Skip to main content

Public API

API base URL

Escape's REST public API can be reached at https://api-public.prod.cloud.escape.tech

Authentication

API key

Pass your API via the Authorization header. You can find your API key in your Escape settings.

Basic example

export APPLICATION_ID=<YOUR APPLICATION ID>
export API_KEY=<YOUR API KEY>

curl -X POST \
-H "Authorization: Key $API_KEY" \
https://api-public.prod.cloud.escape.tech/applications/$APPLICATION_ID/start-scan

GET /organization/:organizationId/applications

Retrieve the list of applications bound to an organization

Request parameters

organizationId

The ID of the organization on Escape. It can be found on the organization section

Example response

[
{
"name": "Gontoz",
"id": "5d1b0249-a6fd-4d64-997a-99675ca6afac",
"url": "https://gontoz.escape.tech/graphql",
"createdAt": "2022-03-07T11:44:20.968Z",
"hasCI": true,
"cron": "0 3 * * *",
"scans": [
{
"id": "5d1b0249-a6fd-4d64-997a-99675ca6afac",
"status": "SUCCESS",
"createdAt": "2022-12-05T14:32:32.968Z",
"alertCounts": {
"HIGH": 10,
"MEDIUM": 7,
"LOW": 9,
"INFO": 3
},
"commitHash": "11fb1c9f83f371ca9c1e353ef9f16bc36934ab83",
"report": {
"letterScore": "F"
}
},
{
"id": "5d1b0249-a6fd-4d64-997a-99675ca6afac",
"status": "SUCCESS",
"createdAt": "2022-10-24T09:02:05.662Z",
"alertCounts": {
"HIGH": 1,
"MEDIUM": 8,
"LOW": 9,
"INFO": 2
},
"commitHash": "11fb1c9f83f371ca9c1e353ef9f16bc36934ab83",
"report": {
"letterScore": "F"
}
],
"lastSuccessfulScan": {
"id": "5d1b0249-a6fd-4d64-997a-99675ca6afac",
"createdAt": "2022-12-05T14:32:32.968Z",
"alertCounts": {
"HIGH": 10,
"MEDIUM": 7,
"LOW": 9,
"INFO": 3
},
"commitHash": "11fb1c9f83f371ca9c1e353ef9f16bc36934ab83",
"report": {
"letterScore": "F"
}
}
}
]

GET /scans/:scanId

Retrieve a specific scan and its results

Request parameters

scanId

The ID of the scan on Escape.

Example response

{
"id": "5d1b0249-a6fd-4d64-997a-99675ca6afac",
"status": "SUCCESS",
"createdAt": "2022-12-05T14:32:32.968Z",
"score": 0.009737885064620144,
"completionRatio": 1,
"commitHash": "11fb1c9f83f371ca9c1e353ef9f16bc36934ab83",
"application": {
"id": "5d1b0249-a6fd-4d64-997a-99675ca6afac",
"createdAt": "2022-03-07T11:44:20.968Z",
"engine": "Ariadne",
"manuallySetEngine": null,
"name": "Gontoz",
"updatedAt": "2022-12-15T14:42:23.275Z",
"activeIntrospection": {
"id": "5d1b0249-a6fd-4d64-997a-99675ca6afac",
"applicationId": "5d1b0249-a6fd-4d64-997a-99675ca6afac",
"createdAt": "2022-08-05T07:42:54.562Z"
}
},
"configuration": {
"applicationId": "5d1b0249-a6fd-4d64-997a-99675ca6afac",
"content": {
"auth": {
"schema1": {
"tech": "manual"
}
},
"users": {
"user0": {
"auth": "schema1",
"headers": {
"hello": "world"
}
}
},
"checks": {},
"params": {
"environment_mode": "dev"
}
},
"createdAt": "2022-08-08T10:32:37.140Z",
"isAuthenticationValid": true,
"isConfigurationValid": true,
"readWrite": true,
"updatedAt": "2022-08-08T10:32:37.140Z",
"applicationUsers": [
{
"headerName": "hello",
"headerValue": "world",
"name": "user0"
}
]
},
"alerts": [
{
"id": "99679d55-b4f5-4edb-b558-4c1cefda870c",
"status": "NO_STATUS",
"severity": "HIGH",
"tags": [],
"securityTestUid": "injection/xxe"
},
...,
]
}

POST /application/:applicationId/start-scan

Start a new scan for the given application.

Request body parameters

You can pass additional parameters via the request body.

configurationOverride string

See the configuration override section.

commitHash string

See the commit identification section.

introspection string

The stringified JSON introspection. See the introspection update section.