Platform API 3.0
/
Access Management

Mend API (3.0)

Mend's enhanced API enables automation of workflows in a REST compliant format. The API features:

  • Access for any user with Mend credentials, via a user key available in the user's profile page in the Mend Platform.
  • Improved security with a JWT token per organization, which expires every 30 minutes.
  • Added scalability with support for cursor pagination and limiting results size.
  • Broader functionality available programmatically.
  • New standard API documentation for easy navigation and search.

If you have a dedicated instance of Mend, contact your Mend representative to access this API on your instance.

Download OpenAPI description
3.0.json
3.0.yaml
Languages
Servers
Generated server url

https://baseUrl/

Access Management

Operations

Logout (revokes the refresh token)

Request

Security
bearer-key
Headers
wss-refresh-tokenstringrequired

Refresh token

No request payload

Responses

OK

Bodyapplication/json
string
Response
application/json
"string"

Generate / Refresh Access Token

Request

Generates a new access token from a refresh token

Security
bearer-key
Query
orgUuidstring

org UUID (from the Mend App: Administration General > Organization UUID).

Headers
wss-refresh-tokenstringrequired

Refresh token

Bodyapplication/json
accessTokenstring
application/json
{
  "accessToken": "string"
}

Responses

OK

Bodyapplication/json
supportTokenstring(Support Token)
Example: "1171c60d"
responseobject(AccessTokenResponseDTO)
Response
application/json
{
  "supportToken": "1171c60d",
  "response": {
    "userUuid": "string",
    "username": "string",
    "email": "string",
    "jwtToken": "string",
    "tokenType": "string",
    "orgName": "string",
    "orgUuid": "string",
    "accountName": "string",
    "accountUuid": "string",
    "tokenTTL": 0,
    "systemAccess": true,
    "serviceSystemAccess": true,
    "sessionStartTime": 0,
    "systemAccessStartTime": 0
  }
}

Login

Request

Sign in a user with email and user key, returning a JWT token which is valid for 30 minutes. If you omit the organization, it defaults to the last one you signed in to.

Security
bearer-key
Bodyapplication/jsonrequired
emailstring(Email)required
Example: "jon.smith@mail.com"
userKeystring(User Key)required

Equivalent to a personal access token. Avoid pasting as plain text where it might be compromised. For a service user (recommended), you can find the user key in the Mend SCA App in Admin > Users. Learn more. For local testing purposes, you could also use one of your own personal user keys from your user profile page in the Mend SCA App.

Example: "***********"
application/json
{
  "email": "jon.smith@mail.com",
  "userKey": "***********"
}

Responses

OK

Bodyapplication/json
supportTokenstring(Support Token)
Example: "1171c60d"
responseobject(LoginResponseDTO)
Response
application/json
{
  "supportToken": "1171c60d",
  "response": {
    "userUuid": "string",
    "userName": "string",
    "email": "string",
    "refreshToken": "string",
    "jwtTTL": 0,
    "systemAccess": true,
    "serviceSystemAccess": true,
    "sessionStartTime": 0,
    "systemAccessStartTime": 0
  }
}

Administration - Groups

Operations

Administration - Users

Operations

Administration - Labels

Operations

Reports

Operations

Scans

Operations

Projects

Operations

Applications

Operations

Findings - Project

Operations

Findings - Scan

Operations

Integrations

Operations