SCA API 2.0

Mend API (2.0)

Mend's enhanced SCA API enables automation of workflows in a REST compliant format. The API features:

Access for any user with Mend credentials, via a user key available in the user's profile page in the Mend App.
Improved security with a JWT token per organization, which expires every 30 minutes.
Added scalability with support for pagination, filtering and sorting search results.
Broader functionality available programmatically.
New standard API documentation for easy navigation and search.

If you have a dedicated instance of Mend, contact your Mend representative to access this API on your instance.

Download OpenAPI description

2.0.json

2.0.yaml

Servers

Generated server url

https://api-saas.mend.io/

Entities - Project

Operations

Policies - Project

Operations

CustomAttribute - Project

Operations

Alerts - Project

Operations

project-attribution-report-controller

Operations

application-violations-controller

Operations

Policies - Product

Operations

CustomAttribute - Product

Operations

Entities - Product

Operations

Settings - Whitelist

Operations

Settings - In-House

Operations

Policies - Organization

Operations

CustomAttribute - Organization

Operations

User Management - Groups

Operations

Entities - Organization

Operations

User Profile

Operations

Get All User Keys

Request

Returns a list of existing user-keys for the current user. These keys are included in all API requests to identify the user

Security

bearer-key

Query

pageSizestring<= 10000

Enter the number of items to return in each page of the result.

Default "50"

pagestring

Enter the page number to display in the result. Page numbers start at 0

Default "0"

No request payload

Responses

Bodyapplication/json

additionalDataobject(Provides insights into endpoint-supported pagination information.)

totalItems: The total count of data points returned in an API response.
isLastPage: Defines whether the current page represents the conclusion of the API response. When “true”, this signifies you are viewing the last page of the API response. When “false”, this indicates there are further pages remaining.

Example: {"totalItems":"422","isLastPage":"true"}

supportTokenstring(Support Token)

Example: "1171c60d"

retValArray of objects(UserKeyDTO)

Response

application/json

{
  "additionalData": {
    "totalItems": "422",
    "isLastPage": "true"
  },
  "supportToken": "1171c60d",
  "retVal": [
    { … }
  ]
}

Generate User Key

Request

Generates a user-key for the current user. User-keys are included in all api requests to identify the user

Security

bearer-key

Bodyapplication/jsonrequired

descriptionstring(UserToken Description)

Example: "Token A"

application/json

{
  "description": "Token A"
}

Responses

Bodyapplication/json

supportTokenstring(Support Token)

Example: "1171c60d"

retValobject(UserKeyDTO)

Response

application/json

{
  "supportToken": "1171c60d",
  "retVal": {
    "userUuid": "123e4567-e89b-12d3-a456-426655440000",
    "userKey": "8d541c7d782e4b7891ebf61e864f76cb9af75f17d4394b109f1155e88f3e86bd",
    "createdAt": "2019-08-24T14:15:22Z",
    "lastUsedAt": "2019-08-24T14:15:22Z",
    "description": "Token A",
    "expirationDate": "2019-08-24T14:15:22Z"
  }
}

Delete User Key

Request

Deletes a user-key

Security

bearer-key

Path

userKeystringrequired

No request payload

Responses

Bodyapplication/json

supportTokenstring(Support Token)

Example: "1171c60d"

retValobject(MessageDTO)

Response

application/json

{
  "supportToken": "1171c60d",
  "retVal": {
    "message": "Success!"
  }
}

Library - Product

Operations

User Management - Users

Operations

Update Request

Operations

Library - Organization

Operations

Access Management - Organizations

Operations

Access Management

Operations

General Info - Vulnerabilities

Operations

Library - Source Files

Operations

User Management - Roles And Permissions

Operations

Library - Project

Operations

Alerts - Product

Operations

General Info - Permissions

Operations

Vulnerable Libraries

Operations

Summary - Organization

Operations

Asynchronous Process Control

Operations

General Info - Licenses

Operations

product-attribution-report-controller

Operations

Mend API (2.0)

Entities - Project

Policies - Project

CustomAttribute - Project

Alerts - Project

project-attribution-report-controller

application-violations-controller

Policies - Product

CustomAttribute - Product

Entities - Product

Settings - Whitelist

Settings - In-House

Policies - Organization

CustomAttribute - Organization

User Management - Groups

Entities - Organization

User Profile

Get All User Keys

Request

Responses

Was this helpful?

Generate User Key

Request

Responses

Was this helpful?

Delete User Key

Request

Responses

Was this helpful?

Library - Product

User Management - Users

Update Request

Library - Organization

Access Management - Organizations

Access Management

General Info - Vulnerabilities

Library - Source Files

User Management - Roles And Permissions

Library - Project

Alerts - Product

General Info - Permissions

Vulnerable Libraries

Summary - Organization

Asynchronous Process Control

General Info - Licenses

product-attribution-report-controller