Introduction
HTTP Post
Error Query
Introduction
NowSecure utilizes the Apollo Sandbox that provides an environment to perform GraphQL API queries and mutations on completed assessments, organization details, applications, and much more in NowSecure Platform to obtain detailed results.
Please see our Apollo Sandbox Overview article for more information.
Note: The base URL of our Graph API has been changed to api.nowsecure.com. All requests to lab-api.nowsecure.com/graphql will be forwarded here.
HTTP Post
Interacting with NowSecure GraphQL API from code, e.g. through curl or via HTTP client library, is as simple as an HTTP POST with the relevant GraphQL query.
Below is a query to list NowSecure’s Findings, resolving just the Finding id
and title
for each:
The results will come back as a JSON with a data
key. The values will be structured as requested (with results formatted and elided for clarity):
query {
findings {
list {
id
title
}
}
}
curl \
-X POST \
-H "Authorization: Bearer ${AUTH_TOKEN}" \
-H "Content-Type: application/json" \
--data '{ "query": "{ findings { list { id title } } }" }' \
https://api.nowsecure.com/graphql
{
"data": {
"findings": {
"list": [
{
"id": "asl",
"title": "System Log Messages (ASL)"
},
{
"id": "oslog",
"title": "System Log Messages (OSLog)"
},
{
"id": "geoip",
"title": "Network Connections"
},
{
"id": "snoop_network_hosts",
"title": "Network Connections"
},
// ...
]
}
}
}
Expected response in Apollo Sandbox:
Note: As described in the field documentation, the Finding id
is a case and space normalized version of the legacy Finding id
used by the legacy Lab Auto API. You may also resolve the unnormalized key for each finding within the legacyFindingKey
field. If you have existing logic depending on identifying individual findings, use this legacyFindingKey
.
Error Query
If the query issued contains one or more errors, these will be listed in a top level errors
array in the response. For example, this query and response:
query {
findings {
list {
id
title
nonExistentField
}
}
}
curl \
-X POST \
-H "Authorization: Bearer ${AUTH_TOKEN}" \
-H "Content-Type: application/json" \
--data '{ "query": "{ findings { list { id title nonExistentField } } }" }' \
https://api.nowsecure.com/graphql
{
"errors": [
{
"message": "Cannot query field \"nonExistentField\" on type \"FindingCheck\"."
// ...
}
]
}
The same is true if your GraphQL query includes invalid syntax.
Note the response for a lack of closing } :
curl \
-X POST \
-H "Authorization: Bearer ${AUTH_TOKEN}" \
-H "Content-Type: application/json" \
--data '{ "query": "{ findings { list { id title"' \
https://api.nowsecure.com/graphql
{"error":true,"code":"UNKNOWN_ERROR_CODE","message":"Unexpected end of JSON input"}%
Comments
Article is closed for comments.