Warden API Endpoints

Endpoint Access

Access the Warden API through this endpoint: https://api.horangi.com


Header Authorization

Put the API key in the header of the request with the case sensitive header name `x-api-key`

Example:

x-api-key: API_KEY_VALUE

Follow the instructions on Managing Warden API Keys to generate a new API key.


Pagination

If the number of items being requested exceeds the page limit, the API response will include a url in `response.links.next`.

Performing a GET request on this URL will return the next page of items. Note that all query parameters are included in `page_cursor`, so you do not need to specify the same query parameters in subsequent paginated requests.

 

Endpoints

GET /checks

This endpoint returns the latest checks for a Storyfier Organization. The response is returned in JSON format.

Query Parameters


Query Parameter

Type

Required

Description

page_cursor

String

No

An opaque value embedded in the response field response.links.next. This is used to retrieve the next page of items.


Note that this parameter is ignored if there are other query parameters in the request. For example, /checks?page_cursor=xxx&filter_result=fail is the same as /checks?filter_result=fail.

page_limit

Integer

No

The maximum number of checks can be returned in one page.

Default: 500
Minimum: 1
Maximum: 1000

filter_result

String

No

A filter based on check.result.

Valid values:

  • pass
  • fail

filter_severity

String

No

A filter based on check.severity.

Valid values:

  • informational
  • low
  • medium
  • high
  • critical

sort

String

No

One or more (comma delimited) keys to sort the checks in descending order (the order of severity is critical, high, medium, low, informational). In the case of two keys, the order matters. For example, severity,created_at sorts the checks by severity first, then for checks of the same severity it sorts them by created_at in descending order.



Valid values: 

  • severity
  • created_at
  • severity,created_at
  • created_at,severity

Example curl commands:

# getting all latest checks 
curl --header "x-api-key:API_KEY_VALUE" https://api.horangi.com/checks
# getting all latest failed checks
curl --header "x-api-key:API_KEY_VALUE" https://api.horangi.com/checks?filter_result=fail
# getting all latest failed checks with critical severity
curl --header "x-api-key:API_KEY_VALUE" https://api.horangi.com/checks?filter_result=fail&filter_severity=critical
# getting all latest checks sorted by created_at then severity
curl --header "x-api-key:API_KEY_VALUE" https://api.horangi.com/checks?sort=created_at,severity

 

# getting all latest failed checks
curl --header "x-api-key:API_KEY_VALUE" https://api.horangi.com/checks?filter_result=fail

Query Response

Response Field

Type

Description

data.[x].id

uuid

The unique identifier for the item.

data.[x].type

String

The item type.

data.[x].attributes.scan_group_name

String

The name of the scan group that this check belongs to.

data.[x].attributes.scan_name

String

The name of the scan that this check belongs to.

data.[x].attributes.scan_target

String

The cloud account id of the scan that this check belongs to.

data.[x].attributes.resource_region

String

The cloud region where the resource of this check is located at.

data.[x].attributes.resource_id

String

The cloud native identifier for the resource of this check.

data.[x].attributes.resource_name

String

The name of the resource for this check.

data.[x].attributes.result

String

The result of this check.


Values:

  • pass
  • fail 

data.[x].attributes.severity

String

The final severity of this check if suppression is applied.


Values:

  • informational
  • low
  • medium
  • high
  • critical

data.[x].attributes.created_at

String

The time this check was created.

data.[x].attributes.title

String

The rule title of this check.

data.[x].attributes.original_severity

String

The original severity of this check before suppression is applied.


Values:

  • informational
  • low
  • medium
  • high
  • critical

data.[x].attributes.description

String

The description of the rule.

data.[x].attributes.implication

String

The impact of this check on the organization’s security posture. 

data.[x].attributes.recommendation

String

The proposed recommended steps for remediating this check.

data.[x].attributes.references

String

References (if any) to external documentation.

links.self

URL

the url that generates this response

links.next

URL

If not null, the url to be used to request the next page of items.

Rate Limits

For each API key, the following rate limits apply

  • 5000 requests per day
  • 50 requests per second

A 429 error code will be returned if the rate limit is exceeded.

Errors

Error Code

Description

400

Invalid query parameters.

401

API key not granted with the right permissions.

403

Invalid API Key.

404

Wrong resource path.

405

Method not allowed.

429

Throttling limits reached.

500

Internal Server Error.