The Platform API allows you to access assessment findings and behavior evidence from Risk Intelligence to integrate this data directly into your organization’s custom workflows. Use these endpoints and query fields to return helpful information about AI Usage, network connections with countries of concern, libraries and SDKs, and permissions.
Note: A Full repository of all Platform API endpoints for Risk Intelligence can be found on our OpenAPI Spec Swagger Hub.
You will first need a NowSecure API bearer token to authenticate and to locate the UUID or “AssessmentRef” of the desired Risk Intelligence app in Platform by navigating to Risk Intelligence and select the download button labeled Download Apps Data as JSON.
GET https://api.nowsecure.com/v2/intelligence/assessment/{assessmentRef}
curl -H 'Content-Type: application/json' -H "Authorization: Bearer ${API_TOKEN}" -X GET https://api.nowsecure.com/v2/risk-intelligence/assessment/{assessmentRef}{
"createdAt": "2026-06-03T20:27:55.257Z",
"findings": [
{
"checkId": "string",
"title": "string",
"shortDescription": "string",
"categories": [
"App Store Blocker"
],
"affected": true,
"cvssScore": 0,
"severity": "info",
"description": "string",
"businessImpact": "string",
"regulations": [
{
"label": "string",
"links": [
{
"title": "string",
"url": "string"
}
]
}
],
"analysisType": "dynamic"
}
],
"riskScore": 0,
"riskRating": "A",
"riskCategory": "LOW",
"riskRecommendation": "BLOCK",
"nowSecureRiskScore": 0,
"nowSecureRiskCategory": "LOW",
"nowSecureRiskRecommendation": "BLOCK",
"appInfo": {
"title": "My App",
"appstoreApplicationKey": "92837438",
"iconUrl": "string",
"icon": "string",
"platform": "ios",
"packageName": "string",
"buildVersion": "string",
"publisherName": "string",
"publisherUrl": "string",
"allGenres": [
"string"
],
"privacyPolicyUrl": "string",
"rank": 0,
"allRating": 0,
"allRatingCount": 0
},
"summaryInfo": {
"totalFindingsAffected": 0,
"totalFindingsChecked": 0
},
"categoryImpactBreakdown": {
"Artificial Intelligence": 100,
"Authentication": 100,
"Automation": 100,
"Code Quality": 100,
"Cryptography": 100,
"Endpoint": 100,
"Malware": 100,
"Networking": 100,
"Platform Interaction": 100,
"Privacy": 100,
"Resilience": 100,
"Storage": 100,
"Third Party Risk": 100
},
"networkConnections": {
"connections": [
{
"ip": "string",
"domain": "string",
"host": "string",
"isp": "string",
"city": "string",
"region": "string",
"country": "string",
"countryCode": "string",
"location": "string",
"isHighRisk": true
}
],
"countries": [
{
"country": "string",
"countryCode": "string",
"continent": "string",
"isHighRisk": true,
"cities": [
{
"city": "string",
"region": "string",
"country": "string",
"countryCode": "string",
"isHighRisk": true,
"totalConnections": 0
}
],
"totalConnections": 0
}
],
"summary": {
"totalConnections": 0,
"totalCountries": 0,
"totalCities": 0,
"highRiskConnections": 0,
"highRiskCountries": 0,
"hasHighRiskConnections": true
},
"categories": [
"App Store Blocker"
]
},
"permissions": {
"highRiskPermissions": [
{
"key": "android.permission.CAMERA",
"description": "string",
"reason": "string",
"type": [
"normal"
],
"isHighRisk": true
}
],
"allPermissions": [
{
"key": "android.permission.CAMERA",
"description": "string",
"reason": "string",
"type": [
"normal"
],
"isHighRisk": true
}
],
"summary": {
"totalPermissions": 0,
"highRiskPermissions": 0,
"hasHighRiskPermissions": true
},
"categories": [
"App Store Blocker"
]
},
"aiUsage": {
"onDevice": {
"affected": true,
"shortDescription": "string",
"evidenceCount": 0,
"evidence": [
{
"type": "string",
"value": "string"
}
],
"categories": [
"App Store Blocker"
]
},
"cloudBased": {
"affected": true,
"shortDescription": "string",
"evidenceCount": 0,
"evidence": [
{
"type": "string",
"value": "string"
}
],
"categories": [
"App Store Blocker"
]
}
},
"trackingDomains": {
"description": "string",
"domains": [
{
"hostname": "string",
"scopeTypes": [
"string"
],
"trackerListSources": [
"string"
]
}
],
"categories": [
"App Store Blocker"
]
},
"librariesAndSdks": {
"components": [
{
"name": "string",
"source": "string",
"version": "string",
"latestVersion": "string",
"license": "string",
"cveCount": 0,
"highestCvssScore": 0
}
],
"summary": {
"totalComponents": 0,
"componentsWithCves": 0
},
"categories": [
"App Store Blocker"
],
"description": "string",
"businessImpact": "string"
},
"iosMetadata": {
"appClips": {
"available": true,
"totalAppClips": 0,
"domains": [
{
"value": "string",
"domain": "string",
"mode": "string"
}
]
},
"entitlements": {
"items": [
{
"key": "com.apple.developer.associated-domains",
"value": "string"
}
],
"totalEntitlements": 0
},
"categories": [
"App Store Blocker"
]
}
}Query Fields
The "Expand" fields are comma-separated optional fields to include in the response.
| Field | Description |
| expand=appInfo | Includes appInfo object in the response. |
| expand=networkConnections | Includes network connection data from dynamic analysis (IPs, countries, cities, high-risk indicators) in the response. |
| expand=aiUsage | Includes AI usage detection data in the response. |
| expand=librariesAndSdks | Includes libraries and SDK data in the response. |
| expand=permissions | Includes the app’s permissions data in the response. |
| expand=trackingDomains | Includes the tracking domains found in the app in the response. |
| expand=iosMetadata | Whether the iOS metadata object is included in the response (App Clips). |
| assessmentRef | The UUID of the Risk Intelligence assessment. |
Response Fields
Field |
Description |
checkId |
The ID of the finding. |
title |
The title of the finding. |
shortDescription |
The short description of the finding. |
categories |
The categories the finding belongs to. |
affected |
The affected state of the finding. |
findings |
The findings discovered during this assessment. |
riskScore |
The risk score for this assessment. |
riskRating |
The risk rating for this assessment. |
appInfo.title |
The title of the app associated with this assessment. |
appInfo.appstoreApplicationKey |
The appstore application key of the app associated with this assessment. |
appInfo.iconUrl |
The URL of the icon for the app associated with this assessment. |
appInfo.icon |
The icon for the app associated with this assessment in Base64 format. |
appInfo.platform |
The platform type of the app associated with this assessment. |
appInfo.buildVersion |
The build version of the app associated with this assessment. |
summaryInfo.totalFindingsAffected |
The amount of affected findings for this assessment. |
summaryInfo.totalFindingsChecked |
The amount of findings checked for this assessment. |
ip |
The IP address of the network connection. |
domain |
The domain of the network connection. |
host |
The host of the network connection. |
isp |
The ISP of the network connection. |
city |
The city where the connection was made. |
region |
The region/state where the connection was made. |
country |
The country name where the connection was made. |
countryCode |
The ISO alpha-2 country code. |
location |
Formatted location string (City, Region, Country). |
isHighRisk |
Whether this connection is to a foreign adversary country. |
country |
The country name. |
countryCode |
The ISO alpha-2 country code. |
continent |
The continent of the country. |
isHighRisk |
Whether this is a foreign adversary country. |
cities |
Cities with connections in this country. |
totalConnections |
Total number of connections to this country. |
city |
The city name. |
region |
The region/state name. |
country |
The country name. |
countryCode |
The ISO alpha-2 country code. |
isHighRisk |
Whether this city is in a foreign adversary country. |
totalConnections |
Number of connections to this city. |
totalConnections |
Total number of network connections. |
totalCountries |
Total number of unique countries. |
totalCities |
Total number of unique cities. |
highRiskConnections |
Number of connections to foreign adversary countries. |
highRiskCountries |
Number of unique foreign adversary countries. |
hasHighRiskConnections |
Whether any connections are to foreign adversary countries. |
aiUsage.onDevice |
On-device AI finding. |
aiUsage.cloudBased |
Cloud-based AI finding. |
librariesAndSdks.components |
Libraries and SDKs sorted by highest CVSS score, CVE count, name. |
librariesAndSdks.summary |
Summary statistics. |
permissions.highRiskPermissions |
List of dangerous or sensitive permissions. |
permissions.allPermissions |
List of all permissions requested by the app. |
permissions.summary |
Summary statistics. |
trackingDomains.description |
Description of the tracking domains check. |
trackingDomains.domains |
List of tracking domains. |
iosMetadata.appClips.available |
Whether the application includes an associated App Clip. |
iosMetadata.appClips.totalAppClips |
The number of unique App Clip domains declared by the application. |
iosMetadata.appClips.domains |
The App Clip domains declared by the application, deduplicated by raw value. |
iosMetadata.appClips.domains[].value |
The full raw associated-domain entitlement value, e.g. appclips:example.com?mode=developer. |
iosMetadata.appClips.domains[].domain |
The domain or subdomain declared for the App Clip, e.g. example.com. |
iosMetadata.appClips.domains[].mode |
The associated-domain operating mode. One of developer, managed, or developer+managed. null if no mode is declared. |
iosMetadata.entitlements.totalEntitlements |
The total number of unique entitlement keys captured from the application's binary. |
iosMetadata.entitlements.items |
The list of iOS entitlements captured during static analysis, deduplicated by key. |
iosMetadata.entitlements.items[].key |
The entitlement key, e.g. aps-environment, com.apple.developer.associated-domains. |
iosMetadata.entitlements.items[].value |
The string-serialized value of the entitlement. Array values are joined with , . null if the entitlement has no extractable scalar value. |
iosMetadata.categories |
The risk categories from the underlying iOS metadata findings, e.g. Platform Interaction. |
Comments
Article is closed for comments.