Skip to content
/Access Management

Mend SCA API (2.0)

Mend's enhanced SCA API enables automation of workflows in a REST compliant format. The API features:

  • Access for any user with Mend credentials, via a user key available in the user's profile page in the Mend App.
  • Improved security with a JWT token per organization, which expires every 30 minutes.
  • Added scalability with support for pagination, filtering and sorting search results.
  • Broader functionality available programmatically.
  • New standard API documentation for easy navigation and search.

If you have a dedicated instance of Mend, contact your Mend representative to access this API on your instance.

Download OpenAPI description
2.0.json
2.0.yaml
Languages
Servers
Generated server url
https://api-saas.mend.io/

Entities - Project

Operations

Policies - Project

Operations

CustomAttribute - Project

Operations

Alerts - Project

Operations

project-attribution-report-controller

Operations

Policies - Product

Operations

CustomAttribute - Product

Operations

Entities - Product

Operations

Settings - Whitelist

Operations

Settings - In-House

Operations

Policies - Organization

Operations

CustomAttribute - Organization

Operations

User Management - Groups

Operations

Entities - Organization

Operations

User Profile

Operations

Library - Product

Operations

User Management - Users

Operations

Update Request

Operations

Library - Organization

Operations

Access Management - Organizations

Operations

Access Management

Operations

Refresh Access Token

Request

Generate a new access token using the provided refresh token.

Security
bearer-key
Headers
wss-refresh-tokenany

Enter the refreshToken received from the login response.

No request payload

Responses

Created

Bodyapplication/json
correlationIdstring
userUuidstring
userNamestring
emailstring
refreshTokenstring
jwtTokenstring
orgNamestring(Organization Name)
Example: "Organization A"
orgUuidstring(Organization Uuid)
Example: "123e4567-e89b-12d3-a456-426655440000"
Response
application/json
{
  "correlationId": "string",
  "userUuid": "string",
  "userName": "string",
  "email": "string",
  "refreshToken": "string",
  "jwtToken": "string",
  "orgName": "Organization A",
  "orgUuid": "123e4567-e89b-12d3-a456-426655440000"
}

Login

Request

Sign in a user with email and user key, returning a JWT token which is valid for 30 minutes. If you omit the organization, it defaults to the last one you signed in to.

Security
bearer-key
Bodyapplication/jsonrequired
emailstring(Email)required
Example: "jon.smith@mail.com"
orgTokenstring(Org Token)

org UUID (by running Entities - Organization > Get User Organizations) or API Key (from the Mend SCA App: Integrate tab > API Key).

Example: "123e4567-e89b-12d3-a456-426655440000"
userKeystring(User Key)required

Equivalent to a personal access token. Avoid pasting as plain text where it might be compromised. For a service user (recommended), you can find the user key in the Mend SCA App in Admin > Users. Learn more. For local testing purposes, you could also use one of your own personal user keys from your user profile page in the Mend SCA App.

Example: "***********"
application/json
{
  "email": "jon.smith@mail.com",
  "orgToken": "123e4567-e89b-12d3-a456-426655440000",
  "userKey": "***********"
}

Responses

OK

Bodyapplication/json
supportTokenstring(Support Token)
Example: "1171c60d"
retValobject(SessionInfo)
Response
application/json
{
  "supportToken": "1171c60d",
  "retVal": {
    "correlationId": "string",
    "userUuid": "string",
    "userName": "string",
    "email": "string",
    "refreshToken": "string",
    "jwtToken": "string",
    "orgName": "Organization A",
    "orgUuid": "123e4567-e89b-12d3-a456-426655440000"
  }
}

General Info - Vulnerabilities

Operations

Library - Source Files

Operations

User Management - Roles And Permissions

Operations

Library - Project

Operations

Alerts - Product

Operations

General Info - Permissions

Operations

Vulnerable Libraries

Operations

Summary - Organization

Operations

Asynchronous Process Control

Operations

domain-controller

Operations

General Info - Licenses

Operations

product-attribution-report-controller

Operations