AttackForge Enterprise & AttackForge Core
Powered By GitBook


This page will help you to get started with using the Self-Service RESTful API.


Access to the Self-Service RESTful API is controlled using an Authorization token / API key. If you do not already have an existing Self-Service RESTful API key, you can generate one within the application.
In order to access the Self-Service RESTful API, you must meet the following conditions:
    You must have a valid Self-Service API key;
    You must be provided with access to RESTful API methods by the Administrators; and
    Your API Key is supplied in the Header X-SSAPI-KEY for each request to the API endpoint
Your key is static and does not expire. You can request a new key at any time within the application.
All requests to the API must be made over HTTPS. Calls made over plain HTTP will fail. You must authenticate all requests.

Accessing the RESTful API

Access to the RESTful API, including scope of data available, is restricted to the users' data within the application. This means that an Administrators' API key cannot access all data in the system,
By default, every user in the system does not have access to any of the RESTful API methods. Access to the RESTful API must be provided explicitly by an Administrator, and in controlled on an individual method basis.
A user can see their access to the RESTful SSAPI by viewing the My API section within the SSAPI module in the application.
An Administrator can provide access to the RESTful SSAPI for a user by accessing the Users module.
Last modified 2mo ago