GraphQL API Playground QuickStart Guide

Introduction
Prerequisites
Queries

Introduction

The GraphQL API Playground allows the user to perform queries on assessments run in the NowSecure Platform and obtain detailed results. This tool is a great way to test your queries prior to combining them in a script.

Prerequisites

You will first need a token for authentication. See the Creating an API Bearer Token article for more detailed instructions.

Within NowSecure Platform, select your Profile in the upper right > Tokens. Select Generate Token  Below examples uses token titled "GraphQL".

2.png

3.png

Note: This token is presented one time, so copy it and keep it safe. You can revoke it and create another, if needed. 

Once your token has been copied, navigate to the NowSecure GraphQL Playground. to the HTTP Headers section. Configure your access by typing the following:

{"Authorization": "Bearer"}

HTTP.png


Queries

Now that you have configured your authorization token you can start performing queries to gather the information of your choice. The main query writing section will attempt to auto-complete as much as possible of the query you are currently writing. The SCHEMA tab on the right side of the Playground will explain the parameters associated with each query performed.

For example, when attempting to query for all findings, searching for the word findings under SCHEMA provides useful information about the different parameters that can be queried for each finding:

Following the screenshot above, a query that displays all findings can be created. Each level under FindingsQuery represents a new category with different variables that can be accessed.

For example, to access the findings details (id, title, category, etc.) refer to the FindingQuery panel in the screenshot above. The query must first access findings and then a list (the middle panel on the screenshot above) of attributes that can be created.

The following query shows ALL findings including id, name and description. (Note that the cURL command corresponding to each query can be generated by selecting COPY CURL):

Accessing All Previous Assessment Data

The GraphQL API Playground displays data from any of the assessments previously performed by the Platform user.

Below is a query that shows the application data of ALL previous assessments such as package name, platformType, along with assessments data such as createdAt and ref (a unique identifier).

query allAppScores {
  auto {
    applications {
      platformType
      packageKey
      group {
        ref
        name
      }
      assessments {
        score
        ref
        taskId
        createdAt
        build {
          digest
          version
          uploadedAt
        }
        report {
          findings {
            impactType
            check {
              issue {
                title
                description
                cvss
                cvssVector
              }
            }
          }
        }
      }
    }
  }
}

Accessing The Latest Report for a Specific Application

To access the latest report for a specific application, use the following commands (either the cURL command or the query). Add either | jq '.' or | json_pp at the end of a cURL command to output the result of the query in easy to read .json format:

First, obtain the ref for the Platform group you have apps in. Obtain the different groupRefs in your Platform account and select the one containing your application of choice:

GET

curl 'https://api.nowsecure.com/graphql' -H 'Accept-Encoding: gzip, deflate, br' -H 'Content-Type: application/json' -H 'Accept: application/json' -H 'Connection: keep-alive' -H 'DNT: 1' -H 'Origin: https://api.nowsecure.com' -H 'Authorization: Bearer {Your_Token_Here}' --data-binary '{"query":"# Write your query or mutation her\n query {\n\tmy{\n    groups{\n      ref\n      id\n      active\n      name\n    }\n  }\n}"}' --compressed

Using the groupRef obtained in the previous step, obtain the applications in your selected group:

GET
curl 'https://api.nowsecure.com/graphql' -H 'Accept-Encoding: gzip, deflate, br' -H 'Content-Type: application/json' -H 'Accept: application/json' -H 'Connection: keep-alive' -H 'DNT: 1' -H 'Origin: https://api.nowsecure.com' -H 'Authorization: Bearer {Your_Token_Here}' --data-binary '{"query":"query {\n\tauto {\n    applications(groupRefs: \"GROUPREF\") {\n    \tpackageKey\n      ref\n    }\n  }\n}"}' --compressed

Search the previously generated list for the ref UUID of the application that you want to obtain the latest assessment for. Use that ref UUID to execute the following command and obtain the latest assessment for the chosen application:

GET
curl 'https://api.nowsecure.com/graphql' -H 'Accept-Encoding: gzip, deflate, br' -H 'Content-Type: application/json' -H 'Accept: application/json' -H 'Connection: keep-alive' -H 'DNT: 1' -H 'Origin: https://api.nowsecure.com' -H 'Authorization: Bearer {YOUR TOKEN HERE}' --data-binary '{"query":"query {\n    auto {\n      applications(refs:\"2603a902-85de-11e8-b865-1f761cc39491\"){\n        packageKey\n        latestCompleteAssessment{\n          ref\n          platformType\n          createdAt\n          title\n          packageKey\n\t    report{\n            findings{\n              cvss\n              check{\n                title\n                id\n                issue{\n                  category\n                  cvssVector\n                }\n              }\n            }\n          }\n        }\n      }\n    }\n}"}' --compressed
Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.