Platform API 3.0
/
Access Management

Mend API (3.0)

Mend's enhanced API enables automation of workflows in a REST compliant format. The API features:

  • Access for any user with Mend credentials, via a user key available in the user's profile page in the Mend Platform.
  • Improved security with a JWT token per organization, which expires every 30 minutes.
  • Added scalability with support for cursor pagination and limiting results size.
  • Broader functionality available programmatically.
  • New standard API documentation for easy navigation and search.

If you have a dedicated instance of Mend, contact your Mend representative to access this API on your instance.

Download OpenAPI description
3.0.json
3.0.yaml
Languages
Servers
Generated server url
https://baseUrl/

Access Management

Operations

Logout (will revoke refresh token)

Request

No request payload

Responses

OK

Bodyapplication/json
string
Response
application/json
"string"

Refresh Access Token

Request

Generate new access token from refresh token

Query
orgUuidstring

org UUID (from the Mend App: Administration General > Organization UUID).

Headers
wss-refresh-tokenstringrequired

Refresh token

Bodyapplication/json
accessTokenstring
application/json
{
  "accessToken": "string"
}

Responses

OK

Bodyapplication/json
supportTokenstring(Support Token)
Example: "1171c60d"
responseobject(AccessTokenResponseDTO)
Response
application/json
{
  "supportToken": "1171c60d",
  "response": {
    "userUuid": "string",
    "username": "string",
    "email": "string",
    "jwtToken": "string",
    "tokenType": "string",
    "orgName": "string",
    "orgUuid": "string",
    "accountName": "string",
    "accountUuid": "string",
    "tokenTTL": 0,
    "systemAccess": true,
    "serviceSystemAccess": true,
    "sessionStartTime": 0,
    "systemAccessStartTime": 0
  }
}

Login

Request

Sign in a user with email and user key, returning an access token which is valid for 30 minutes. If you omit the organization, it defaults to the last one you signed in to.

Bodyapplication/jsonrequired
emailstring(Email)required
Example: "jon.smith@mail.com"
userKeystring(User Key)required

Equivalent to a personal access token. Avoid pasting as plain text where it might be compromised. For a service user (recommended), you can find the user key in the Mend SCA App in Admin > Users. Learn more. For local testing purposes, you could also use one of your own personal user keys from your user profile page in the Mend SCA App.

Example: "***********"
application/json
{
  "email": "jon.smith@mail.com",
  "userKey": "***********"
}

Responses

OK

Bodyapplication/json
supportTokenstring(Support Token)
Example: "1171c60d"
responseobject(LoginResponseDTO)
Response
application/json
{
  "supportToken": "1171c60d",
  "response": {
    "userUuid": "string",
    "userName": "string",
    "email": "string",
    "refreshToken": "string",
    "jwtTTL": 0,
    "systemAccess": true,
    "serviceSystemAccess": true,
    "sessionStartTime": 0,
    "systemAccessStartTime": 0
  }
}

Administration - Groups

Operations

Administration - Users

Operations

Administration - Labels

Operations

Reports

Operations

Scans

Operations

Projects

Operations

Applications

Operations

Findings - Project

Operations

Findings - Scan

Operations