HTTP Post and Error Queries

Introduction
HTTP Post
Error Query

Introduction

NowSecure utilizes the Apollo Sandbox that provides an environment to perform GraphQL API queries and mutations on completed assessments, organization details, applications, and much more in NowSecure Platform to obtain detailed results.

Please see our Apollo Sandbox Overview article for more information.

Note: The base URL of our Graph API has been changed to api.nowsecure.com. All requests to lab-api.nowsecure.com/graphql will be forwarded here.

HTTP Post

Interacting with NowSecure GraphQL API from code, e.g. through curl or via HTTP client library, is as simple as an HTTP POST with the relevant GraphQL query.

Below is a query to list NowSecure’s Findings, resolving just the Finding id and title for each:

The results will come back as a JSON with a data key. The values will be structured as requested (with results formatted and elided for clarity):

POST
query {
    findings {
      list {
        id
        title
      }
    }
}
curl \
  -X POST \
  -H "Authorization: Bearer ${AUTH_TOKEN}" \
  -H "Content-Type: application/json" \
  --data '{ "query": "{ findings { list { id title } } }" }' \
  https://api.nowsecure.com/graphql

 

Expected response in Apollo Sandbox:

GraphResponse.png

Note: As described in the field documentation, the Finding id is a case and space normalized version of the legacy Finding id used by the legacy Lab Auto API. You may also resolve the unnormalized key for each finding within the legacyFindingKey field. If you have existing logic depending on identifying individual findings, use this legacyFindingKey .

Error Query

If the query issued contains one or more errors, these will be listed in a top level errors array in the response. For example, this query and response:

POST
query {
    findings {
      list {
        id
        title
        nonExistentField
      }
    }
}

The same is true if your GraphQL query includes invalid syntax.


Note the response for a lack of closing } :

POST
curl \
  -X POST \
  -H "Authorization: Bearer ${AUTH_TOKEN}" \
  -H "Content-Type: application/json" \
  --data '{ "query": "{ findings { list { id title"' \
  https://api.nowsecure.com/graphql

Comments

0 comments

Article is closed for comments.