RESTful API
C2M provides a RESTful API for automated analysis data retrieval.
Two steps are required to use the API:
- Enable the API in the C2M configuration file
- Generate an API access token in the C2M settings UI
Enable the API
Make sure that appsettings.json contains the following section:
{
"RestApiSettings": {
"Enabled": true
}
}
The API is enabled by default in the provided configuration file.
Generate an API Access Token
To generate an API access token, open the C2M settings UI and navigate to the API Access Tokens section:
Click the Generate token button to generate a new token, set the name and expiration date:
Click the Generate button. The token will be displayed in the UI:
Copy the token and store it in a safe place.
- The token will not be displayed again (it is stored in the database in a hashed form)
- The token can be revoked at any time by clicking the Revoke button
- The token grants access only to the current C2M instance
Using the API
See the OpenAPI Specification for all available endpoints. You can load this spec into a tool like Postman or editor.swagger.io to explore the API.
In the following examples, we'll use the curl command line tool to perform basic operations on the API.
- The examples uses a dedicated API test server at https://api-test.codewetrust-api.com/. You can ran the commands as is. The provided token is valid only for this server:
AAAI/ORYqAbVQgjb4cZslBdgVmJl6YyBEI81XxsXneg= - Tip: use the
-ioption to display the HTTP response headers - Tip: use jq to format the JSON responses by appending
| jqto the commands below
Status
Status API does not require the token.
curl https://api-test.codewetrust-api.com/api/v1/status
Sample response:
{
"status": "OK",
"app": "CodeWeTrust API",
"date": "2023-11-10T16:50:45.0129583Z",
"version": "6.5.0.1+16f303e04d",
"scannerQueueSize": 0
}
Get Products
curl 'https://api-test.codewetrust-api.com/api/v1/products' \
-H 'Authorization: Bearer AAAI/ORYqAbVQgjb4cZslBdgVmJl6YyBEI81XxsXneg='
Sample response:
[
{
"id": "P-000c0000-6e13-0646-a6a2-08dbcc7d9bce",
"title": "Dapper",
"repositoriesCount": 1,
"linesOfCode": 21160,
"languages": [
"C#",
"PowerShell",
"DOS Batch",
"Markdown",
"Text"
],
"scans": [
{
"id": "000c0000-6e13-0646-53ce-08dbcc7d9bd1",
"date": "2023-10-14T06:23:33.2163968Z"
}
]
}
]
Note the scans property. The same product can be scanned multiple times.
The id property of the scan will be used to retrieve the scan results in the examples below.
Get Scan Results
The following commands will download various reports using the scan id:
- Engineering Report
curl 'https://api-test.codewetrust-api.com/api/v1/reports/engineering/000c0000-6e13-0646-53ce-08dbcc7d9bd1' \
--output engineering-report.pptx \
-H 'Authorization: Bearer AAAI/ORYqAbVQgjb4cZslBdgVmJl6YyBEI81XxsXneg='
- Executive Report
curl 'https://api-test.codewetrust-api.com/api/v1/reports/executive/000c0000-6e13-0646-53ce-08dbcc7d9bd1' \
--output executive-report.pptx \
-H 'Authorization: Bearer AAAI/ORYqAbVQgjb4cZslBdgVmJl6YyBEI81XxsXneg='
- SBOM (Software Bill of Materials)
curl 'https://api-test.codewetrust-api.com/api/v1/reports/sbom/000c0000-6e13-0646-53ce-08dbcc7d9bd1?format=json' \
--output sbom-report.json \
-H 'Authorization: Bearer AAAI/ORYqAbVQgjb4cZslBdgVmJl6YyBEI81XxsXneg='
API Tester Example App (Python)
The public-api-tester repository contains an example Python console application that demonstrates how to use the C2M REST API. See README for details.