Secure Code Warrior DirectLinking API API Reference

Secure Code Warrior's Direct link API is a service to allows our partners to link directly to our content in the SCW microlearning content. We support standard API responses (where JSON data is returned) and also a redirection capability, allowing partners to redirect their users to content directly.

The main service endpoint resides GET /api/v1/trial

A typical request looks like this:

https://integration-api.securecodewarrior.com/api/v1/trial?Id=scw&MappingList=cwe&MappingKey=89&LanguageKey=java

To get your referred identifier please send a request to integration-partners@securecodewarrior.com

Version: 1.2.0

DirectLinking

DirectLinking

Get Trial Link

GET /api/v1/trial

This endpoint returns an object containing a URL that can be used to send a user to the Secure Code Warrior microlearning content.

Id

The referrer Identifier:

Please send a request to integration-partners@securecodewarrior.com to get your company specific id

type
string
in
query
MappingList

The vulnerability mapping list you want to use. If no mapping list is defined, the default mapping list based on the Secure Code Warrior vulnerability categories is used. For a complete list of all available mapping lists, use GET /api/v1/mapping-lists

type
string default
in
query
MappingKey

The specific vulnerability key. For a complete list of all available vulnerability keys, use GET /api/v1/mapping-lists/{slug}/items

type
string
in
query
LanguageKey

The specific language key. For a complete list of all available language keys, use GET /api/v1/language-keys

type
string
in
query
TenantId

EXPERIMENTAL, DO NOT USE: The installation/tenant ID for an integration.

type
string
in
query
IntegrationId

EXPERIMENTAL, DO NOT USE: The ID for an integration (partner).

type
string
in
query
IncludeGuidelineItemRefs

Flag to include guideline data in payload for endpoint, GET /api/v1/guidelines

type
boolean
in
query
redirect

If true, the user will be redirected to the Secure Code Warrior trial page. If false or empty, a JSON response is presented with the trial url, a name and the description.

type
boolean
in
query
200 OK
MappingResultResponse

Found micro-learning link

400 Bad Request

Bad Request

404 Not Found
InvalidRequest

No micro-learning link found

Response Content-Types: application/json
Response Example (200 OK) 
{
  "url": "https://portal.securecodewarrior.com/?#/contextual-microlearning/web/injection/sql",
  "name": "SQL Injection",
  "description": "string",
  "videos": [
    "https://media.securecodewarrior.com/SQL_Injections_V2.mp4"
  ],
  "links": [
    {
      "name": "OWASP SQL Injection",
      "url": "https://owasp.org/www-community/attacks/SQL_Injection",
      "description": "OWASP community page with comprehensive information about SQL injection, and links to various OWASP resources to help detect or prevent it.",
      "languageFrameworks": [
        {
          "language": {
            "key": "java",
            "displayName": "Java"
          },
          "framework": {
            "key": "spring",
            "displayName": "Spring"
          }
        }
      ]
    }
  ],
  "guidelineItems": [
    {
      "languageSlug": "java",
      "languageName": "Java",
      "frameworkSlug": "spring",
      "frameworkName": "Spring",
      "langs": [
        "en"
      ],
      "guidelineItemUrl": "/api/v1/guidelines/10000/java/spring",
      "hasDefaultContent": false
    }
  ]
}
Response Example (400 Bad Request) 
"object"
Response Example (404 Not Found) 
{
  "name": "ValidationError",
  "message": "Parameters validation error!",
  "code": 400
}
DirectLinking

Get Trial Link (Deprecated)

GET /partner

DEPRECATED - This endpoint returns an object containing a URL that can be used to send a user to the Secure Code Warrior microlearning content.

Id

A valid Partner Identifier

type
string
in
query
MappingKey

A valid mapping key related to the Partner Identifier

type
string
in
query
redirect

If true, the user will be redirected to the Secure Code Warrior trial page. If false or empty, a JSON response is presented with the trial url, a name and the description.

type
boolean
in
query
200 OK
LegacyMappingResult

Success

422 Unprocessable Entity
LegacyInvalidRequest

The key was not found or the Id is invalid If the key was not found you get an InvalidRequest object as result

Response Content-Types: application/json
Response Example (200 OK) 
{
  "url": "string",
  "name": "string",
  "description": "string"
}
Response Example (422 Unprocessable Entity) 
{
  "name": "ValidationError",
  "message": "Parameters validation error!",
  "code": 400,
  "type": "VALIDATION_ERROR",
  "data": [
    {
      "type": "required",
      "field": "mappingKey",
      "message": "The mappingKey field is required"
    }
  ]
}

Guidelines

Guidelines

Get Guideline Details

GET /api/v1/guidelines/{GuidelineId}/{LanguageSlug}/{FrameworkSlug}

Get the guideline details for a specific guideline id, language slug, and framework slug. NOTE: these URLs should be generated by requests to api/v1/trial, not constructed manually.

GuidelineId

ID of guideline to fetch

type
integer (int32)
in
path
LanguageSlug

Slug for programming language

type
string
in
path
FrameworkSlug

Slug for framework

type
string
in
path
PartnerId

Slug for framework

type
string
in
query
TenantId

Slug for framework

type
string
in
query
IntegrationId

Slug for framework

type
string
in
query
200 OK
GuidelineItemResponse

Success

404 Not Found

Message when resource is not found

Response Content-Types: text/plain, application/json, text/json
Response Example (200 OK) 
{
  "guidelineId": 10006,
  "languageSlug": "java",
  "frameworkSlug": "spring",
  "lang": "en",
  "title": "SQL Injection",
  "content": " Introduction, SQL injection is a type of attack that involves inserting malicious code into a SQL statement, via input fields in an application, in order to gain unauthorized access to or manipulate a database",
  "hasDefaultContent": false
}
Response Example (404 Not Found) 
"string"

LanguageKey

LanguageKey

Get Language Keys

GET /api/v1/language-keys

Get an overview of supported Language mappings

200 OK
LanguageKeyResponse

Success

Response Content-Types: text/plain, application/json, text/json
Response Example (200 OK) 
[
  {
    "languageKey": "string",
    "languageFramework": "string"
  }
]

MappingList

MappingList

Get Mapping Lists

GET /api/v1/mapping-lists

Get an overview of supported mapping lists

200 OK
MappingListResponse

Success

Response Content-Types: text/plain, application/json, text/json
Response Example (200 OK) 
[
  {
    "slug": "slug",
    "name": "Name",
    "links": "object"
  }
]
MappingList

Get Mapping List Items

GET /api/v1/mapping-lists/{slug}/items

Get the available mapping items for a specific mapping list

slug

(no description)

type
string
in
path
Page

Use this parameter to paginate the results (only positive numbers allowed)

type
integer (int32) , { x ∈ ℤ | 1 ≤ x ≤ 2147483647 }
in
query
200 OK
PagedMappingItemResponse

Success

404 Not Found
ProblemDetails

Not Found

Response Content-Types: text/plain, application/json, text/json
Response Example (200 OK) 
{
  "items": [
    {
      "mappingKey": "mapping_key",
      "name": "SQL Injection",
      "categorySlugs": [
        "string"
      ]
    }
  ],
  "metaData": {
    "pageCount": 3,
    "totalItemCount": 250,
    "pageNumber": 2,
    "pageSize": 100,
    "hasPreviousPage": true,
    "hasNextPage": true,
    "isFirstPage": false,
    "isLastPage": false,
    "firstItemOnPage": 101,
    "lastItemOnPage": 200
  }
}
Response Example (404 Not Found) 
{
  "type": "string",
  "title": "string",
  "status": "integer (int32)",
  "detail": "string",
  "instance": "string"
}

Schema Definitions

Framework: object

key: string

Programming language key

displayName: string

Programming language name

Example
{
  "key": "spring",
  "displayName": "Spring"
}

GuidelineItemRef: object

languageSlug: string

Programming language key

languageName: string

Programming language name

frameworkSlug: string

Language framework key

frameworkName: string

Language framework name

langs: string[]

List of language-codes supported for localisation of the guideline

guidelineItemUrl: string

Url to retrieve resource from guidelines endpoint

hasDefaultContent: boolean

Whether this guideline uses default content (typically pseudocode examples)

Example
{
  "languageSlug": "java",
  "languageName": "Java",
  "frameworkSlug": "spring",
  "frameworkName": "Spring",
  "langs": [
    "en"
  ],
  "guidelineItemUrl": "/api/v1/guidelines/10000/java/spring",
  "hasDefaultContent": false
}

GuidelineItemResponse: object

guidelineId: integer (int32)

Guideline resource id

languageSlug: string

Programming language key

frameworkSlug: string

Language framework key

lang: string

The language-code for the guideline

title: string

Title of guideline

content: string

Guideline in HTML

hasDefaultContent: boolean

Whether this guideline uses default content (typically pseudocode examples)

Example
{
  "guidelineId": 10006,
  "languageSlug": "java",
  "frameworkSlug": "spring",
  "lang": "en",
  "title": "SQL Injection",
  "content": " Introduction, SQL injection is a type of attack that involves inserting malicious code into a SQL statement, via input fields in an application, in order to gain unauthorized access to or manipulate a database",
  "hasDefaultContent": false
}

InvalidRequest: object

name: string
message: string
code: integer (int32)
Example
{
  "name": "ValidationError",
  "message": "Parameters validation error!",
  "code": 400
}

Language: object

key: string

Programming language key

displayName: string

Programming language name

Example
{
  "key": "java",
  "displayName": "Java"
}

LanguageFramework: object

language: Language
framework: Framework
Example
{
  "language": {
    "key": "java",
    "displayName": "Java"
  },
  "framework": {
    "key": "spring",
    "displayName": "Spring"
  }
}

LanguageKeyResponse: object

languageKey: string

The language key that can be used in the trial endpoint

languageFramework: string

The Secure Code Warrior Language and Framework that the key will map to

Example
{
  "languageKey": "string",
  "languageFramework": "string"
}

LegacyInvalidRequest: object

name: string
message: string
code: integer (int32)
type: string
data: object[]
Example
{
  "name": "ValidationError",
  "message": "Parameters validation error!",
  "code": 400,
  "type": "VALIDATION_ERROR",
  "data": [
    {
      "type": "required",
      "field": "mappingKey",
      "message": "The mappingKey field is required"
    }
  ]
}

LegacyMappingResult: object

url: string

The url that can be used to redirect a user to the Secure Code Warrior microlearning content

name: string

The name of the category used in the mappingKey query parameter

description: string

A description on the category used in the mappingKey query parameter

Example
{
  "url": "string",
  "name": "string",
  "description": "string"
}

MappingItemResponse: object

mappingKey: string

The mapping key that can be used in the trial endpoint

name: string

The name of the mapping key

categorySlugs: string[]

The category slugs associated with the mapping item

Example
{
  "mappingKey": "mapping_key",
  "name": "SQL Injection",
  "categorySlugs": [
    "string"
  ]
}

MappingListResponse: object

slug: string

A mapping list slug

name: string

The mapping list name

links: object
Example
{
  "slug": "slug",
  "name": "Name",
  "links": "object"
}

MappingResultResponse: object

url: string

The url that can be used to redirect a user to the Secure Code Warrior microlearning content

name: string

The name of the category used in the mappingKey query parameter

description: string

A description on the category used in the mappingKey query parameter

videos: string[]

A list of videos

links: object[]

A list of useful links

guidelineItems: object[]

A list of coding guideline items

Example
{
  "url": "https://portal.securecodewarrior.com/?#/contextual-microlearning/web/injection/sql",
  "name": "SQL Injection",
  "description": "string",
  "videos": [
    "https://media.securecodewarrior.com/SQL_Injections_V2.mp4"
  ],
  "links": [
    {
      "name": "OWASP SQL Injection",
      "url": "https://owasp.org/www-community/attacks/SQL_Injection",
      "description": "OWASP community page with comprehensive information about SQL injection, and links to various OWASP resources to help detect or prevent it.",
      "languageFrameworks": [
        {
          "language": {
            "key": "java",
            "displayName": "Java"
          },
          "framework": {
            "key": "spring",
            "displayName": "Spring"
          }
        }
      ]
    }
  ],
  "guidelineItems": [
    {
      "languageSlug": "java",
      "languageName": "Java",
      "frameworkSlug": "spring",
      "frameworkName": "Spring",
      "langs": [
        "en"
      ],
      "guidelineItemUrl": "/api/v1/guidelines/10000/java/spring",
      "hasDefaultContent": false
    }
  ]
}

PagedMappingItemResponse: object

items: object[]
metaData: PaginationMetaData
Example
{
  "items": [
    {
      "mappingKey": "mapping_key",
      "name": "SQL Injection",
      "categorySlugs": [
        "string"
      ]
    }
  ],
  "metaData": {
    "pageCount": 3,
    "totalItemCount": 250,
    "pageNumber": 2,
    "pageSize": 100,
    "hasPreviousPage": true,
    "hasNextPage": true,
    "isFirstPage": false,
    "isLastPage": false,
    "firstItemOnPage": 101,
    "lastItemOnPage": 200
  }
}

PaginationMetaData: object

pageCount: integer (int32)
totalItemCount: integer (int32)
pageNumber: integer (int32)
pageSize: integer (int32)
hasPreviousPage: boolean
hasNextPage: boolean
isFirstPage: boolean
isLastPage: boolean
firstItemOnPage: integer (int32)
lastItemOnPage: integer (int32)
Example
{
  "pageCount": 3,
  "totalItemCount": 250,
  "pageNumber": 2,
  "pageSize": 100,
  "hasPreviousPage": true,
  "hasNextPage": true,
  "isFirstPage": false,
  "isLastPage": false,
  "firstItemOnPage": 101,
  "lastItemOnPage": 200
}

ProblemDetails: object

type: string
title: string
status: integer (int32)
detail: string
instance: string
object
Example
{
  "type": "string",
  "title": "string",
  "status": "integer (int32)",
  "detail": "string",
  "instance": "string"
}

ValidationError: object

type: string
field: string
message: string
Example
{
  "type": "required",
  "field": "mappingKey",
  "message": "The mappingKey field is required"
}
Documentation by Spectacle