Endpoint Access
Access the Warden API through this endpoint: https://api.horangi.com/v1/cspm
Header Authorization
Put the API key in the header of the request with the case sensitive header name `x-api-key`
Example:
x-api-key: API_KEY_VALUE
Follow the instructions on Managing Warden API Keys to generate a new API key.
Endpoints
POST /vm/update
This endpoint will update the status and/or the severity of one or more FAIL checks, along with the remarks/user comments.
Please take note that only checks with FAIL result can have their status/severity updated. Checks with PASS result will not be affected.
Body
Request Parameter |
Type |
Required |
Description |
status |
String |
Yes |
New status value to be assigned to the checks with IDs specified in the request. Status is only applicable for checks with "Fail" result Valid values:
|
status_remarks |
String |
Yes |
User remarks for audit purposes to accompany the status update. Maximum limit of 2000 characters |
expires_at |
Date |
No |
YYYY-MM-DD Indicates the time duration where “risk_accepted” status will be applied to the checks. After the time has lapsed, the status will be changed automatically to “needs_review”. You cannot use “expires_at” for other status for example “open” or “false_positive” *expires_at is only applicable when “status” = “risk_accepted” |
severity |
String |
Yes |
New severity value to be assigned to the checks with IDs specified in the request. You can only change the severity of checks with “Fail” result. Valid values:
|
severity_remarks |
String |
Yes |
User remarks for audit purposes to accompany the status update. Maximum limit of 2000 characters |
ids |
Array |
Yes |
IDs of one or more checks to be updated following the status / severity specified in the request You can retrieve the IDs using cspm/checks API endpoint |
Sample Postman Request:
https://api.horangi.com/v1/cspm/vm/update
Sample Body:
{
"status": "risk_accepted",
"status_remarks": "Status updated via POST endpoint",
"expires_at": "2022-12-10",
"severity": "high",
"severity_remarks": "Severity updated via POST endpoint",
"ids": [
"001ca9fe-7f34-4a43-9d9c-7d543badd802",
"00dff8ea-3bd9-447b-ba57-2da616357238",
"01e1706e-969f-42f9-9d27-4a5971251972"
]
}
"status": "risk_accepted",
"status_remarks": "Status updated via POST endpoint",
"expires_at": "2022-12-10",
"severity": "high",
"severity_remarks": "Severity updated via POST endpoint",
"ids": [
"001ca9fe-7f34-4a43-9d9c-7d543badd802",
"00dff8ea-3bd9-447b-ba57-2da616357238",
"01e1706e-969f-42f9-9d27-4a5971251972"
Rate Limits
For each API key, the following rate limits apply
- 5000 requests per day
- 50 requests per second
A 429 error code will be returned if the rate limit is exceeded.
Errors
Error Code |
Description |
400 |
Invalid query parameters. |
401 |
API key not granted with the right permissions. |
403 |
Invalid API Key. |
404 |
Wrong resource path. |
405 |
Method not allowed. |
429 |
Throttling limits reached. |
500 |
Internal Server Error. |