Cras ultricies mi eu turpis sit hendrerit fringilla vestibulum ante ipsum primis in faucibus ultrices posuere cubilia.
Entersoft provides customers a JSON based HTTP API that can be used for public and private infrastructures.
These can be accessed via HTTP method and does not require any kind of authentication token in the request headers.
Users should authenticate using the login endpoint and pass the obtained token in the “Authorization” in order to access these endpoints.
Find the below endpoints which will have details of the below.
POST /signup
This endpoint is used to register a new user. After a user successfully enters signup details and submits, the user receives a confirmation link to the registered email.
| Name | Type | Description |
|---|---|---|
| string |
This will be the “username” while logging in and should be in a valid format. Example: test@gmail.com |
|
| password | string |
Should be a combination of alphanumeric and min 8 characters should be provided Example: Sample@1234 |
| password_confirmation | string | Confirm password should be the same as the above (Password) value. |
| mobile | integer | This should be a valid mobile number |
| terms_of_service | boolean | true (or) false |
| first_name | string | User's first name should be entered here. |
| last_name | string | User's last name should be entered here. |
Note: This is an unauthenticated call.
GET /user/confirmation/{Email Verification Token Should Be Passed Here}
This endpoint is to confirm the registered user. Without confirming the account, the user cannot access his/her account.
| Name | Type | Description |
|---|---|---|
| email_confirmation_token | string (Resource path) | To confirm the registered user’s account, pass the email verification token to the above endpoint. |
Note: This is an unauthenticated call.
POST /user/resend_confirmation
In case the registered user does not receive the email confirmation token, he/she can make a request to “resend_confirmation” endpoint to receive the email confirmation token.
| Name | Type | Description |
|---|---|---|
| string | Only a registered user email should be passed here. |
Note: This is an unauthenticated call.
This feature is not implemented yet.
/verify_mobile
This feature is not implemented yet.
/resend_otp
/user/reset_password
By making a request to this endpoint, the user will receive a reset password link to his/her registered email.
| Name | Type | Description |
|---|---|---|
| string | Only a registered user email should be passed here.. |
Note: This is an unauthenticated call.
PATCH /user/update_password/{Reset Password Token Should Be Passed Here}
Enter the received reset password token as input to this endpoint to update the password.
| Name | Type | Description |
|---|---|---|
| password | string |
Should be a combination of alphanumeric and min 8 characters should be provided. Example: Sample@1234 |
| password_confirmation | string | Confirm password should be the same as the above (Password) value. |
Note: This is an unauthenticated call.
POST /login
After a successful registration. Users should enter valid user email and password to obtain the authentication token and are used for accessing further operations.
| Name | Type | Description |
|---|---|---|
| string | Registered email address should be passed here. | |
| password_confirmation | string | Provide a valid password. |
Note: This is an unauthenticated call.
GET /user/details
Retrieves users details like “email, first_name, last_name, etc..”
| Name | Type | Description |
|---|---|---|
| Authorization | string | This parameter should be passed in the “headers”. Obtain the token after a successful signin and pass that token as a value to the authorization header. |
Note: This is an authenticated call.
PATCH /user/update
Access this endpoint to update users details.
| Name | Type | Description |
|---|---|---|
| first_name | string | User's first name |
| last_name | string | User's last name |
| password | string |
Should be a combination of alphanumeric and min 8 characters should be provided. Example: Sample@1234 |
| password_confirmation | string | Confirm password should be the same as the above (Password) value. |
| designation | string | User's designation should be entered here. |
| company | string | User's company name should be entered here. |
| mobile | integer | Valid mobile number should be entered here. |
Note: This is an authenticated call.
GET /api_profiles
This endpoint will display the list of API profiles created by a particular user. Each profile will have a unique “pkey”.
| Name | Type | Description |
|---|---|---|
| Authorization | string | This parameter should be passed in the “headers”. Obtain the token after a successful signin and pass that token as a value to the authorization header. |
Note: This is an authenticated call.
GET /api_profile/{Profile_ID}
This endpoint will be used to fetch a single profile details of a particular user by providing a unique “pkey”.
| Name | Type | Description |
|---|---|---|
| Authorization | string | This parameter should be passed in the “headers”. Obtain the token after a successful signin and pass that token as a value to the authorization header. |
| Profile_ID | string (query parameter) | This is a unique id generated after creating a profile. |
Note: This is an authenticated call.
POST /api_profile/create
Create a scan profile
| Name | Type | Description |
|---|---|---|
| title | string | This will be the title of the API profile. |
| host | string |
Scope domain should be entered here. Example: https://testsite.com http://testsite.com |
| industry | string |
Industry value should either be any one of the below. Parameters: FINTECH, TRANSPORT, FINANCIAL SERVICES/BANKING, COMPUTER SOFTWARE, INVESTMENT MANAGEMENT, HUMAN RESOURCES, ENTERTAINMENT, IT & SERVICES, INTERNET, EDUCATION MANAGEMENT, E- LEARNING, AVIATION & AEROSPACE, TRAINING AND COACHING, INFRASTRUCTURE/ CONSTRUCTION, INDIAN GOVERNMENT, AUSTRALIAN GOVERNMENT, ELECTRICAL/ ELECTRONIC MANUFACTURING, MANAGEMENT CONSULTING, UTILITIES, LAW PRACTICE |
| base_path | string | /api (or) /API |
Note: This is an authenticated call.
PATCH /api_profile/update
Users can update his/her API Profile in case any modifications needed.
| Name | Type | Description |
|---|---|---|
| title | string | This will be the title of the API profile. |
| host | string |
Scope domain should be entered here. Example: https://testsite.com http://testsite.com |
| industry | string |
Industry value should either be any one of the below. Parameters: FINTECH, TRANSPORT, FINANCIAL SERVICES/BANKING, COMPUTER SOFTWARE, INVESTMENT MANAGEMENT, HUMAN RESOURCES, ENTERTAINMENT, IT & SERVICES, INTERNET, EDUCATION MANAGEMENT, E- LEARNING, AVIATION & AEROSPACE, TRAINING AND COACHING, INFRASTRUCTURE/ CONSTRUCTION, INDIAN GOVERNMENT, AUSTRALIAN GOVERNMENT, ELECTRICAL/ ELECTRONIC MANUFACTURING, MANAGEMENT CONSULTING, UTILITIES, LAW PRACTICE |
| base_path | string | /api (or) /API |
| pkey | string | This is the profile key, this can be obtained at the time of creating a profile. |
Note: This is an authenticated call.
DELETE /api_profile/delete
Users can delete the his/her previously created profile. (Only authorized profiles can be deleted)
| Name | Type | Description |
|---|---|---|
| pkey | string | This is the profile key, this can be obtained at the time of creating a profile. |
Note: This is an authenticated call.
POST /api_definition/create
He/She can create an API definition by importing a list of API’s by providing .JSON, etc.. files as an input to this create api definition endpoint.
| Name | Type | Description |
|---|---|---|
| apifile | file | Users should provide .JSON file as an input to this parameter. (Our scanner will automatically fetch all the endpoints present in the .JSON file) |
| pkey | string | This is the profile key, this can be obtained at the time of creating a profile. |
Note: This is an authenticated call.
POST /roles_create
If the client has a number of roles in their API’s he/she can use this endpoint to create multiple roles.
Note: This should be done carefully., Based on this our scanner will check for unauthorized access to the resources. Any mistake in defining these will affect the end results.
Just for reference we are showing how to create two roles (admin and user). If your application has more different roles, kindly mention those in a valid format.
| Name | Type | Description |
|---|---|---|
| pkey | string | This is the profile key, this can be obtained at the time of creating a profile. |
| roles | string | [{"name": "admin", "login_endpoint": "/login", "parameters": [{"username": "admin","password": "admin"}]},{"name": "user","login_endpoint": "/login", "parameters": [{"username": "user","password": "user"}]}] |
Note: This is an authenticated call.
POST /roles
After creating roles using view roles endpoint he/she can view the roles that have been created.
| Name | Type | Description |
|---|---|---|
| pkey | string | This is the profile key, this can be obtained at the time of creating a profile. |
Note: This is an authenticated call.
PATCH /roles_update
If any changes required in the roles that are created. He/she can use update roles endpoint to update/modify the role details.
Here “rkey” is the role key. If you don't have the role key, he/she can make a request to the view role's endpoint and get the role key.
| Name | Type | Description |
|---|---|---|
| pkey | string | This is the profile key, this can be obtained at the time of creating a profile. |
| roles | string | [{"rkey":"c94122aee69832", "name": "admin"},{"name": "user","login_endpoint": "login", "parameters": [{"username": "user","password": "user"}]}] |
Note: This is an authenticated call.
DELETE /roles_delete
He/she can use this endpoint to delete a role or multiple roles that have been created previously.
| Name | Type | Description |
|---|---|---|
| pkey | string | This is the profile key, this can be obtained at the time of creating a profile. |
| roles | string | [{"rkey":"c94122deb69752"},{"rkey": "aa3h7720d7048k"}] |
Note: This is an authenticated call.
POST /api_resources/create
Users can create API resources using this endpoint. If the user has an “n” number of API endpoints. He/she can enter them in the below mentioned format.
| Name | Type | Description |
|---|---|---|
| pkey | string | This is the profile key, this can be obtained at the time of creating a profile. |
| roles | string | [{"resource_name":"test", "api_method":"POST","api_url":"/test_url","body":{}},{"resource_ name":"test2", "api_method":"GET","api_url":"/test_url2"}] |
Note: This is an authenticated call.
POST /api_resources
Users can view the api resources that have been created.
| Name | Type | Description |
|---|---|---|
| pkey | string | This is the profile key, this can be obtained at the time of creating a profile. |
Note: This is an authenticated call.
PATCH /api_resources/update
Users are able to update a particular resource by providing the Profile Key, Role Key (this should be part of that particular profile), Resource Key (Key of that particular resource).
| Name | Type | Description |
|---|---|---|
| pkey | string | This is the profile key, this can be obtained at the time of creating a profile. |
| resources | string | [{"resource_name":"test_update","api_method":"POST","api_url ":"/test_url","body":{}, "roles": ["3be69d713eec25"], "resource_key": "50050e83823f61"},{"resource_name":"test2", "api_method":"GET","api_url":"/test_url2", "roles": ["3ae19d713eef25"],"resource_key": "4494bd0g378f4a"}] |
Note: This is an authenticated call.
DELETE /api_resources/delete
Users can delete the resources using this endpoint.
| Name | Type | Description |
|---|---|---|
| pkey | string | This is the profile key, this can be obtained at the time of creating a profile. |
| resources | string | [{"resource_key": "e04458c52f7cbe"}] |
Note: This is an authenticated call.
POST /header_create
Users can create the request header using this endpoint.
| Name | Type | Description |
|---|---|---|
| pkey | string | This is the profile key, this can be obtained at the time of creating a profile. |
| headers | string | [{"header_key":"Content-Type", "header_value": "application/json"}] |
Note: This is an authenticated call.
POST /header_view
Users can view the headers created for a particular profile.
| Name | Type | Description |
|---|---|---|
| pkey | string | This is the profile key, this can be obtained at the time of creating a profile. |
Note: This is an authenticated call.
PATCH /header_update
This endpoint is used to update the headers that are created using a unique header key of a particular profile.
| Name | Type | Description |
|---|---|---|
| pkey | string | This is the profile key, this can be obtained at the time of creating a profile. |
| headers | string | [{ "hkey": "07ddbg4ad96402","header_value": "val"}] |
Note: This is an authenticated call.
PATCH /header_update
This endpoint is used to Delete a header of a particular profile.
| Name | Type | Description |
|---|---|---|
| pkey | string | This is the profile key, this can be obtained at the time of creating a profile. |
| headers | string | [{ "hkey": "919e579ffc6b85"}] |
Note: This is an authenticated call.
POST /authentication_create
Users have to define the “Authentication header” used for their API’s in the “auth_key” value.
Note: If the endpoints are unauthenticated calls then there is no need of adding this header.
| Name | Type | Description |
|---|---|---|
| auth_key | string | Authorization, Auth, Token…. etc |
| auth_value | string |
Sample value of the authorization header. Example: eyJhbGciOiJhUzI1NiIsInR5cGUiOiJKV1QifQ.eyJpZCI6IjgwZjMxNzY1 YWE2YzY2MSIsImV4cCI6MTU4OTQ4OTM4OCwiau5pdGlhdGVkIjo xNTg5NDc0OTg4fQ.vt3p3DX0kFqXZ9OF7OvqWu920KTpVYIRYLtAi OA0ZVA |
| pkey | string | This is the profile key, this can be obtained at the time of creating a profile. |
| auth_key_position | string |
This value can be either any one of the below. Header (or) Body (or) Url |
Note: This is an authenticated call.
POST /authentication_view
Users can view the authorization header created for a particular profile.
| Name | Type | Description |
|---|---|---|
| pkey | string | This is the profile key, this can be obtained at the time of creating a profile. |
Note: This is an authenticated call.
PATCH /authentication_update
Users can update the authorization header using this endpoint.
Note: If the endpoints are unauthenticated calls then there is no need of adding this header.
| Name | Type | Description |
|---|---|---|
| pkey | string | This is the profile key, this can be obtained at the time of creating a profile. |
| auth_key | string | Authorization, Auth, Token…. etc |
| auth_value | string |
Sample value of the authorization header. Example: eyJhbGciOiJhUzI1NiIsInR5cGUiOiJKV1QifQ.eyJpZCI6IjgwZjMxNzY1 YWE2YzY2MSIsImV4cCI6MTU4OTQ4OTM4OCwiau5pdGlhdGVkIjo xNTg5NDc0OTg4fQ.vt3p3DX0kFqXZ9OF7OvqWu920KTpVYIRYLtAi OA0ZVA |
| auth_key_position | string |
This value can be either any one of the below. Header (or) Body (or) Url |
Note: This is an authenticated call.
POST /api_profile/confirmation_file_download
Users can download the confirmation file using this endpoint.
| Name | Type | Description |
|---|---|---|
| pkey | string | This is the profile key, this can be obtained at the time of creating a profile. |
Note: This is an authenticated call.
POST /api_profile/ownership_confirmation
Users can confirm ownership using this endpoint.
| Name | Type | Description |
|---|---|---|
| pkey | string | This is the profile key, this can be obtained at the time of creating a profile. |
Note: This is an authenticated call.
GET /api_profile/ownership_status/975b1779dd0980
Users can check the ownership status of a profile.
| Name | Type | Description |
|---|---|---|
| pkey(Resource Parameter) | string | This is the profile key, this can be obtained at the time of creating a profile. |
Note: This is an authenticated call.
POST /start_scan
Use this endpoint to start/initiate a scan on the profile that the users have created.
| Name | Type | Description |
|---|---|---|
| pkey | string | This is the profile key, this can be obtained at the time of creating a profile. |
Note: This is an authenticated call.
POST /scan_status
Users can check the status of their scan status by providing the scan key to the request.
| Name | Type | Description |
|---|---|---|
| skey | string | This is the scan key, this can be obtained at the time of scanning a profile. |
Note: This is an authenticated call.
POST /scan_results
Users can view the results of the scans that are performed by simply providing the scan key as an input to this request.
| Name | Type | Description |
|---|---|---|
| skey | string | This is the scan key, this can be obtained at the time of scanning a profile. |
Note: This is an authenticated call.
POST /schedule_scan
Users can also Schedule scans according to their priority. Such that the scans can be initiated automatically at a particular time.
| Name | Type | Description |
|---|---|---|
| pkey | string | This is the profile key, this can be obtained at the time of creating a profile. |
| scan_mode | string |
This can be any one of the below values. Daily/Weekly/Monthly |
| scan_time | time |
Users should mention this value in the following pattern hh:mm Example: 05:30creating a profile. |
Note: This is an authenticated call.
POST /scans
Users can view the number of scans that are performed on a simple profile.
| Name | Type | Description |
|---|---|---|
| pkey | string | This is the scan key, this can be obtained at the time of scanning a profile. |
Note: This is an authenticated call.
Delete /logout
Users can use this endpoint to perform logout operations.
Note: This is an authenticated call.
Cras ultricies mi eu turpis sit hendrerit fringilla vestibulum ante ipsum primis in faucibus ultrices posuere cubilia.
