Generate PDF via API

Corie Lynch

March 23, 2023 21:24

Introduction
PDF cURL Command
Endpoints
Parameters
Query Params

Introduction

Generating a PDF of a Platform assessment can be done in two ways:

Within the App Analysis of the Platform UI. Login to Platform > select the preferred app's assessment > App Analysis > select the download icon beside the App Analysis Learn more about Save and Customize a PDF Report and Evidence File in Platform article.

Note: The API produced PDF includes inline evidence, which can be selected within the Save PDF exporter icon > select PDF Inline. The evidence will show inline in the PDF beneath the additional guidance section of the report in tabular form. If the evidence is longer than 20 rows, a link will navigate to the full set of results in the UI, along with a suggestion to download the JSON format.
NowSecure's API cURL command (Instructions below)

cURL Command

Note: Replace the $API_TOKEN with your own token. Create a token by selecting the Profile icon on the top right corner of Platform > select Tokens. See Creating an API Bearer Token for further information.

The assessment/ref/xxxxxx-xxx refers to the Assessment ID of the application you want the report generated for. Assessment ID can be found by selecting the preferred app on the Apps page > App Analysis > Debug tab > then select the Assessment Info section on the left of the screen.

Note: Make sure to keep the .pdf at the end after your own Assessment ID. The download path must end with .pdf if the naming convention is changed.

This cURL command downloads a PDF report of a specific assessment without including screenshots.

curl -H "Authorization: Bearer $API_TOKEN" -X GET "https://api.nowsecure.com/report/assessment/ref/576313e0-5797-11ed-bed7-bf69c0c3effb.pdf?screenshots=false" \ > ~/Downloads/assessment.pdf

Endpoints

Creates an endpoint for assessment report generation:
```
/report/assessment/ref/:assessmentRef/:filename.:format(pdf)
```
- https://api.nowsecure.com
Creates an endpoint for assessment evidence (findings) .zip file generation:
```
/report/assessment/:assessmentRef/evidence/:filename.zip
```
- https://api.nowsecure.com
Removes legacy getAssessmentFindings endpoints:
```
'/assessment/:task/findings.pdf'
```
- https://lab-api.nowsecure.com/
Replaces legacy getAssessmentReport endpoint logic with new .pdf:
```
'/assessment/:ref/report.json'
```
```
'/assessment/:ref/report.html'
```
```
'/assessment/:ref/report.pdf'
```
- https://lab-api.nowsecure.com/
- NOTE: this is the default. Will not accept query params

Parameters

Params	Type	Description
`filename`	String	Default: `NowSecure-Report-{date}`
`assessmentRef`	UUID	`required`

policyCategories = ['1', '2', '3', 'pass']

impactTypes = ['critical', 'high', 'medium', 'low', 'warn', 'info', 'artifact', 'pass']

regulatoryFindings = [
  'owasp',
  'cwe',
  'fisma_low',
  'fisma_med',
  'owasp',
  'gdpr',
  'ffiec',
  'pci',
  'hipaa',
  'ccpa',
  'ioxt',
  'cwe_top_25',
  'niap',
  'google_caq',

Query Params

NOTE: Array params must be separated like so: policyCategory[]=1&policyCategory[]=2

Query Params	Type	Description
`evidenceFormats`	Array ( `json` \| `inline` )	`required`
`policyCategories`	Boolean	defaulted `true`
`findingDetails`	Boolean	defaulted `true`
`findingsSummary`	Boolean	defaulted `true`
`hiddenFindings`	Boolean	defaulted `true`
`impactType`	Array (see above)	Defaulted: `all`
`policyCategory`	Array (see above)	`required`
`report`	String	Defaulted `standard`
`reportSummary`	Boolean	Defaulted `true`
`screenshots`	Boolean	defaulted: `true`
`finding.note`	boolean	defaulted: `true`
`finding.description`	boolean	defaulted: `true`
`finding.stepsToReproduce`	boolean	defaulted: `true`
`finding.businessImpact`	boolean	defaulted: `true`
`finding.remediationResources`	boolean	defaulted: `true`
`finding.regulatory`	Array (see above)	defaulted: `all`