Skip to content
SCA API 2.0
/
/
Login

Mend API (2.0)

Mend's enhanced SCA API enables automation of workflows in a REST compliant format. The API features:

  • Access for any user with Mend credentials, via a user key available in the user's profile page in the Mend App.
  • Improved security with a JWT token per organization, which expires every 10 minutes.
  • Added scalability with support for pagination, filtering and sorting search results.
  • Broader functionality available programmatically.
  • New standard API documentation for easy navigation and search.

Note: To help you get started with the Mend SCA API 2.0, we recommend reviewing our onboarding guide -> Getting Started with Mend SCA API 2.0. This resource covers initial setup, authentication instructions, and helpful tips to help you successfully begin working with the Mend SCA API 2.0. If you have a dedicated instance of Mend, contact your Mend representative to access this API on your instance.

Download OpenAPI description
2.0.json
2.0.yaml
Languages
Servers
Generated server url
https://api-saas.mend.io/

Entities - Project

Operations

Policies - Project

Operations

CustomAttribute - Project

Operations

Alerts - Project

Operations

project-attribution-report-controller

Operations

Policies - Product

Operations

CustomAttribute - Product

Operations

Entities - Product

Operations

Settings - Whitelist

Operations

Settings - In-House

Operations

Policies - Organization

Operations

CustomAttribute - Organization

Operations

User Management - Groups

Operations

Entities - Organization

Operations

User Profile

Operations

Library - Product

Operations

User Management - Users

Operations

Update Request

Operations

Library - Organization

Operations

Access Management - Organizations

Operations

Access Management

Operations

Refresh Access Token

Request

Generate a new access token using the provided refresh token.

Security
bearer-key
Headers
wss-refresh-tokenany

Enter the refreshToken received from the login response.

No request payload

Responses

Created

Bodyapplication/json
correlationIdstring
userUuidstring
userNamestring
emailstring
refreshTokenstring
jwtTokenstring
orgNamestring(Organization Name)
Example: "Organization A"
orgUuidstring(Organization Uuid)
Example: "123e4567-e89b-12d3-a456-426655440000"
Response
application/json
{
  "correlationId": "string",
  "userUuid": "string",
  "userName": "string",
  "email": "string",
  "refreshToken": "string",
  "jwtToken": "string",
  "orgName": "Organization A",
  "orgUuid": "123e4567-e89b-12d3-a456-426655440000"
}

Login

Request

Sign in a user with email and user key, returning a JWT token which is valid for 30 minutes. If you omit the organization, it defaults to the last one you signed in to.

Security
bearer-key
Bodyapplication/jsonrequired
emailstring(Email)required
Example: "jon.smith@mail.com"
orgTokenstring(Org Token)

org UUID (by running Entities - Organization > Get User Organizations) or API Key (from the Mend SCA App: Integrate tab > API Key).

Example: "123e4567-e89b-12d3-a456-426655440000"
userKeystring(User Key)required

Equivalent to a personal access token. Avoid pasting as plain text where it might be compromised. For a service user (recommended), you can find the user key in the Mend SCA App in Admin > Users. Learn more. For local testing purposes, you could also use one of your own personal user keys from your user profile page in the Mend SCA App.

Example: "***********"
application/json
{
  "email": "jon.smith@mail.com",
  "orgToken": "123e4567-e89b-12d3-a456-426655440000",
  "userKey": "***********"
}

Responses

OK

Bodyapplication/json
supportTokenstring(Support Token)
Example: "1171c60d"
retValobject(SessionInfo)
Response
application/json
{
  "supportToken": "1171c60d",
  "retVal": {
    "correlationId": "string",
    "userUuid": "string",
    "userName": "string",
    "email": "string",
    "refreshToken": "string",
    "jwtToken": "string",
    "orgName": "Organization A",
    "orgUuid": "123e4567-e89b-12d3-a456-426655440000"
  }
}

General Info - Vulnerabilities

Operations

Library - Source Files

Operations

User Management - Roles And Permissions

Operations

Library - Project

Operations

Alerts - Product

Operations

General Info - Permissions

Operations

Vulnerable Libraries

Operations

Summary - Organization

Operations

Asynchronous Process Control

Operations

domain-controller

Operations

General Info - Licenses

Operations

product-attribution-report-controller

Operations