# Licenses and Libraries API # Overview This document showcases the API requests and responses for getting: * Licenses at the organization, product, or project-level * Licenses histogram (license name : occurrence) for a given organization, product or project * Text of licenses terms and conditions contained in a single zip file * Copyrights text file for a product or project * Notices text file for a product * Setting the text of a library’s notice * Locations of libraries in a product or project * Changing the library currently matched to source files # Get Licenses This API request enables you to get all libraries and their licenses for a given organization, product or project. ## Get Licenses - Organization Get libraries and their licenses for an organization. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns an organization’s licenses per library. | string | Yes | | **orgToken** | API key which is a unique identifier of the organization. Used to identify the organization in plugins. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in Mend. | string | Yes | | **excludeProjectOccurrences** | “true” or “false” depending on whether or not you want to exclude project occurrences of the licenses. | boolean | No | #### Request Example ``` { "requestType" : "getOrganizationLicenses", "userKey": "user_key", "orgToken" : "organization_api_key", } ``` #### Response Example (JSON) ``` {     "libraries": [         {             "keyUuid": "56a58812-b304-44f7-a589-1911ee10757c",             "keyId": 1,             "filename": "commons-beanutils-1.8.0.jar",             "type": "Java",             "resolvedType": "Java",             "description": "BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection.",             "references": {                 "url": "http://commons.apache.org/beanutils/",                 "issueUrl": "http://issues.apache.org/jira/browse/BEANUTILS",                 "pomUrl": "https://repo.maven.apache.org/maven2/commons-beanutils/commons-beanutils/1.8.0/commons-beanutils-1.8.0.pom",                 "scmUrl": "http://svn.apache.org/viewvc/commons/proper/beanutils/trunk/"             },             "directDependency": true,             "projects": [                 {                     "projectName": "Demo Data",                     "projectToken": "5715a92ea3d345d29512481363d8f9751b87c8fb50c44c46a44e81e90e7407e6"                 }             ],             "sha1": "0c651d5103c649c12b20d53731643e5fffceb536",             "name": "Commons BeanUtils",             "artifactId": "commons-beanutils",             "version": "1.8.0",             "groupId": "commons-beanutils",             "licenses": [                 {                     "name": "Apache 2.0",                     "spdxName": "Apache-2.0",                     "url": "http://www.opensource.org/licenses/Apache-2.0",                     "references": [                         {                             "referenceType": "POM file",                             "reference": "https://repo.maven.apache.org/maven2/commons-beanutils/commons-beanutils/1.8.0/commons-beanutils-1.8.0.pom"                         }                     ]                 }             ],             "copyrightReferences": [                 {                     "copyright": "Copyright 2000-2008 The Apache Software Foundation",                     "startYear": "2000",                     "endYear": "2008",                     "author": "The Apache Software Foundation",                     "textUrl": "/gri/app/reader/resource/content/asString/d549e4e9-ab82-4409-b19d-225c3e097be5"                 }             ]         } ] } ``` ## Get Licenses - Product Get libraries and their licenses for a specific product. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns a product's licenses per library. | string | Yes | | **productToken** | Unique identifier of the product. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in Mend. | string | Yes | | **excludeProjectOccurrences** | “true” or “false” depending on whether or not you want to exclude project occurrences of the licenses. | boolean | No | #### Request Example ``` { "requestType" : "getProductLicenses", "userKey": "user_key", "productToken" : "product_token", } ``` Response Example (JSON) ``` {     "libraries": [         {             "keyUuid": "56a58812-b304-44f7-a589-1911ee10757c",             "keyId": 1,             "filename": "commons-beanutils-1.8.0.jar",             "type": "Java",             "resolvedType": "Java",             "description": "BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection.",             "references": {                 "url": "http://commons.apache.org/beanutils/",                 "issueUrl": "http://issues.apache.org/jira/browse/BEANUTILS",                 "pomUrl": "https://repo.maven.apache.org/maven2/commons-beanutils/commons-beanutils/1.8.0/commons-beanutils-1.8.0.pom",                 "scmUrl": "http://svn.apache.org/viewvc/commons/proper/beanutils/trunk/"             },             "directDependency": true,             "projects": [                 {                     "projectName": "Demo Data",                     "projectToken": "5715a92ea3d345d29512481363d8f9751b87c8fb50c44c46a44e81e90e7407e6"                 }             ],             "sha1": "0c651d5103c649c12b20d53731643e5fffceb536",             "name": "Commons BeanUtils",             "artifactId": "commons-beanutils",             "version": "1.8.0",             "groupId": "commons-beanutils",             "licenses": [                 {                     "name": "Apache 2.0",                     "spdxName": "Apache-2.0",                     "url": "http://www.opensource.org/licenses/Apache-2.0",                     "references": [                         {                             "referenceType": "POM file",                             "reference": "https://repo.maven.apache.org/maven2/commons-beanutils/commons-beanutils/1.8.0/commons-beanutils-1.8.0.pom"                         }                     ]                 }             ],             "copyrightReferences": [                 {                     "copyright": "Copyright 2000-2008 The Apache Software Foundation",                     "startYear": "2000",                     "endYear": "2008",                     "author": "The Apache Software Foundation",                     "textUrl": "/gri/app/reader/resource/content/asString/d549e4e9-ab82-4409-b19d-225c3e097be5"                 }             ]         } ] } ``` ## Get Licenses - Project Get libraries and their licenses for a specific project. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns a project's licenses per library. | string | Yes | | **projectToken** | Unique identifier of the project. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in Mend. | string | Yes | #### Request Example ``` { "requestType" : "getProjectLicenses", "userKey": "user_key", "projectToken" : "project_token" } ``` #### Response Example (JSON) ``` {     "libraries": [         {             "keyUuid": "991af093-4fae-4683-aef6-5f033df9b6d3",             "keyId": 246,             "filename": "xmlpull-1.1.3.1.jar",             "type": "Java",             "resolvedType": "Java",             "references": {                 "url": "http://www.xmlpull.org",                 "issueUrl": "http://www.extreme.indiana.edu/bugzilla/buglist.cgi?product=XmlPull.org",                 "pomUrl": "https://repo.maven.apache.org/maven2/xmlpull/xmlpull/1.1.3.1/xmlpull-1.1.3.1.pom"             },             "directDependency": false,             "projects": [                 {                     "projectName": "WST_464",                     "projectToken": "29a15e6d3d7744c09a3b9975e4bd6d702da71f13a0ab434aadd6a27f4db07849"                 }             ],             "sha1": "2b8e230d2ab644e4ecaa94db7cdedbc40c805dfa",             "name": "XML Pull Parsing API",             "artifactId": "xmlpull",             "version": "1.1.3.1",             "groupId": "xmlpull",             "licenses": [                 {                     "name": "Public Domain",                     "url": "http://creativecommons.org/licenses/publicdomain/",                     "references": [                         {                             "referenceType": "POM file",                             "reference": "https://repo.maven.apache.org/maven2/xmlpull/xmlpull/1.1.3.1/xmlpull-1.1.3.1.pom"                         }                     ]                 }             ],             "copyrightReferences": []         } ] } ``` # Get Licenses Histogram This API request enables you to get a licenses histogram for a given organization, product, or project. ## Get Licenses Histogram - Organization Get a histogram of licenses and their number of occurrences for an organization. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns a histogram of an organization’s licenses. | string | Yes | | **orgToken** | API key which is a unique identifier of the organization. Used to identify the organization in plugins. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in Mend. | string | Yes | #### Request Example ``` { "requestType" : "getOrganizationLicenseHistogram", "userKey": "user_key", "orgToken" : "organization_api_key" } ``` Response Example (JSON) The JSON response lists all the licenses and their number of occurrences in the specified organization. For example: ``` {     "licenseHistogram": {         "Unlicense": 4,         "GPL 3.0": 11,         "Apache 2.0": 331,         "Apache 1.1": 4,         "Mozilla 2.0": 1,         "Mozilla 1.1": 2,         "PIL Software License": 1,         "Suspected Proprietary": 1,         "GPL 2.0": 18,         "ICU License": 1,         "CC0": 4,         "BSD": 12,         "LGPL": 9,         "Academic 2.1": 1,         "Unspecified License": 19,         "CC BY 3.0": 1,         "ISC": 79,         "Common Public 1.0": 3,         "Oracle Binary (Java SE and JavaFX)": 1,         "Ruby": 5,         "Bouncy Castle License": 1,         "Eclipse 1.0": 31,         "Artistic 2.0": 2,         "CDDL 1.0": 4,         "CDDL 1.1": 27,         "Indiana University Extreme!": 3,         "Suspected Apache 2.0": 1,         "Unknown License": 26,         "Dom4j": 1,         "Custom": 1,         "Public Domain": 6,         "CDDL or GPLv2 with exceptions": 1,         "BSD 2": 22,         "BSD 3": 62,         "Python 2.0": 2,         "WTFPL": 2,         "LGPL 3.0": 4,         "LGPL 2.1": 55,         "MIT": 885,         "JTidy License": 1,         "Jacob": 1,         "GPL 2.0 Classpath": 18     } } ``` ## Get Licenses Histogram - Product Get a histogram of a product’s licenses and their number of occurrences. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns a history of a product’s licenses. | string | Yes | | **productToken** | Unique identifier of the product. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in Mend. | string | Yes | #### Request Example ``` { "requestType" : "getProductLicenseHistogram", "userKey": "user_key", "productToken" : "product_token" } ``` Response Example (JSON) The JSON response lists all the licenses and their number of occurrences for the specified product. For example: ``` {     "licenseHistogram": {         "Artistic 2.0": 2,         "Apache 2.0": 43,         "Unknown License": 3,         "Mozilla 2.0": 1,         "GPL 2.0": 3,         "BSD 2": 2,         "BSD 3": 6,         "BSD": 2,         "ISC": 1,         "LGPL 3.0": 1,         "MIT": 45,         "Ruby": 5,         "Jacob": 1     } } ``` ## Get Licenses Histogram - Project Get a histogram of a project’s licenses and their number of occurrences. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that returns a project’s licenses histogram. | string | Yes | | **projectToken** | Unique identifier of the project. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in Mend. | string | Yes | #### Request Example ``` { "requestType" : "getProjectLicenseHistogram", "userKey": "user_key", "projectToken" : "project_token" } ``` #### Response Example (JSON) The JSON response lists the licenses and their number of occurrences for the specified project. For example: ``` { "licenseHistogram" : { "Apache 2.0" : 2, "BSD 3" : 2, "GPL 3.0" : 1, } } ``` # Get Licenses Text Zip File This API request enables you to get the text of licenses terms and conditions contained in a single zip file, for a product or project. ## Get Licenses Text Zip File - Product Get a Licenses text zip file showing terms and conditions for a product. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that gets a License text zip file for a product. | string | Yes | | **productToken** | Unique identifier of the product. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in Mend. | string | Yes | #### Request Example ``` { "requestType" : "getLicensesTextZip", "userKey": "user_key", "productToken" : "product_token" } ``` #### Response Format The response is a zip file, not a JSON formatted message. It will have the following headers: * Content-Type = application/zip * Content-Disposition: attachment; filename=product_name-licenses.zip ## Get Licenses Text Zip File - Project This API request enables you to get a Licenses text zip file showing terms and conditions for a project. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that gets a License text zip file for a project. | string | Yes | | **projectToken** | Unique identifier of the project. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in Mend. | string | Yes | #### Request Example ``` { "requestType" : "getProjectLicensesTextZip", "userKey": "user_key", "projectToken" : "project_token" } ``` #### Response Format The response is a zip file, not a JSON formatted message. It will have the following headers: * Content-Type = application/zip * Content-Disposition: attachment; filename=project_name-licenses.zip # Get Copyrights Text File This API request enables you to get a text file of all the Copyrights for a product or project. ## Get Copyrights Text File - Product Get a text file of all the Copyrights for a product. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that gets a Copyrights text file for a product. | string | Yes | | **productToken** | Unique identifier of the product. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in Mend. | string | Yes | | **showCopyrightExtraDetails** | If you manually change copyright for a given library, when the flag is set to `true`, it will return the name of the user who modified the copyright assignment, as shown in the Mend Application. | string | Yes, only in API v1.4 | #### Request Example ``` { "requestType" : "getCopyrightsTextFile", "userKey": "user_key", "productToken" : "product_token", "showCopyrightExtraDetails": "true" } ``` #### Response Format The response will have the following headers: * Content-Type = text/plain * Content-Disposition: attachment; filename=product_name-copyrights.zip ## Get Copyrights Text File - Project Get a text file of all the Copyrights for a project. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that gets a Copyrights text file for a project. | string | Yes | | **projectToken** | Unique identifier of the project. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in Mend. | string | Yes | | **showCopyrightExtraDetails** | If you manually change copyright for a given library, when the flag is set to `true`, it will return the name of the user who modified the copyright assignment, as shown in the Mend Application. | string | Yes, only in API v1.4 | #### Request Example ``` { "requestType" : "getProjectCopyrightsTextFile", "userKey": "user_key", "projectToken" : "project_token", "showCopyrightExtraDetails": "true" } ``` #### Response Format The response will have the following headers: * Content-Type = text/plain * Content-Disposition: attachment; filename=project_name-copyrights.zip # Get Notices Text File This API request enables you to get a text file of all the Notices for a product. **NOTE:** This request is available ONLY for products. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that gets a Notices text file for a product. | string | Yes | | **productToken** | Unique identifier of the product. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in Mend. | string | Yes | #### Request Example ``` { "requestType" : "getNoticesTextFile", "userKey": "user_key", "productToken" : "product_token" } ``` Response Format The response will have the following headers: * Content-Type = text/plain * Content-Disposition: attachment; filename=product_name-notices.zip # Set Library Notices This API request enables you to set a text value for a library’s notice. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that sets a library notice. | string | Yes | | **orgToken** | API key which is a unique identifier of the organization. Used to identify the organization in plugins. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in Mend. | string | Yes | | **libraryUUID** | Unique ID of the library in which you want to set the notice. | string | Yes | | **text** | Text of the library’s notice that you want to set. | string | Yes | | **reference** | Optionally, add library reference information to the notice. | string | No | #### Request Example ``` { "requestType": "setLibraryNotice", "orgToken" : "org_token", "userKey": "user_key", "libraryUUID": "library_UUID", "text": "text of the notice", "reference": "additional library reference information" } ``` Response Example ``` { "message": "Successfully set notice" } ``` # Get Library Locations This API request enables you to get the path locations of all libraries in a product or project. ## Get Library Locations - Product Get the path locations of the libraries in a product. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that gets the library locations for a product. | string | Yes | | **productToken** | Unique identifier of the product. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in Mend. | string | Yes | #### Request Example ``` { "requestType" : "getProductLibraryLocations", "userKey": "user_key", "productToken" : "product_token" } ``` #### Response Example (JSON) ``` "libraryLocations" : [ { "name" : "library_name", "keyId" : key_id, "keyUuid" : "key_uuid", "locations": [ { "path" : "library_location_1\library_name", "matchType": "SHA1" }, { "path": "library_location_2\\library_name", "matchType": "FILENAME" } ] } ] ``` ## Get Library Locations - Project Get the path locations of the libraries in a project. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that gets the library locations for a project. | string | Yes | | **projectToken** | Unique identifier of the project. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in Mend. | string | Yes | #### Request Example ``` { "requestType" : "getProjectLibraryLocations", "userKey": "user_key", "projectToken" : "project_token" } ``` #### Response Example (JSON) ``` "libraryLocations" : [ { "name" : "library_name", "keyId" : key_id, "keyUuid" : "key_uuid", "locations": [ { "path" : "library_location_1\library_name", "dependencyFile" : "home/ubuntu/GiHubRepos/Samples123/pom.xml" "matchType": "SHA1" }, { "path": "library_location_2\\library_name", "dependencyFile" : "home/ubuntu/GiHubRepos/Samples234/pom.xml" "matchType": "FILENAME" } ] } ] ``` # Get Source Library Info This API enables users to retrieve a source library from the [Mend.io](http://Mend.io) index. Use-case: You can use this API to establish the *keyUuid* of the desired source library for re-mapping source files using the *changeOriginLibrary* API call. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that changes the origin library of your source files. | string | Yes | | **orgToken** | API key which is a unique identifier of the organization. Used to identify the organization in plugins. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in Mend. | string | Yes | | **owner** | The owner of the source library. | string | Yes | | **name** | The name of the source library. | string | Yes | | **version** | The version of the source library. | string | Yes | | **host** | The platform hosting the source library (e.g., “github”). | string | Yes | | **downloadLink** | The link to download the source library | string | No | #### Request Example ``` { "requestType" : "getSourceLibraryInfo", "orgToken" : "", "userKey": "", "owner":"apache", "name":"xerces-c", "version":"v2.7.0", "host":"github", "downloadLink": "https://github.com/apache/xerces-c/zipball/v1.0.0" } ``` #### Response Example ``` { "keyUuid": "key_Uuid", "libraryName": "xerces-c-v1.0.0", "url": "https://github.com/apache/xerces-c.git" } ``` # Change Origin Library This API request enables you to change the library that is currently matched to the source files in your organization’s inventory. **NOTE:** By default, the `changeOriginLibrary` API runs synchronously. However, this API can also be generated asynchronously to prevent timeouts in large organizations with many projects. #### QUERY PARAMETERS | **Parameter** | **Description** | **Type** | **Required** | | --- | --- | --- | --- | | **requestType** | API request type that changes the origin library of your source files. | string | Yes | | **orgToken** | API key which is a unique identifier of the organization. Used to identify the organization in plugins. | string | Yes | | **userKey** | The ID of the user’s profile, which uniquely identifies the user in Mend. | string | Yes | | **runAsync** | “true” or “false” depending on whether or not you want to run the API request asynchronously. | boolean | No | | **targetKeyUuid** | Unique ID of the library to which you want to change the source files. | string | Yes | | **sourceFiles** | An array of the source files to be moved. | array | Yes | | **userComments** | Optionally, add a comment to this action. | string | No | #### Request Example ``` { "requestType" : "changeOriginLibrary", "userKey": "userKey", "orgToken" : "orgToken", "runAsync": "true", "targetKeyUuid": "key-uuid-of-the-source-library-to-change-files", "sourceFiles": ["sha1_1", "sha1_2"], "userComments": "user-comments" } ``` #### Response Example ``` { "message": "Successfully changed origin library" } ```