How Can We Help you?

How Can We Help you?

  1. Home
  2. Knowledge Base
  3. External API
  4. Integrate via Autobahn External API

Integrate via Autobahn External API

This guide provides instructions and best practices for integrating with the Autobahn External API.

The API documentation can be found under this link.

1. Authentication

To access any data, you must first authenticate to obtain a JWT access token.

Prerequisites

You need the following credentials (provided by our Customer Success team):

  • externalApiUserId (UUID)
  • secretKey (String)

Note: The externalApiUserId is unique to your specific user account, not the entire organization. This allows actions (like assigning issues) to be correctly attributed to you. Additionally, the standard user permissions (RBAC) configured for your account will apply to all API actions performed with this token.

How to Authenticate

(1) Endpoint: POST /api/external/auth/token

(2) Request Body:

{
“externalApiUserId”: “your-user-uuid”,
“secretKey”: “your-secret-key”
}

(3) Response: You will receive a JSON response containing a token.

{
“data”: {
“token”: “eyJhbGciOiJIUzI1Ni…”
}
}

(4) Using the Token: Include this token in the Authorization header of all subsequent requests.

Authorization: Bearer <your_token>

Note: Tokens are valid for 12 hours.

2. Available Scopes

The API is organized into several specific scopes. Your token grants access based on your user permissions.

  • Assets: Retrieve asset inventory, detailed port information, and asset tags.
  • Issues: Access vulnerability findings, severity details, and issue status.
  • Scans: Get scan configurations, history, and status updates.
  • Teams: Manage team members and invitations.

3. Query & Filtering Capabilities

The API uses a powerful JSON-based query language. However, capabilities differ between endpoints.

General Query Structure

The API uses a powerful JSON-based query language. However, capabilities differ between endpoints. Please refer to the API documentation for detailed information on the specific filtering capabilities, operators, and fields supported by each endpoint.

Example 1: Get High Severity Issues (Issues Scope)

Note: The Issues endpoint uses the dateRange operator for time, not timeDimensions.

POST https://app.autobahn-security.com/api/external/issues

{
“dimensions”: [“title”, “severity”, “status”, “assetName”],
“filters”: [
{
“member”: “severity”,
“operator”: “equals”,
“values”: [“4”, “5"]
},
{
“member”: “status”,
“operator”: “equals”,
“values”: [“ACTIVE”]
},
{
“member”: “firstDetectedAt”,
“operator”: “dateRange”,
“values”: [“2024-01-01T00:00:00.000Z”, “2024-12-31T23:59:59.999Z”]
}
],
“limit”: 50
}

Example 2: Get Recent Scans (Scans Scope)

Note: The Scans endpoint supports timeDimensions.

POST https://app.autobahn-security.com/api/external/scans

{
“dimensions”: [“scanName”, “scanStatus”, “assetCount”],
“timeDimensions”: [
{
“dimension”: “createdAt”,
“dateRange”: [“2024-11-01T00:00:00.000Z”, “2024-11-30T23:59:59.999Z”]
}
],
“filters”: [
{
“member”: “scanName”,
“operator”: “contains”,
“values”: [“Weekly”]
}
]
}