Generate PDF via Platform API

Corie Lynch

April 28, 2023 19:30

Introduction
PDF cURL Command
Parameters
Query Params
Common Query Examples

Introduction

Generating a PDF of a Platform assessment can be done in two ways:

Within the App Analysis of the Platform UI. Login to Platform > select the preferred app's assessment > App Analysis > select the download icon beside the App Analysis Learn more about Save and Customize a PDF Report and Evidence File in Platform article.

Note: The API produced PDF includes inline evidence, which can be selected within the Save PDF exporter icon > select PDF Inline. The evidence will show inline in the PDF beneath the additional guidance section of the report in tabular form. If the evidence is longer than 20 rows, a link will navigate to the full set of results in the UI, along with a suggestion to download the JSON format.
NowSecure's API cURL command (Instructions below)

cURL Command

Note: Replace the $API_TOKEN with your own token. Create a token by selecting the Profile icon on the top right corner of Platform > select Tokens. See Creating an API Bearer Token for further information.

The assessment/ref/xxxxxx-xxx refers to the Assessment ID of the application you want the report generated for. Assessment ID can be found by selecting the preferred app on the Apps page > App Analysis > Debug tab > then select the Assessment Info section on the left of the screen.

Note: Make sure to keep the .pdf at the end after your own Assessment ID. The download path must end with .pdf if the naming convention is changed.

This cURL command downloads a PDF report of a specific assessment without including screenshots.

curl -H "Authorization: Bearer $API_TOKEN" https://api.nowsecure.com/report/assessment/ref/$assessmentID.pdf> ~/Downloads/assessment.pdf

Parameters

Params	Type	Description
`filename`	String	Default: `NowSecure-Report-{date}`
`assessmentID`	UUID	`required`

Query Params

NOTE: Array params must be separated like so: policyCategory[]=1&policyCategory[]=2

Parameter	Type	Inputs	Default
`evidenceFormats`	Array	`inline`	None
`finding.businessImpact`	Boolean	`true` \| `false`	True
`finding.description`	Boolean	`true` \| `false`	True
`findings.note`	Boolean	`true` \| `false`	True
`finding.regulatory`	Array	cwe \| niap \| fisma_low \| fisma_med \| owasp \| gdpr \| ffiec \| pci \| hipaa \| ccpa \| cwe_top_25 \| ioxt \| google_caq	All
`finding.remediationResources`	Boolean	`true` \| `false`	True
`finding.stepsToReproduce`	Boolean	`true` \| `false`	True
`findingDetails`	Boolean	`true` \| `false`	True
`findingsSummary`	Boolean	`true` \| `false`	True
`hiddenFindings`	Boolean	`true` \| `false`	True
`impactType`	Array	critical \| high \| medium \| low \| warn \| info \| artifact \| pass	All
`policyCategories`	Boolean	`true` \| `false`	True
`policyCategory`	Array	1 \| 2 \| 3 \| pass	All
`reportSummary`	Boolean	`true` \| `false`	True
`screenshots`	Boolean	`true` \| `false`	True

Common Query Examples

The following are common and useful query examples for various calls available via Platform API to return more specific results to a PDF report.

Screenshots Only

This query quickly verifies if your app is authenticating by only returning the screenshots taken during the dynamic portion of the scan.

GET

curl -H "Authorization: Bearer $API_TOKEN" "https://api.nowsecure.com/report/assessment/ref/:assessmentID.pdf?findingDetails=false&findingsSummary=false" > :filepath/:filename.pdf

Policy Category 1 Only

This query returns the Policy Category 1 findings only to this report. By default, Category 1 includes all findings that have a CVSS score ranging from low - critical

GET

curl -H "Authorization: Bearer $API_TOKEN" "https://api.nowsecure.com/report/assessment/ref/:assessmentID.pdf?policyCategory[]=1" > :filepath/:filename.pdf

Summary Only

This query outputs the counts of each severity type. No other information is returned in this two page report.

GET

curl -H "Authorization: Bearer $API_TOKEN" "https://api.nowsecure.com/report/assessment/ref/:assessmentID.pdf?findingDetails=false&screenshots=false" > :filepath/:filename.pdf

Sample output of PDF Report (Summary Only):

Passed Findings Only

This query only displays the tests your app successfully passed.

GET

curl -H "Authorization: Bearer $API_TOKEN" "https://api.nowsecure.com/report/assessment/ref/:assessmentID.pdf?impactType[]=pass&screenshots=false" > :filepath/:filename.pdf

Show Evidence for CVSS Findings

This query returns evidence tables for findings that have a CVSS score (critical, high, medium low). Note: Evidence tables are limited to 10 rows. The next example displays the full table.

GET

curl -H "Authorization: Bearer $API_TOKEN" "https://api.nowsecure.com/report/assessment/ref/:assessmentID.pdf?evidenceFormats[]=inline&impactType[]=critical&impactType[]=high&impactType[]=medium&impactType[]=low&screenshots=false" > :filepath/:filename.pdf

Show All Evidence

This query returns a .zip file containing all of an assessment's evidence in JSON format.

GET

curl -H "Authorization: Bearer $API_TOKEN" "https://api.nowsecure.com/report/assessment/:assessmentID/evidence/:filename.zip" > :filepath/:filename.zip