SCA API 2.0
/
User Management - Groups

Mend API (3.0.1)

Mend's enhanced SCA API enables automation of workflows in a REST compliant format. The API features:

  • Access for any user with Mend credentials, via a user key available in the user's profile page in the Mend App.
  • Improved security with a JWT token per organization, which expires every 30 minutes.
  • Added scalability with support for pagination, filtering and sorting search results.
  • Broader functionality available programmatically.
  • New standard API documentation for easy navigation and search.

If you have a dedicated instance of Mend, contact your Mend representative to access this API on your instance.

Download OpenAPI description
2.0.json
2.0.yaml
Languages
Servers
Generated server url
https://api-saas.mend.io/

Entities - Project

Operations

Policies - Project

Operations

Alerts - Project

Operations

project-attribution-report-controller

Operations

application-violations-controller

Operations

Policies - Product

Operations

Entities - Product

Operations

Settings - Whitelist

Operations

Settings - In-House

Operations

Policies - Organization

Operations

User Management - Groups

Operations

Get Group

Request

Returns the given group of an organization

Path
orgTokenstringrequired

org UUID (by running Entities - Organization > Get User Organizations) or API Key (from the Mend SCA App: Integrate tab > API Key).

groupUuidstringrequired

Group UUID (by running User Management - Groups > Get All Groups of Organization).

No request payload

Responses

OK

Bodyapplication/json
supportTokenstring(Support Token)
Example: "1171c60d"
retValobject(GroupDTO)
Response
application/json
{
  "supportToken": "1171c60d",
  "retVal": {
    "uuid": "123e4567-e89b-12d3-a456-426655440000",
    "name": "Group A",
    "description": "Group description",
    "userCount": 22
  }
}

Update Group

Request

Updates the properties of a given group

Path
orgTokenstringrequired

org UUID (by running Entities - Organization > Get User Organizations) or API Key (from the Mend SCA App: Integrate tab > API Key).

groupUuidstringrequired

Group UUID (by running User Management - Groups > Get All Groups of Organization).

Bodyapplication/jsonrequired
namestring(Group Name)
Example: "Group A"
descriptionstring(Group Description)
Example: "Group description"
application/json
{
  "name": "Group A",
  "description": "Group description"
}

Responses

OK

Bodyapplication/json
supportTokenstring(Support Token)
Example: "1171c60d"
retValobject(GroupDTO)
Response
application/json
{
  "supportToken": "1171c60d",
  "retVal": {
    "uuid": "123e4567-e89b-12d3-a456-426655440000",
    "name": "Group A",
    "description": "Group description",
    "userCount": 22
  }
}

Delete Group

Request

Deletes the given group

Path
orgTokenstringrequired

org UUID (by running Entities - Organization > Get User Organizations) or API Key (from the Mend SCA App: Integrate tab > API Key).

groupUuidstringrequired

Group UUID (by running User Management - Groups > Get All Groups of Organization).

No request payload

Responses

OK

Bodyapplication/json
supportTokenstring(Support Token)
Example: "1171c60d"
retValobject(MessageDTO)
Response
application/json
{
  "supportToken": "1171c60d",
  "retVal": {
    "message": "Success!"
  }
}

Get Group Users

Request

Returns a list of users that belong to given group

Path
orgTokenstringrequired

org UUID (by running Entities - Organization > Get User Organizations) or API Key (from the Mend SCA App: Integrate tab > API Key).

groupUuidstringrequired

The group UUID

Query
pageSizestring<= 10000

Enter the number of items to return in each page of the result.

Default "50"
pagestring

Enter the page number to display in the result. Page numbers start at 0

Default "0"
searchany

Filter your search to return items whose property has a specific value. Use the syntax: property:operation:value where a colon (:) separates between property, operation and value.

  • Property: the name of the property of the item
  • Operation:
    • equals - true if the value is identical to this value.
    • like - true if the property's value is contained within this value
    • regex - true if this regular expression resolves as true. The regex is not case sensitive, and special characters must be escaped with a backslash. Special characters include space, double quote ("), '<', '>', '#', '%', '{', '}', vertical bar ('|'), backslash, '^'. To pass an escaped character in a URL in Postman, encode it first. E.g. to return all items whose value begins with a or A, use regex:^a
  • Value: the value of the property.

To combine multiple filters, separate each filter with a semicolon with no space. E.g. property1:operation1:value1;property2:operation2:value2

This endpoint supports filtering on the following properties and its supported operators:

  • accountStatus:[equals|in]:value
  • email:[like | equals | regex]:value
  • name:[like | equals | regex]:value
  • userType:[like | equals]:value
  • roles:[equals|in]:value
sortany

Sort search results alphabetically on an item's property by entering sort= followed by the property name. E.g. enter sort=email to sort alphabetically by their email addresses from a-z ascending.To sort in descending order (z-a), add a minus sign ('-'). E.g. sort=-email.

You can sort by the following properties:

  • email
  • name
  • userType
No request payload

Responses

OK

Bodyapplication/json
additionalDataobject(Provides insights into endpoint-supported pagination information.)
  • totalItems: The total count of data points returned in an API response.
  • isLastPage: Defines whether the current page represents the conclusion of the API response. When “true”, this signifies you are viewing the last page of the API response. When “false”, this indicates there are further pages remaining.
Example: {"totalItems":"422","isLastPage":"true"}
supportTokenstring(Support Token)
Example: "1171c60d"
retValArray of objects(UserInfoDTO)
Response
application/json
{
  "additionalData": {
    "totalItems": "422",
    "isLastPage": "true"
  },
  "supportToken": "1171c60d",
  "retVal": [
    {}
  ]
}

Add User To Group

Request

Adds a user to an organization's group

Path
orgTokenstringrequired

org UUID (by running Entities - Organization > Get User Organizations) or API Key (from the Mend SCA App: Integrate tab > API Key).

groupUuidstringrequired

Group UUID (by running User Management - Groups > Get All Groups of Organization).

Bodyapplication/jsonrequired
userEmailsArray of stringsuniquerequired
Example: ["jon.smith@mail.com"]
application/json
{
  "userEmails": [
    "jon.smith@mail.com"
  ]
}

Responses

OK

Bodyapplication/json
supportTokenstring(Support Token)
Example: "1171c60d"
retValobject(MessageDTO)
Response
application/json
{
  "supportToken": "1171c60d",
  "retVal": {
    "message": "Success!"
  }
}

Get Group Roles

Request

Returns the list of roles associated with a given group

Path
orgTokenstringrequired

org UUID (by running Entities - Organization > Get User Organizations) or API Key (from the Mend SCA App: Integrate tab > API Key).

groupUuidstringrequired

The group UUID

Query
pageSizestring<= 10000

Enter the number of items to return in each page of the result.

Default "50"
pagestring

Enter the page number to display in the result. Page numbers start at 0

Default "0"
searchany

Filter your search to return items whose property has a specific value. Use the syntax: property:operation:value where a colon (:) separates between property, operation and value.

  • Property: the name of the property of the item
  • Operation:
    • equals - true if the value is identical to this value.
    • like - true if the property's value is contained within this value
    • regex - true if this regular expression resolves as true. The regex is not case sensitive, and special characters must be escaped with a backslash. Special characters include space, double quote ("), '<', '>', '#', '%', '{', '}', vertical bar ('|'), backslash, '^'. To pass an escaped character in a URL in Postman, encode it first. E.g. to return all items whose value begins with a or A, use regex:^a
  • Value: the value of the property.

To combine multiple filters, separate each filter with a semicolon with no space. E.g. property1:operation1:value1;property2:operation2:value2

This endpoint supports filtering on the following properties and its supported operators:

  • contextName:[like | equals | regex]:value
  • contextType[like | equals]:value
  • role[like | equals | regex]:value
sortany

Sort search results alphabetically on an item's property by entering sort= followed by the property name. E.g. enter sort=email to sort alphabetically by their email addresses from a-z ascending.To sort in descending order (z-a), add a minus sign ('-'). E.g. sort=-email.

You can sort by the following properties:

  • contextName
  • contextType
  • role
No request payload

Responses

OK

Bodyapplication/json
additionalDataobject(Provides insights into endpoint-supported pagination information.)
  • totalItems: The total count of data points returned in an API response.
  • isLastPage: Defines whether the current page represents the conclusion of the API response. When “true”, this signifies you are viewing the last page of the API response. When “false”, this indicates there are further pages remaining.
Example: {"totalItems":"422","isLastPage":"true"}
supportTokenstring(Support Token)
Example: "1171c60d"
retValArray of objects(MultipleGroupRolesPerContextDTO)
Response
application/json
{
  "additionalData": {
    "totalItems": "422",
    "isLastPage": "true"
  },
  "supportToken": "1171c60d",
  "retVal": [
    {}
  ]
}

Add Group Role

Request

Creates a new group role for an organization

Path
orgTokenstringrequired

org UUID (by running Entities - Organization > Get User Organizations) or API Key (from the Mend SCA App: Integrate tab > API Key).

groupUuidstringrequired

Group UUID (by running User Management - Groups > Get All Groups of Organization).

Bodyapplication/jsonrequired
contextTokenstringrequired

Depending on the value of contextType, this can be:

  • orgToken (org UUID by running Entities - Organization > Get User Organization) or Api Token (from the Mend SCA App: Integrate tab > API Key).
  • productToken (product UUID (by running Entities - Organization > Get Organization Products) or Product Token (from the Mend SCA App: Integrate tab > Product Token.
  • projectToken (project UUID by running Entities - Product > Get Product Projects) or project Token (from the Mend SCA App: Integrate tab > Project Token).
Example: "123e4567-e89b-12d3-a456-426655440000"
contextTypestringrequired

Type of entity the role will be associated with

Enum"orgs""products"
Example: "orgs"
rolestring
Enum"DEFAULT_APPROVER""ADMIN""ALERT_EMAIL_RECEIVER""ALERTS_IGNORER""LICENSE_AND_COPYRIGHT_ASSIGNER""AUDITOR""USER""PRODUCT_INTEGRATOR"
application/json
{
  "contextToken": "123e4567-e89b-12d3-a456-426655440000",
  "contextType": "orgs",
  "role": "DEFAULT_APPROVER"
}

Responses

OK

Bodyapplication/json
supportTokenstring(Support Token)
Example: "1171c60d"
retValobject(List of Group Roles)
Response
application/json
{
  "supportToken": "1171c60d",
  "retVal": {
    "contextToken": "123e4567-e89b-12d3-a456-426655440000",
    "contextName": "My Project",
    "contextType": "orgs",
    "role": "DEFAULT_APPROVER"
  }
}

Remove Group Roles

Request

Deletes a role from a group

Path
orgTokenstringrequired

org UUID (by running Entities - Organization > Get User Organizations) or API Key (from the Mend SCA App: Integrate tab > API Key).

groupUuidstringrequired

Group UUID (by running User Management - Groups > Get All Groups of Organization).

Bodyapplication/jsonrequired
contextTokenstringrequired

Depending on the value of contextType, this can be:

  • orgToken (org UUID by running Entities - Organization > Get User Organization) or Api Token (from the Mend SCA App: Integrate tab > API Key).
  • productToken (product UUID (by running Entities - Organization > Get Organization Products) or Product Token (from the Mend SCA App: Integrate tab > Product Token.
  • projectToken (project UUID by running Entities - Product > Get Product Projects) or project Token (from the Mend SCA App: Integrate tab > Project Token).
Example: "123e4567-e89b-12d3-a456-426655440000"
contextTypestringrequired

Type of entity the role will be associated with

Enum"orgs""products"
Example: "orgs"
rolestring
Enum"DEFAULT_APPROVER""ADMIN""ALERT_EMAIL_RECEIVER""ALERTS_IGNORER""LICENSE_AND_COPYRIGHT_ASSIGNER""AUDITOR""USER""PRODUCT_INTEGRATOR"
application/json
{
  "contextToken": "123e4567-e89b-12d3-a456-426655440000",
  "contextType": "orgs",
  "role": "DEFAULT_APPROVER"
}

Responses

OK

Bodyapplication/json
supportTokenstring(Support Token)
Example: "1171c60d"
retValobject(MessageDTO)
Response
application/json
{
  "supportToken": "1171c60d",
  "retVal": {
    "message": "Success!"
  }
}

Get All Groups of organization

Request

Returns a list of all groups within an organization

Path
orgTokenstringrequired

org UUID (by running Entities - Organization > Get User Organizations) or API Key (from the Mend SCA App: Integrate tab > API Key).

Query
pageSizestring<= 10000

Enter the number of items to return in each page of the result.

Default "50"
pagestring

Enter the page number to display in the result. Page numbers start at 0

Default "0"
searchany

Filter your search to return items whose property has a specific value. Use the syntax: property:operation:value where a colon (:) separates between property, operation and value.

  • Property: the name of the property of the item
  • Operation:
    • equals - true if the value is identical to this value.
    • in - true if the value is identical to one of the items in this comma-separated list. E.g. in:value1,value2,value3
    • like - true if the property's value is contained within this value
    • regex - true if this regular expression resolves as true. The regex is not case sensitive, and special characters must be escaped with a backslash. Special characters include space, double quote ("), '<', '>', '#', '%', '{', '}', vertical bar ('|'), backslash, '^'. To pass an escaped character in a URL in Postman, encode it first. E.g. to return all items whose value begins with a or A, use regex:^a
  • Value: the value of the property.

To combine multiple filters, separate each filter with a semicolon with no space. E.g. property1:operation1:value1;property2:operation2:value2

This endpoint supports filtering on the following properties and its supported operators:

  • contextType:equals:value
  • name:[like | equals | regex]:value
  • product:in:value1,value2,value-n
  • roles:in:value1,value2,value-n
sortany

Sort search results alphabetically on an item's property by entering sort= followed by the property name. E.g. enter sort=email to sort alphabetically by their email addresses from a-z ascending.To sort in descending order (z-a), add a minus sign ('-'). E.g. sort=-email.

You can sort by the following properties:

  • accountStatus
  • contextType
  • name
  • product
  • role
  • users
optionalColumnsstring

Used to add group roles information to the response

Default "roles"
Value"roles"
No request payload

Responses

OK

Bodyapplication/json
additionalDataobject(Provides insights into endpoint-supported pagination information.)
  • totalItems: The total count of data points returned in an API response.
  • isLastPage: Defines whether the current page represents the conclusion of the API response. When “true”, this signifies you are viewing the last page of the API response. When “false”, this indicates there are further pages remaining.
Example: {"totalItems":"422","isLastPage":"true"}
supportTokenstring(Support Token)
Example: "1171c60d"
retValArray of objects(GroupSummaryDTO)
Response
application/json
{
  "additionalData": {
    "totalItems": "422",
    "isLastPage": "true"
  },
  "supportToken": "1171c60d",
  "retVal": [
    {}
  ]
}

Create Group

Request

Creates a new group for an organization

Path
orgTokenstringrequired

org UUID (by running Entities - Organization > Get User Organizations) or API Key (from the Mend SCA App: Integrate tab > API Key).

Bodyapplication/jsonrequired
namestring(Group Name)required
Example: "Group A"
descriptionstring(Group Description)required
Example: "Group description"
application/json
{
  "name": "Group A",
  "description": "Group description"
}

Responses

OK

Bodyapplication/json
supportTokenstring(Support Token)
Example: "1171c60d"
retValobject(GroupDTO)
Response
application/json
{
  "supportToken": "1171c60d",
  "retVal": {
    "uuid": "123e4567-e89b-12d3-a456-426655440000",
    "name": "Group A",
    "description": "Group description",
    "userCount": 22
  }
}

Delete User From Group

Request

Deletes a user from an organization's group

Path
orgTokenstringrequired

org UUID (by running Entities - Organization > Get User Organizations) or API Key (from the Mend SCA App: Integrate tab > API Key).

groupUuidstringrequired

Group UUID (by running User Management - Groups > Get All Groups of Organization).

userUuidstringrequired

User UUID (by running User Management - Users > Get Organization Users).

No request payload

Responses

OK

Bodyapplication/json
supportTokenstring(Support Token)
Example: "1171c60d"
retValobject(MessageDTO)
Response
application/json
{
  "supportToken": "1171c60d",
  "retVal": {
    "message": "Success!"
  }
}

Entities - Organization

Operations

User Profile

Operations

Library - Product

Operations

User Management - Users

Operations

Update Request

Operations

Library - Organization

Operations

Access Management - Organizations

Operations

Access Management

Operations

General Info - Vulnerabilities

Operations

Library - Source Files

Operations

User Management - Roles And Permissions

Operations

Library - Project

Operations

Alerts - Product

Operations

General Info - Permissions

Operations

Vulnerable Libraries

Operations

Summary - Organization

Operations

Asynchronous Process Control

Operations

General Info - Licenses

Operations

product-attribution-report-controller

Operations