# CreateProject ## Parameters The following URL, Headers and Parameters are required for requests to this API endpoint. Where a parameter is optional, it will be indicated. Otherwise treat all parameters as mandatory. ### Headers ``` POST /api/ss/project HTTP/1.1 Host: demo.attackforge.com X-SSAPI-KEY: APIKey Content-Type: application/json Connection: close ``` ### Query **name (string)** Name of the project. Example: ``` { "name": "..." } ``` **code (string)** Project code. Example: ``` { "code": "..." } ``` **groups (array of strings) (optional)** Groups to link to the project. Must match group IDs. Example: ``` { "groups": ["64f7909963cc54000ed4ecfc"] } ``` **startDate (string)** Project start date. Must be UTC string e.g. 2021-06-03T23:15:33.008Z. Example: ``` { "startDate": "2021-06-03T00:00:00.000Z" } ``` **endDate (string)** Project end date. Must be UTC string e.g. 2021-06-03T23:15:33.008Z. Example: ``` { "endDate": "2021-06-03T00:00:00.000Z" } ``` **scoringSystem (string) (optional)** Scoring system to be used on the project. Must be either Manual or CVSSv3.1. Example: ``` { "scoringSystem": "CVSSv3.1" } ``` **scope (array of strings)** Project scope / assets to be tested. Include name of asset or the asset Id if using the assets module. Example: ``` { "scope": ["...", "...", "..."] } ``` **asset\_library\_ids (*****array of strings*****) (*****optional*****)** Asset libraries to map scope against. Example: ``` { "asset_library_ids": ["6569608e55bc00bacc67b417", "...", "..."] } ``` **testsuites (array of strings)** Testsuites to assign to the project. Must match exact testsuite names. Example: ``` { "testsuites": ["...", "...", "..."] } ``` **organization\_code (*****string*****) (*****optional*****)** Project organization code. Example: ``` { "organization_code": "..." } ``` **vulnerability\_code (*****string*****) (*****optional*****)** Vulnerability code for user friendly vulnerability ids. Must be unique per project, 3-8 characters in length. Example: ``` { "vulnerability_code": "..." } ``` **team\_notifications (*****array of strings*****) (*****optional*****)** Project team notifications. Must include one or more of the following: *critical*, *high*, *medium*, *low*, *info*, *retest*, *reopened*, *closed* Example: ``` { "team_notifications": ["..."] } ``` **admin\_notifications (*****array of strings*****) (*****optional*****)** Admin notifications. Must include one or more of the following: *retest*, *reopened*, *closed* Example: ``` { "admin_notifications": ["..."] } ``` **start\_stop\_testing\_email (*****string*****) (*****optional*****)** Email body for daily start & stop testing notifications. Example: ``` { "start_stop_testing_email": "..." } ``` **start\_stop\_testing\_email\_additional\_recipients (*****array of strings*****) (*****optional*****)** Additional email recipients for daily start & stop testing notifications. Must be a list of email addresses. Example: ``` { "start_stop_testing_email_additional_recipients": ["..."] } ``` **new\_vulnerability\_email\_type (*****string*****) (*****optional*****)** Individual or Grouped emails to be sent for new vulnerabilities. Must include one of the following: *individual*, *group*. If not specified, default option is *individual* Example: ``` { "new_vulnerability_email_type": "group" } ``` **new\_vulnerability\_email (*****string*****) (*****optional*****)** Email body for new vulnerability discovered notifications. Example: ``` { "new_vulnerability_email": "..." } ``` **new\_vulnerability\_email\_additional\_recipients (*****array of strings*****) (*****optional*****)** Additional email recipients for new vulnerability discovered notifications. Must be a list of email addresses. Example: ``` { "new_vulnerability_email_additional_recipients": ["..."] } ``` **forced\_emails (*****array of strings*****) (*****optional*****)** Force emails to project team. Must include one or more of the following: *all\_emails*, *daily\_start\_stop\_testing*, *new\_critical\_vulnerability*, *new\_high\_vulnerability*, *new\_medium\_vulnerability*, *new\_low\_vulnerability*, *new\_info\_vulnerability*, *vulnerability\_ready\_for\_retesting*, *vulnerability\_reopened*, *vulnerability\_closed*, *project\_role\_updated*, *project\_hold*, *retest\_completed* Example: ``` { "forced_emails": ["..."] } ``` **sla\_activation (*****string*****) (*****optional*****)** Apply vulnerability SLAs automatically or manually. Must be either "automatic" or "manual". Automatic is default. Example: ``` { "sla_activation": "..." } ``` **custom\_fields (*****array of objects*****) (*****optional*****)** Custom fields. Must include a key and value. Key must be unique and letters, number and underscores only. For more information visit Example: ``` { "custom_fields": [{"key": "...", "value": "..."}] } ``` **portfolio\_streams (*****array of objects*****) (*****optional*****)** Enter a list of Portfolio & Stream Ids to link this project to. Stream must be part of the Portfolio. Example: ``` { "portfolio_streams": [ { "portfolioId": "...", "streamId": "..." } ] } ``` **features (*****object*****) (*****optional*****)** Configure features on the project. Roles must be either client, consultant or librarymod. Minimum Project Access Level must be either View, Upload or Edit. Example: ``` { "features": { "attack_chains": { "enabled": true, "access": { "roles": [ "client", "consultant", "librarymod" ], "project_access_level": "View" } }, "reporting": { "enabled": true, "access": { "roles": [ "client", "consultant", "librarymod" ], "project_access_level": "View" } }, "retesting": { "enabled": true, "access": { "roles": [ "client", "consultant", "librarymod" ], "project_access_level": "View" } }, "testcases": { "access": { "roles": [ "client", "consultant", "librarymod" ], "project_access_level": "View" } } } } ``` **pages (*****object*****) (*****optional*****)** Configure pages on the project. Roles must be either client, consultant or librarymod. Project Access Level must be either View, Upload or Edit. Example: ``` { "pages": { "summary": { "enabled": true, "access": { "view_project_access_levels": [ "View", "Upload", "Edit" ], "view_roles": [ "client", "consultant", "librarymod" ], "upload_project_access_levels": [ "View", "Upload", "Edit" ], "upload_roles": [ "client", "consultant", "librarymod" ], "edit_project_access_levels": [ "View", "Upload", "Edit" ], "edit_roles": [ "client", "consultant", "librarymod" ] } } } } ``` ## Example The following example is a cURL request to create a new project. ### Request Include API Token instead of stars in 'X-SSAPI-KEY: \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*' parameter. ``` curl -X POST 'https://localhost:3000/api/ss/project' -H 'Host: localhost:3000' -H 'X-SSAPI-KEY: ***************************************' -H 'Content-Type: application/json' -H 'Connection: close' -d '{ "name": "ACME Digital Web App Pentest", "code": "DEMO9999", "groups": ["64f7909963cc54000ed4ecfc"], "startDate": "2021-06-03T00:00:00.000Z", "endDate": "2021-06-04T00:00:00.000Z", "scope": ["test.com", "192.168.0.1"], "testsuites": ["ASVS Level 2 Web Application", "OSSTMM v3.0 Infrastructure"], "scoringSystem": "CVSSv3.1", "organization_code": "GLOBEX123", "vulnerability_code": "VULN123", "team_notifications": ["critical", "high"], "admin_notifications": ["retest", "reopened"], "start_stop_testing_email": "Hi {firstName},..", "start_stop_testing_email_additional_recipients": ["batman@attackforge.com", "robin@attackforge.com"], "new_vulnerability_email_type": "individual", "new_vulnerability_email": "Hi {firstName},..", "new_vulnerability_email_additional_recipients": ["soc@attackforge.com"], "forced_emails": ["new_critical_vulnerability", "new_high_vulnerability"], "sla_activation": "automatic", "custom_fields": [{"key": "customer_name", "value": "WAYNE TECHNOLOGIES."}] }' ``` ### Response Response contains a project object. ``` { "project": { "id": "...", "name": "...", "code": "...", "organization_code": "...", "vulnerability_code": "..." "groups": [ { "id": "...", "name": "..." } ], "isOnHold": "...", "startDate": "...", "endDate": "...", "scoring_system": "...", "team_notifications": [ "..." ], "admin_notifications": [ "..." ], "start_stop_testing_email": "...", "start_stop_testing_email_additional_recipients": [ "..." ], "new_vulnerability_email_type": "...", "new_vulnerability_email": "...", "new_vulnerability_email_additional_recipients": [ "..." ], "forced_emails": [ "..." ], "sla_activation": "...", "created": "...", "last_updated": "...", "custom_fields": [ { "key": "...", "value": "...", "type": "Tag/Field" } ], "streams": [ { "id": "...", "name": "...", "stream_portfolios": [ { "id": "...", "name": "...", } ] } ], "features": { "attack_chains": { "access": { "project_access_level": "...", "roles": [ "..." ] }, "enabled": true }, "reporting": { "access": { "project_access_level": "...", "roles": [ "..." ] }, "enabled": true }, "retesting": { "access": { "project_access_level": "...", "roles": [ "..." ] }, "enabled": true }, "testcases": { "access": { "project_access_level": "...", "roles": [ "..." ] } } }, "pages": { "summary": { "access": { "edit_project_access_levels": [ "..." ], "edit_roles": [ "..." ], "upload_project_access_levels": [ "..." ], "upload_roles": [ "..." ], "view_project_access_levels": [ "..." ], "view_roles": [ "..." ] }, "enabled": true } } } } ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/createproject.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.