API Endpoint Vulnerabilities

List all API Endpoint Vulnerabilities

List ApiEndpointVulnerabilityConnectors resources for the given application.

** Headers **

Authorization: Bearer <access_token>

** Scopes **

connectors.self:read-resource

GET

resources

api_endpoint_vulnerability_connectors

List all API Endpoint Vulnerabilities

curl --request GET \
  --url https://api.vanta.com/v1/resources/api_endpoint_vulnerability_connectors \
  --header 'Authorization: Bearer <token>'

{
  "resources": [
    {
      "displayName": "<string>",
      "uniqueId": "<string>",
      "externalUrl": "<string>",
      "occurrences": [
        {
          "description": "<string>",
          "fromUrl": "<string>",
          "queryParams": [
            {
              "key": "<string>",
              "value": "<string>"
            }
          ],
          "headers": [
            {
              "key": "<string>",
              "value": "<string>"
            }
          ],
          "body": "<string>"
        }
      ],
      "severity": 123,
      "vulnerableComponentUniqueId": "<string>",
      "description": "<string>",
      "remediationInstructions": "<string>",
      "url": "<string>",
      "httpMethod": "<string>",
      "cveId": "<string>",
      "cvss3Vector": "<string>",
      "cvss3Score": 123
    }
  ]
}

Authorizations

Authorization

string

header

required

The access token received from the authorization server in the OAuth 2.0 flow.

Query Parameters

resourceId

string

required

Vanta generated identifier for the given resource, and can be found on the developer console page. See the list of registered resources and their IDs on https://app.vanta.com/settings/developer-console/<app_id>?tab=resources

Response

200 - application/json

List of resources.

resources

object[]

Show child attributes

Sync all API Endpoint VulnerabilitiesTo send us data related to API endpoint vulnerabilities. Note that you must first sync `VulnerableComponent` resources before sending us this data, and this sync should reference the `uniqueId` field in the `VulnerableComponent` resource. This call replaces ALL existing `ApiEndpointVulnerabilityConnectors` resources for the given app and `source_id` - this is a "state of the world" sync. In other words, if a `ApiEndpointVulnerabilityConnectors` resource is sent for a user in a previous `sync_all` call, but is not included in a later `sync_all` call for that customer, it is assumed to no longer exist and is deleted in Vanta. ** Headers ** ``` Authorization: Bearer <access_token> ``` ** Scopes ** ``` connectors.self:write-resource ``` ** Schema ** Expand the `resources` array below for the schema of `ApiEndpointVulnerabilityConnectors`.

⌘I

List all API Endpoint Vulnerabilities

curl --request GET \
  --url https://api.vanta.com/v1/resources/api_endpoint_vulnerability_connectors \
  --header 'Authorization: Bearer <token>'

{
  "resources": [
    {
      "displayName": "<string>",
      "uniqueId": "<string>",
      "externalUrl": "<string>",
      "occurrences": [
        {
          "description": "<string>",
          "fromUrl": "<string>",
          "queryParams": [
            {
              "key": "<string>",
              "value": "<string>"
            }
          ],
          "headers": [
            {
              "key": "<string>",
              "value": "<string>"
            }
          ],
          "body": "<string>"
        }
      ],
      "severity": 123,
      "vulnerableComponentUniqueId": "<string>",
      "description": "<string>",
      "remediationInstructions": "<string>",
      "url": "<string>",
      "httpMethod": "<string>",
      "cveId": "<string>",
      "cvss3Vector": "<string>",
      "cvss3Score": 123
    }
  ]
}