LogoLogo
WebsitePricingBlog
  • Debricked Documentation
  • Overview
    • Getting started
      • Create a OpenText Core SCA account
      • Running OpenText Core SCA
    • Help
      • Frequently asked questions (FAQ)
      • Upgrade your account
      • Get help in OpenText Core SCA tool
    • Language support
      • C# - Nuget, Paket
      • CycloneDX SBOM
      • Go - Go Modules, Go Dep, Bazel
      • Java & Kotlin - Gradle, Maven, Bazel
      • JavaScript - NPM, Yarn, Bower
      • Objective-C - CocoaPods
      • PHP - Composer
      • Python - Pip, Pipenv
      • Ruby - RubyGems
      • Rust - Cargo
      • Swift - CocoaPods
      • Linux package managers
      • Scala - SBT
    • Security overview
  • Product
    • Vulnerability management
      • Security terms
      • Data sources
      • See your data
      • Pull Requests (PR)
        • Enable Pull Request support
        • Solve vulnerabilities using Pull Requests (PR)
        • Solve vulnerabilities using Pull Requests (PR) via API
      • Set a review status
        • Snooze or pause a review status
      • Reachability Analysis
        • Set up Reachability Analysis for Java
        • Set up Reachability Analysis for Go
      • Solve vulnerabilities manually with root fixes
    • License risk management
      • Licence families
      • License risks
      • Set up a use case
        • Set up a use case using API
      • Proxy non-standard license identifiers
    • Project health
      • Contributors
      • Popularity
      • Security
    • Open source select
      • Search projects
      • Compare projects
      • View more details
      • Start left policies
      • OpenText Core SCA Select Browser Extension
      • End of Life (EOL)
    • Automation
      • Create an automation rule
      • Edit an automation rule
      • Default automation rules
      • Set up webhooks
      • Policies
      • Monitoring
    • Exporting or SBOM
      • Overview
      • License export
      • Vulnerability export
      • SBOM export
        • CycloneDX SBOM export
        • SPDX SBOM export
    • Administration
      • Generate access token
      • Account
        • Change your password
        • Delete your account
        • Delete company account
      • Billing
        • Manage contributing developers
        • Manage billing frequency
        • Manage payment methods
        • Access invoices
        • Manage your subscription
      • Settings
        • Enable and disable snoozing vulnerabilities
        • Supported language for Debricked tool
        • View logged events
        • Two-Factor Authentication (2FA)
      • Users
        • User roles (freemium and premium)
        • Role-Based Access Control (Enterprise)
        • Manage users
          • Add a new user
      • Repositories
        • Default Branch
        • Repository groups
        • Manually upload a dependency file
        • Manage your commits
  • Tools & Integrations
    • Command Line Interface (CLI)
      • Debricked CLI
        • High performance scans
        • File fingerprinting
      • Legacy CLI
    • CI/CD integrations
      • GitHub
      • CircleCI
      • BuildKite
      • GitLab
      • Bitbucket
      • Azure DevOps
      • Argo workflows
      • Travis CI
      • Jenkins
      • Bamboo
      • TeamCity
    • Fortify on Demand (FoD)
    • Fortify Software Security Center (SSC)
    • Debricked APIs
      • Open source select API
    • Integrated Development Environments (IDEs)
    • Single Sign-On (SSO)
      • Single Sign-On (SSO) through Okta
      • Single Sign-On (SSO) through Microsoft Entra ID
      • Single Sign-On (SSO) through JumpCloud OIDC
      • Single Sign-On (SSO) through GitHub
  • Tips & Tricks
    • Debricked CLI migration guide
    • Workarounds
      • Scanning Conan (C++) projects
      • Scanning a repository with different services
      • Scanning Docker images
      • Automations: Do not fail on found CVE lacking a fix
Powered by GitBook
LogoLogo

Company

  • Pricing
  • Blog

Support

  • Privacy Policy
  • Terms & Conditions
  • Service Status

Resources

  • Vulnerability DB
  • Open Source Select

© 2018-2024 | Open Text

On this page
  • Important API resources
  • Authentication
  • Using tokens
  • API rate limits
  • Mastering Debricked's CLI and API - webinar recording

Was this helpful?

Export as PDF
  1. Tools & Integrations

Debricked APIs

Expand your use of Debricked with the help of APIs.

Last updated 2 months ago

Was this helpful?

Debricked is an API-first service, allowing for all actions inside the UI to be scripted. This allows you to integrate Debricked service into your code, CI pipelines, and more.

All users with the role with the API access scope have access to Debricked open API. This is also the API used by the .

Important API resources

  • Base URL for API: https://debricked.com/api

  • Current version URL: https://debricked.com/api/1.0

Authentication

The API uses JWT-tokens for authentication.

Generate JWT-Tokens using your username and password

In order to get a JWT-token you need to provide your username and password to: https://debricked.com/api/login_check

Using curl, the call would look like this:

curl https://debricked.com/api/login_check -d _username=YOUR_USERNAME -d _password=YOUR_PASSWORD

If successful, the response will contain your token:

{"token":"YOUR_VERY_LONG_TOKEN"}

Note: In case your username and/or password contains special characters, you need to url encode and surround it by quotes to ensure that it works as expected. See example:

curl https://debricked.com/api/login_check --data-urlencode '_username=email+extra@domain.com' --data-urlencode '_password=password&'

Generate JWT-Tokens using a long-lived access token

If you have added an access token, you can use it to get a short-lived JWT token by sending the access token to:

https://debricked.com/api/login_refresh

Using curl the call would look like this:

curl https://debricked.com/api/login_refresh -d refresh_token=YOUR_ACCESS_TOKEN

Using tokens

Keep in mind that the long-lived access token, and the short-lived JWT-token are different tokens! You must always exchange your access token for a JWT-token to use the API.

The JWT-token has a lifetime of about an hour. If the JWT-token is invalid (e.g. if it has expired) a 401 status code will be returned. You should therefore implement a way of automatically getting a new token every time you receive a 401 status code from any API call.

When you have your token you need to pass it to the Authorization HTTP header with the value Bearer YOUR_VERY_LONG_TOKEN on each API call.

For example, using curl:

curl -H 'Authorization: Bearer YOUR_VERY_LONG_TOKEN' https://debricked.com/api/the_api_endpoint

API rate limits

The following rate limits apply:

  • No account: 100 requests per hour (only applies for the Open Source Select API)

  • Free account: 500 requests per hour per code contributor (up to a maximum of 5 000 requests per hour)

  • Premium/Enterprise account: 5000 requests per hour per code contributor

If you require a higher rate limit, please contact the sales team.

Mastering Debricked's CLI and API - webinar recording

Check out our latest training webinar and learn the basics of working with Debricked CLI and API:

Debricked CLI
Open API reference/Sandbox
Open API reference/Sandbox, JSON format