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \ -H 'dyn-Project-Id: 3' \ -H 'Content-type: application/json' \ -X DELETE \ http://dyn-pro.dev/pro/api/content_blocks/6

Result:

1 2 3 { "message": "Resource deleted successfully" }


Notes endpoint

Notes belong to a Node in a Project

When working with data for a specific Project like Notes, make sure to define the dyn-Project-Id HTTP header like so:

1 2 3 4 $ curl \ -H 'Authorization: Token token="xMsNwttqN5bVNEYcrIF01s65"' \ -H 'dyn-Project-Id: 3' \ https://dyn-pro.dev/pro/api/nodes/8/notes

GET /pro/api/nodes/:node_id/notes

Retrieves all of the Notes associated with the specific Node in your project, ordered by the note id, descending.

You can paginate the results for 25 views per page by appending e.g. \page\1 and \page\2, so e.g. http://dyn-pro.dev/pro/api/nodes/8/notes\page\1.

Sample request:

1 2 3 4 curl \ -H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \ -H 'dyn-Project-Id: 3' \ http://dyn-pro.dev/pro/api/nodes/8/notes

Result:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 [ { "id": 14, "category_id": 1, "title": "Host Details", "fields": { "Title": "Host Details", "Type": "Details", "Description": "Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nullam fringilla tristique nisi, id cursus elit tincidunt egestas. Nunc sagittis libero eu hendrerit aliquam." }, "text": "#[Title]#\r\nHost Details\r\n\r\n#[Type]#\r\nDetails\r\n\r\n#[Description]#\r\nLorem ipsum dolor sit amet, consectetur adipiscing elit. Nullam fringilla tristique nisi, id cursus elit tincidunt egestas. Nunc sagittis libero eu hendrerit aliquam." }, { "id": 13, "category_id": 6, "title": "Host info", "fields": { "Title": "Host info", "Host information": "Name: scanme.insecure.org\nIP address: 64.13.134.52\nFQDN: scanme.insecure.org\nOS: NetBSD 3.0\nMac address: n/a\nNetbios name: n/a", "Scan information": "Scan started: Fri Dec 11 02:57:52 2009\nScan ended: Fri Dec 11 03:07:22 2009" }, "text": "#[Title]#\nHost info\n\n#[Host information]#\nName: scanme.insecure.org\nIP address: 64.13.134.52\nFQDN: scanme.insecure.org\nOS: NetBSD 3.0\nMac address: n/a\nNetbios name: n/a\n\n#[Scan information]#\nScan started: Fri Dec 11 02:57:52 2009\nScan ended: Fri Dec 11 03:07:22 2009\n" } ]

GET /pro/api/nodes/:node_id/notes/:note_id

Retrieves a single Note from the specific Node in your project.

Sample request:

1 2 3 4 curl \ -H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \ -H 'dyn-Project-Id: 3' \ http://dyn-pro.dev/pro/api/nodes/8/notes/13

Result:

1 2 3 4 5 6 7 8 9 10 11 12 { "id": 13, "category_id": 6, "title": "Host info", "fields": { "Title": "Host info", "Host information": "Name: scanme.insecure.org\nIP address: 64.13.134.52\nFQDN: scanme.insecure.org\nOS: NetBSD 3.0\nMac address: n/a\nNetbios name: n/a", "Scan information": "Scan started: Fri Dec 11 02:57:52 2009\nScan ended: Fri Dec 11 03:07:22 2009" }, "text": "#[Title]#\nHost info\n\n#[Host information]#\nName: scanme.insecure.org\nIP address: 64.13.134.52\nFQDN: scanme.insecure.org\nOS: NetBSD 3.0\nMac address: n/a\nNetbios name: n/a\n\n#[Scan information]#\nScan started: Fri Dec 11 02:57:52 2009\nScan ended: Fri Dec 11 03:07:22 2009\n" }

POST /pro/api/nodes/:node_id/notes

Creates a Note on the specified Node in your project. The attributes for the Issue must be provided in the POST body as JSON.

HTTP status 201 will be returned if the creation completes successfully, and a Location header will be sent with the response, set to the URL of the newly created resource.

Accepted Parameter

Use

Accepted Parameter

Use

note

Pass it the text parameter.

text

Pass it the content of the Note using JSON on one line subbing in \r\n for new lines. Don't forget to include field names with the #[ ]# syntax.

category_id (optional)

Pass this the numeric value of the category you want to assign to your Note. For example, pass it a value of 1 to set your Note to the AdvancedWordExport ready category.

Sample request:

1 2 3 4 5 6 7 curl \ -H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \ -H 'dyn-Project-Id: 3' \ -H 'Content-type: application/json' \ -X POST \ -d '{"note": {"text": "#[Title]#\r\nNew Note\r\n\r\n#[Description]#\r\nSample note content.", "category_id": "1"}}' \ http://dyn-pro.dev/pro/api/nodes/8/notes

Result:

1 2 3 4 5 6 7 8 9 10 11 { "id": 15, "category_id": 1, "title": "New Note", "fields": { "Title": "New Note", "Description": "Sample note content." }, "text": "#[Title]#\r\nNew Note\r\n\r\n#[Description]#\r\nSample note content." }

PUT /pro/api/nodes/:node_id/notes/:note_id

Updates a Note on the specified Node in your project. The attributes to be updated must be provided in the body as JSON. Like the POST method, make sure to write out the new content of the Issue using JSON on one line subbing in \r\n to create new lines create fields using the #[ ]# syntax.

HTTP status 200 will be returned if the update completes successfully.

See POST above for more details on the accepted parameters.

Sample request:

1 2 3 4 5 6 7 curl \ -H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \ -H 'dyn-Project-Id: 3' \ -H 'Content-type: application/json' \ -X PUT \ -d '{"note": {"text": "#[Title]#\r\nUpdated Note\r\n\r\n#[Description]#\r\nUpdated note content.", "category_id": "6"}}' \ http://dyn-pro.dev/pro/api/nodes/8/notes/15

Result:

1 2 3 4 5 6 7 8 9 10 11 { "id": 15, "category_id": 6, "title": "Updated Note", "fields": { "Title": "Updated Note", "Description": "Updated note content." }, "text": "#[Title]#\r\nUpdated Note\r\n\r\n#[Description]#\r\nUpdated note content." }

DELETE /pro/api/nodes/:node_id/notes/:note_id

Deletes a Note from the specified Node in your project. HTTP status 200 will be returned if the deletion completes successfully.

Sample request:

1 2 3 4 5 6 curl \ -H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \ -H 'dyn-Project-Id: 3' \ -H 'Content-type: application/json' \ -X DELETE \ http://dyn-pro.dev/pro/api/nodes/8/notes/15

Result:

1 2 3 { message: "Resource deleted successfully" }

Attachments endpoint

Attachments belong to a Node in a Project

When working with data for a specific Project like Issues or Attachments, make sure to define the dyn-Project-Id HTTP header like so:

1 2 3 4 $ curl \ -H 'Authorization: Token token="xMsNwttqN5bVNEYcrIF01s65"' \ -H 'dyn-Project-Id: 3' \ https://dyn-pro.dev/pro/api/nodes/8/attachments

GET /pro/api/nodes/:node_id/attachments

Retrieves all the Attachments associated with the specific Node in your project.

Sample request:

1 2 3 4 curl \ -H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \ -H 'dyn-Project-Id: 3' \ http://dyn-pro.dev/pro/api/nodes/8/attachments

Result:

1 2 3 4 5 6 7 8 9 10 11 [ { "filename": "file%201.png", "link": "/pro/projects/3/nodes/8/attachments/file%201.png" }, { "filename": "file%202.csv", "link": "/pro/projects/3/nodes/8/attachments/file%202.csv" } ]

GET /pro/api/nodes/:node_id/attachments/:filename

Retrieves a single attachment from a Node in your project.

Sample request:

1 2 3 4 curl \ -H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \ -H 'dyn-Project-Id: 3' \ http://dyn-pro.dev/pro/api/nodes/8/attachments/file%201.png

Result:

1 2 3 4 5 { "filename": "file 1.png", "link": "/pro/projects/3/nodes/8/attachments/file%201.png" }

POST /pro/api/nodes/:node_id/attachments

Creates an Attachment on the specified Node in your project. The files to be the attached must be provided in the POST using using the Content-Type: multipart/form-data.

HTTP status 201 will be returned if the creation completes successfully.

Accepted Parameter

Use

Accepted Parameter

Use

files[]

Pass it the files to be uploaded, as a web browser does with an input of type field. More than 1 Attachment can be created on a single request.

Sample request:

1 2 3 4 5 6 7 curl \ -H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \ -H 'dyn-Project-Id: 3' \ -H 'Content-Type: multipart/form-data' \ -X POST \ -F 'files[]=@/your/own/path/file 1.png' -F 'files[]=@/your/own/path/file 1.png' \ http://dyn-pro.dev/pro/api/nodes/8/attachments

Result:

1 2 3 4 5 6 7 8 9 10 11 [ { "filename": "file 1.png", "link": "/pro/projects/3/nodes/8/attachments/file%201.png" }, { "filename": "file 1_copy-01.png", "link": "/pro/projects/3/nodes/8/attachments/file%201_copy-01.png" } ]

PUT /pro/api/nodes/:node_id/attachments/:filename

Renames a specific Attachment on a Node in your project. The new name to must be provided in the body as JSON.

HTTP status 200 will be returned if the update completes successfully.

Sample request:

1 2 3 4 5 6 7 curl \ -H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \ -H 'dyn-Project-Id: 3' \ -H 'Content-type: application/json' \ -X PUT \ -d '{"attachment":{"filename": "new_name.png" }}' \ http://dyn-pro.dev/pro/api/nodes/8/attachments/file%201.png

Result:

1 2 3 4 5 { "filename": "new_name.png", "link": "/pro/projects/3/nodes/8/attachments/new_name.png" }

DELETE /pro/api/node/:node_id/attachments/:filename

Deletes an Attachment from the specified Node in your project. HTTP status 200 will be returned if the deletion completes successfully.

Sample request:

1 2 3 4 5 6 curl \ -H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \ -H 'dyn-Project-Id: 3' \ -H 'Content-type: application/json' \ -X DELETE \ http://dyn-pro.dev/pro/api/nodes/8/attachments/file%201.png

Result:

1 2 3 { "message": "Resource deleted successfully" }

Document Properties endpoint

When working with data for a specific Project, make sure to define the dyn-Project-Id HTTP header like so:

1 2 3 4 $ curl \ -H 'Authorization: Token token="xMsNwttqN5bVNEYcrIF01s65"' \ -H 'dyn-Project-Id: 3' \ https://dyn-pro.dev/pro/api/document_properties

GET /pro/api/document_properties

Retrieves all of the Document Properties associated with the specific project.

Sample request:

1 2 3 4 curl \ -H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \ -H 'dyn-Project-Id: 3' \ http://dyn-pro.dev/pro/api/document_properties

Result:

1 2 3 4 5 6 7 8 [ { "test1": "test1" }, { "test2": "test2" } ]

GET /pro/api/document_properties/:document_property_id

Retrieves a single Document Property from the specific Node in your project.

Sample request:

1 2 3 4 curl \ -H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \ -H 'dyn-Project-Id: 3' \ http://dyn-pro.dev/pro/api/document_properties/dyn.client

Result:

1 2 3 4 { "dyn.client": "ACME Ltd." }

POST /pro/api/document_properties

Creates a Document Property in your project. The attributes for the Document Property must be provided in the POST body as JSON.

HTTP status 201 will be returned if the creation completes successfully, and a Location header will be sent with the response, set to the URL of the newly created resource.

Accepted Parameter

Use

Accepted Parameter

Use

document_properties

Pass it the text parameter.

text

Pass it the list of Document Properties to be created. If a property exists it will be overwritten

Sample request:

1 2 3 4 5 6 7 curl \ -H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \ -H 'dyn-Project-Id: 3' \ -H 'Content-type: application/json' \ -X POST \ -d '{"document_properties": {"dyn.client": "ACME Ltd.", "dyn.project": "Test"}}' \ http://dyn-pro.dev/pro/api/document_properties

Result:

1 2 3 4 5 6 7 8 9 [ { "dyn.client": "ACME Ltd." }, { "dyn.project": "Test" } ]

PUT /pro/api/nodes/document_properties/:document_property

Updates a Note on the specified Node in your project. The attributes to be updated must be provided in the body as JSON. Like the POST method, make sure to write out the new content of the Issue using JSON on one line subbing in \r\n to create new lines create fields using the #[ ]# syntax.

HTTP status 200 will be returned if the update completes successfully.

See POST above for more details on the accepted parameters.

Sample request:

1 2 3 4 5 6 7 curl \ -H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \ -H 'dyn-Project-Id: 3' \ -H 'Content-type: application/json' \ -X PUT \ -d '{"document_property": {"value": "updated2!"}}' \ http://dyn-pro.dev/pro/api/document_properties/dyn.client

Result:

1 2 3 4 { "dyn.client": "updated!" }

DELETE /pro/api/document_properties/:document_property

Deletes a Document Property in your project. HTTP status 200 will be returned if the deletion completes successfully.

Sample request:

1 2 3 4 5 6 curl \ -H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \ -H 'dyn-Project-Id: 3' \ -H 'Content-type: application/json' \ -X DELETE \ http://dyn-pro.dev/pro/api/document_properties/dyn.client

Result:

1 2 3 { "message": "Resource deleted successfully" }

IssueLibrary endpoint

GET /pro/api/addons/issuelib/entries

Retrieves all of the IssueLibrary entries from your instance.

Sample request:

1 2 3 curl \ -H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \ http://dyn-pro.dev/pro/api/addons/issuelib/entries

Result:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 [ { "id": 1, "title": ".NET assemblies were not obfuscated", "fields": { "Title": ".NET assemblies were not obfuscated", "Description": "The client-side assemblies were found to be strongly-named (which can help against tampering)...", "id": 1 }, "state": 0, "content": "#[Title]#\r\n.NET assemblies were not obfuscated\r\n\r\n\r\n#[Description]#\r\nThe client-side assemblies were found to be strongly-named (which can help against tampering)...", "created_at": "2019-03-14T20:35:45.000Z", "updated_at": "2019-03-14T20:59:09.000Z" }, { "id": 2, "title": "SQL injection", "fields": { "Title": "SQL injection", "Description": "Structured Query Language (SQL) is a computer language designed for the retrieval and management of data in relation databases...", "id": 2 }, "state": 0, "content": "#[Title]#\r\nSQL injection\r\n\r\n\r\n#[Description]#\r\nStructured Query Language (SQL) is a computer language designed for the retrieval and management of data in relation databases...", "created_at": "2019-03-14T20:59:29.000Z", "updated_at": "2019-03-14T20:59:29.000Z" } ]

GET /pro/api/addons/issuelib/entries/:issuelibrary_entry_id

Retrieves a single IssueLibrary entry.

Sample request:

1 2 3 curl \ -H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \ http://dyn-pro.dev/pro/api/addons/issuelib/entries/2

Result:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 { "id": 2, "title": "SQL injection", "fields": { "Title": "SQL injection", "Description": "Structured Query Language (SQL) is a computer language designed for the retrieval and management of data in relation databases...", "id": 2 }, "state": 0, "content": "#[Title]#\r\nSQL injection\r\n\r\n\r\n#[Description]#\r\nStructured Query Language (SQL) is a computer language designed for the retrieval and management of data in relation databases...", "created_at": "2019-03-14T20:59:29.000Z", "updated_at": "2019-03-14T20:59:29.000Z" }

POST /pro/api/addons/issuelib/entries

Creates an IssueLibrary entry. The attributes for the IssueLibrary entry must be provided in the POST body as JSON.

HTTP status 201 will be returned if the creation completes successfully, and a Location header will be sent with the response, set to the URL of the newly created resource.

Accepted Parameter

Use

Accepted Parameter

Use

entry

Pass it the content parameter.

content

Pass it the content of the IssueLibrary entry to be created.

Sample request:

1 2 3 4 5 6 curl \ -H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \ -H 'Content-type: application/json' \ -X POST \ -d '{"entry":{"content": "#[Title]#\r\nDangerous HTTP methods: TRACE\r\n\r\n#[Rating]#\r\nMedium\r\n\r\n#[Description]#\r\nThe TRACE HTTP method is used as a debugging mechanism that allows the client to see what is being received at the other end of the request chain and use that data for testing and diagnostic information."}}' \ http://dyn-pro.dev/pro/api/addons/issuelib/entries

Result:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 { "id": 3, "title": "Dangerous HTTP methods: TRACE", "fields": { "Title": "Dangerous HTTP methods: TRACE", "Rating": "Medium", "Description": "The TRACE HTTP method is used as a debugging mechanism that allows the client to see what is being received at the other end of the request chain and use that data for testing and diagnostic information.", "id": 3 }, "state": 0, "content": "#[Title]#\r\nDangerous HTTP methods: TRACE\r\n\r\n#[Rating]#\r\nMedium\r\n\r\n#[Description]#\r\nThe TRACE HTTP method is used as a debugging mechanism that allows the client to see what is being received at the other end of the request chain and use that data for testing and diagnostic information.", "created_at": "2019-03-14T21:10:53.000Z", "updated_at": "2019-03-14T21:10:53.000Z" }

PUT /pro/api/addons/issuelib/entries/:issuelibrary_entry_id

Updates a specific IssueLibrary entry. The attributes to be updated must be provided in the body as JSON. Like the POST method, make sure to write out the new content of the IssueLibrary entry using JSON on one line subbing in \r\n to create new lines and creating fields using the #[ ]# syntax. If your content contains any special characters, be sure to escape them using /.

HTTP status 200 will be returned if the update completes successfully.

See POST above for more details on the accepted parameters.

Sample request:

1 2 3 4 5 6 curl \ -H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \ -H 'Content-type: application/json' \ -X PUT \ -d '{"entry":{"content": "#[Title]#\r\nDangerous HTTP methods: TRACE\r\n\r\n#[Rating]#\r\nMedium\r\n\r\n#[Description]#\r\nUpdated sample IssueLibrary entry description"}}' \ http://dyn-pro.dev/pro/pro/api/addons/issuelib/entries/3

Result:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 { "id": 3, "title": "Dangerous HTTP methods: TRACE", "fields": { "Title": "Dangerous HTTP methods: TRACE", "Rating": "Medium", "Description": "Updated sample IssueLibrary entry description", "id": 3 }, "state": 0, "content": "#[Title]#\r\nDangerous HTTP methods: TRACE\r\n\r\n#[Rating]#\r\nMedium\r\n\r\n#[Description]#\r\nUpdated sample IssueLibrary entry description", "created_at": "2019-03-14T21:10:53.000Z", "updated_at": "2019-03-14T21:14:33.000Z" }

DELETE /pro/api/addons/issuelib/entries/:issuelibrary_entry_id

Deletes a specific IssueLibrary entry from your instance. HTTP status 200 will be returned if the deletion completes successfully.

Sample request:

1 2 3 4 curl \ -H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \ -X DELETE \ http://dyn-pro.dev/pro/pro/api/addons/issuelib/entries/3

Result:

1 2 3 { "message": "Resource deleted successfully" }

 

COPYRIGHT (C) 2014-2022 SECURITY REVIEWER SRL. ALL RIGHTS RESERVED.