.webp)
Step 1: Register A New User Account
Note: Don’t use personal credentials when accessing APIsec APIs. Instead, register a new user with the role “USER” in Apisec™ UI and entitled this account to required projects.
Step 2: Authenticating and Generating A JWT Token
curl -s -X POST https://cloud.fxlabs.io/auth/login -H 'Accept: application/json' -H 'Content-Type: application/json' -d '{"username": "", "password": ""}'
You should receive a token back.
{"token":"eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJOZXRCYW5raW5nLy9pbnRlc2FyQGZ4bGFicy5pbyIsInNjb3BlcyI6IlJPTEVfVVNFUixST0xFX1BST0pFQ1RfTUFOQUdFUixST0xFX0FETUlOLFJPTEVfRU5URVJQUklTRV9BRE1JTiIsImlhdCI6MTYwOTg4NzQ5NywiZXhwIjoxNjA5OTA1NDk3fQ.8kkPdbacGy6BDfzqnTM6EiUi6aHS_mWDHCfWirvma_s"}
Note: The token is valid for 5 hours.
Step 3: Get Entitled Projects
Note: Use the token from the previous call as part of the header value in “Authorization: Bearer ”
curl -s -H "Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJOZXRCYW5raW5nLy9pbnRlc2FyQGZ4bGFicy5pbyIsInNjb3BlcyI6IlJPTEVfVVNFUixST0xFX1BST0pFQ1RfTUFOQUdFUixST0xFX0FETUlOLFJPTEVfRU5URVJQUklTRV9BRE1JTiIsImlhdCI6MTYwOTg4NzQ5NywiZXhwIjoxNjA5OTA1NDk3fQ.8kkPdbacGy6BDfzqnTM6EiUi6aHS_mWDHCfWirvma_s" -H "Content-Type: application/json" -H "Accept: application/json" -X GET https://cloud.fxlabs.io/api/v1/projects
Response structure
Step 4: Get Project Vulnerabilities
Using the response from Step 3, make individual calls to retrieve project-specific vulnerabilities.
Note: This call returns Critical and High vulnerabilities only from the master environment.
curl -s -H "Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJOZXRCYW5raW5nLy9pbnRlc2FyQGZ4bGFicy5pbyIsInNjb3BlcyI6IlJPTEVfVVNFUixST0xFX1BST0pFQ1RfTUFOQUdFUixST0xFX0FETUlOLFJPTEVfRU5URVJQUklTRV9BRE1JTiIsImlhdCI6MTYwOTg4NzQ5NywiZXhwIjoxNjA5OTA1NDk3fQ.8kkPdbacGy6BDfzqnTM6EiUi6aHS_mWDHCfWirvma_s" -H "Content-Type: application/json" -H "Accept: application/json" -X GET https://cloud.fxlabs.io/api/v1/projects/{projectId}/vulnerabilities
Here are a few important attributes of the vulnerability entity:
- id
- status
- environment.baseURL
- issueDesc
- label
- description
- category
- cvss
- severity
- rank
- suggestion
- createdDate
- method
- path
FAQs
1. How do I register a new user account to access APIsec APIs?
Create a dedicated user in the Apisec UI with the appropriate role (for example, “USER”), then entitle that user to the required projects as a collaborator instead of using personal credentials. APIsec
2. How can I retrieve a list of projects entitled to my APIsec user?
First, authenticate and obtain a JWT, then call the GET /api/v1/projects endpoint with the token in the Authorization: Bearer <token> header to return all projects your user is entitled to, as shown in the How to call APIsec APIs guide.
3. How do I fetch vulnerabilities for a specific project using APIsec APIs?
Use the project ID from the projects list and call GET /api/v1/projects/{projectId}/vulnerabilities with your JWT; the documented example returns critical and high vulnerabilities from the master environment.
4. What are the critical attributes returned in the APIsec project vulnerability data?
Vulnerability records include identifiers, status, environment base URL, descriptive fields, category, and severity details (such as CVSS and rank), HTTP method and path, suggestions, and timestamps.
5. How long is the JWT token valid when using APIsec APIs?
Current cloud.apisec.ai documentation states that the JWT token time-to-live is 24 hours, after which a new token must be requested; older material references 5 hours, so teams should follow the value configured in their environment.
.webp)
