UpdatePortfolio

Parameters

The following URL, Headers and Parameters are required for requests to this API endpoint. Where a parameter is optional, it will be indicated. Otherwise treat all parameters as mandatory.

Headers

PUT /api/ss/portfolio/:id HTTP/1.1
Host: demo.attackforge.com
X-SSAPI-KEY: APIKey
Content-Type: application/json
Connection: close

Body

name (string)

Name of the portfolio.

Example:

{
   "name": "..."
}

code (string) (optional)

Portfolio code.

Example:

{
   "code": "..."
}

description (string) (optional)

Portfolio description.

Example:

{
   "description": "..."
}

level_1_owner (string) (optional)

Portfolio level 1 owner.

Example:

{
   "level_1_owner": "..."
}

level_2_owner (string) (optional)

Portfolio level 2 owner.

Example:

{
   "level_2_owner": "..."
}

level_3_owner (string) (optional)

Portfolio level 3 owner.

Example:

{
   "level_3_owner": "..."
}

users_with_view_access (array of strings) (optional)

Users Ids for users who will have View access to this Portfolio.

Example:

{
   "users_with_view_access": [
      "..."
   ]
}

groups_with_view_access (array of strings) (optional)

Group Ids for users who will have View access to this Portfolio.

Example:

{
   "groups_with_view_access": [
      "..."
   ]
}

users_with_link_access (array of strings) (optional)

Users Ids for users who will have Link access to this Portfolio.

Example:

{
   "users_with_link_access": [
      "..."
   ]
}

groups_with_link_access (array of strings) (optional)

Group Ids for users who will have Link access to this Portfolio.

Example:

{
   "groups_with_link_access": [
      "..."
   ]
}

streams (array of objects) (optional)

Create Streams on the Portfolio.

• id - Stream Id

• name - Stream name (optional)

• projects - Project Ids to link to the Stream (optional)

• users_with_view_access - Users Ids for users who will have View access to this Portfolio. (optional)

• users_with_link_access - Users Ids for users who will have Link access to this Portfolio. (optional)

• groups_with_view_access - Group Ids for groups who will have View access to this Portfolio. (optional)

• groups_with_link_access - Group Ids for groups who will have Link access to this Portfolio. (optional)

• sort_order - sort order for the Streams (optional)

Example:

{
   "id": "...",
   "name": "...",
   "projects": [
      "..."
   ],
   "users_with_view_access": [
      "..."
   ],
   "users_with_link_access": [
      "..."
   ],
   "groups_with_view_access": [
      "..."
   ],
   "groups_with_link_access": [
      "..."
   ],
   "sort_order": 1
}

tags (array of strings) (optional)

Portfolio tags.

Example:

{
   "tags": [
      "..."
   ]
}

custom_fields (array of objects) (optional)

Custom fields. Must include a key and value. Key must be unique and letters, number and underscores only.

For more information visit https://support.attackforge.com/attackforge-enterprise/getting-started/custom-fields-and-forms#using-custom-fields-with-apis

Example:

{   
    "custom_fields": [
        {
            "key": "...",
            "value": "..."
        }
    ]
}

Example

The following example is a cURL request to create a new portfolio.

Request

Include API Token instead of stars in 'X-SSAPI-KEY: ***************************************' parameter.

curl -X POST 'https://localhost:3000/api/ss/portfolio' -H 'Host: localhost:3000' -H 'X-SSAPI-KEY: ***************************************' -H 'Content-Type: application/json' -H 'Connection: close' -d '{
  "name": "ACME Corp.",
  "code": "ACME2024",
  "description": "All 2024 testing for ACME Corp.",
  "streams": [
    {
      "id": "665d3321cf30db5bd2874199",
      "name": "Mobile Pentesting"
    },
    {
      "id": "668e406d297d2432fe92d8bc",
      "name": "Red Teaming"
    }
  ]
}'

Response

Response contains a portfolio object.

{
  "portfolio": {
    "id": "..."
  }
}