Generate PDFs via Platform REST API

Introduction
App Assessment PDF
cURL Command
Parameters
Query Params
Common Query Examples
MASVS Report PDF
Self-Attestation Letter PDF

Introduction

Platform API generates a PDF for key NowSecure Platform features including: 

App Assessment PDF

Generating a PDF of a NowSecure Platform app assessment can be done in two ways:

  1. Within the App Analysis of the Platform UI. Login to Platform > select the preferred app's assessment > App Analysis > select the download icon beside the App Analysis download.pngand choose Export App Analysis. Learn more about Save and Customize a PDF Report and Evidence File in Platform article.

    Note
    : The API produced PDF includes inline evidence, which can be selected within the Export App Analysis icon download.png > select PDF Inline. The evidence will show inline in the PDF beneath the additional guidance section of the report in tabular form. If the evidence is longer than 20 rows, a link will navigate to the full set of results in the UI, along with a suggestion to download the JSON format.


  2. NowSecure's API cURL command (Instructions below)

cURL Command

Note: Replace the $API_TOKEN with your own token. Create a token by selecting the Profile icon on the top right corner of Platform > select Tokens. See Creating an API Bearer Token for further information.

The $assessmentID in the call refers to your app's Assessment ID of which you want the PDF report. Assessment ID can be found by selecting the preferred app on the Apps page > App Analysis > Debug tab in the left side panel > then select the Assessment Info subsection. 

Note: Make sure to keep the .pdf at the end after your own Assessment ID. The download path must end with .pdf if the naming convention is changed.

This cURL command downloads a PDF report of a specific assessment without including screenshots.

curl -H "Authorization: Bearer $API_TOKEN" https://api.nowsecure.com/report/assessment/ref/$assessmentID.pdf > ~/Downloads/assessment.pdf

Parameters

Params Type Description
filename String Default: NowSecure-Report-{date}
assessmentID UUID required

 

Query Params

NOTE: Array params must be separated like so: policyCategory[]=1&policyCategory[]=2

Parameter Type Inputs Default

evidenceFormats

Array

inline

None

finding.businessImpact

Boolean

true | false

True

finding.description

Boolean

true | false

True

findings.note

Boolean

true | false

True

finding.regulatory

Array

cwe | niap | fisma_low | fisma_med | owasp | gdpr | ffiec | pci | hipaa | ccpa | cwe_top_25 | ioxt | google_caq

All

finding.remediationResources

Boolean

true | false

True

finding.stepsToReproduce

Boolean

true | false

True

findingDetails

Boolean

true | false

True

findingsSummary

Boolean

true | false

True

hiddenFindings

Boolean

true | false

True

impactType

Array

critical | high | medium | low | warn | info | artifact | pass

All

policyCategories

Boolean

true | false

True

policyCategory

Array

 1 | 2 | 3 | pass

All

reportSummary

Boolean

true | false

True

screenshots

Boolean

true | false

True


Common Query Examples

The following are common and useful query examples for various calls available via Platform API to return more specific results to a PDF report.

Screenshots Only

This query quickly verifies if your app is authenticating by only returning the screenshots taken during the dynamic portion of the scan.

GET
curl -H "Authorization: Bearer $API_TOKEN" "https://api.nowsecure.com/report/assessment/ref/:assessmentID.pdf?findingDetails=false&findingsSummary=false" > :filepath/:filename.pdf


Policy Category 1 Only

This query returns the Policy Category 1 findings only to this report. By default, Category 1 includes all findings that have a CVSS score ranging from low - critical

GET
curl -H "Authorization: Bearer $API_TOKEN" "https://api.nowsecure.com/report/assessment/ref/:assessmentID.pdf?policyCategory[]=1" > :filepath/:filename.pdf


Summary Only

This query outputs the counts of each severity type. No other information is returned in this two page report.

GET
curl -H "Authorization: Bearer $API_TOKEN" "https://api.nowsecure.com/report/assessment/ref/:assessmentID.pdf?findingDetails=false&screenshots=false" > :filepath/:filename.pdf


Sample output of PDF Report (Summary Only):

summary.png


Passed Findings Only

This query only displays the tests your app successfully passed.

GET
curl -H "Authorization: Bearer $API_TOKEN" "https://api.nowsecure.com/report/assessment/ref/:assessmentID.pdf?impactType[]=pass&screenshots=false" > :filepath/:filename.pdf


Show Evidence for CVSS Findings

This query returns evidence tables for findings that have a CVSS score (critical, high, medium low). Note: Evidence tables are limited to 10 rows. The next example displays the full table.

GET
curl -H "Authorization: Bearer $API_TOKEN" "https://api.nowsecure.com/report/assessment/ref/:assessmentID.pdf?evidenceFormats[]=inline&impactType[]=critical&impactType[]=high&impactType[]=medium&impactType[]=low&screenshots=false" > :filepath/:filename.pdf


Show All Evidence

This query returns a .zip file containing all of an assessment's evidence in JSON format.

GET
curl -H "Authorization: Bearer $API_TOKEN" "https://api.nowsecure.com/report/assessment/:assessmentID/evidence/:filename.zip" > :filepath/:filename.zip

MASVS Report PDF

Generating a MASVS Report PDF can be done in two ways:

  1. Within the Apps landing page in the Platform UI.  Find your app in the table view of the Apps landing page > select the drop down menu caret in the Actions tab on the right panel > MASVS Report. From this view, you can select the Export button download.pngand customize the report details.

    To learn more about generating a MASVS PDF report on an assessment within the NowSecure Platform UI, see the Export and Download MASVS Report PDF article. 


  2. NowSecure API cURL command shown below.

This cURL command downloads a MASVS PDF report of an app assessment.

GET
curl -H "Authorization: Bearer $API_TOKEN" "https://api.nowsecure.com/report/assessment/ref/$assessmentID.pdf?report=masvs" > ~/Downloads/assessment.pdf

Self-Attestation Letter PDF

Generating a Self-Attestation Letter PDF can be done in two ways:

  1. Within the App Analysis of the Platform UI. Login to Platform > select the preferred app's assessment > App Analysis > select the download icon beside the App Analysis download.pngand choose Publish Self-Attestation Letter. Learn more about Save and Customize a PDF Report and Evidence File in Platform article.

  2. NowSecure API cURL command shown below

This cURL command downloads a Self-Attestation Letter PDF report of an app assessment.

GET
curl -H "Authorization: Bearer $API_TOKEN" https://api.nowsecure.com/report/certification/assessment/ref/$assessmentID.pdf > ~/Downloads/assessment.pdf

Comments

0 comments

Article is closed for comments.