Postman
Download Postman
Download Postman from here. You can also use Postman on the web.
Download the Endor Labs OpenAPI json
Go to Endor Labs API Reference and click the download button to download the Endor Labs OpenAPI json file, openapi.json
.
Import Endor Labs API json file in Postman
- Open the Postman application.
- Click Import and select the downloaded
openapi.json
file. - Select OpenAPI 3.0 with Postman Collection and click Import.
Endor REST API collection is added to your workspace. It may take a couple of minutes to load the entire collection because of the size.
Configure Endor REST API collection
To use the Endor Labs APIs effectively with Postman you need to set the appropriate variables and configure authentication.
Before you proceed further, get your API Key and API Secret from the Endor Labs UI or endorctl. See REST API authentication for more information.
Endor Labs APIs require a bearer token, which is obtained from the CreateAPIReq
endpoint. You need to add a pre-request script to obtain this token in the collection. The pre-request script runs when you initiate an API request and fetches the bearer token to be used in your API request.
The pre-request script also adds the following headers to the request:
'Content-Type': 'application/jsoncompact'
'Accept-Encoding': 'gzip, deflate, br, zstd'
We recommend that you create a new environment in Postman to run the APIs. You can save your variables in the environment and not the collection so that secrets are not exposed if you want to export and share the collection. You can also save the variables in the collection and modify the pre-request script to run the APIs without creating an environment.
Create an environment in Postman
- Click Environments in left navigation menu.
- Click Create New Environment.
- Enter a name for your environment.
Configure variables in the environment
- Click Environments in left navigation menu.
- Select your Endor Labs API environment.
- Create a variable with the name,
baseUrl
and enterhttps://api.endorlabs.com
as the value. - Create the following variables with information that your API Key and API Secret.
apiKey
: Your API keyapiSecret
: Your API secret
- Create a variable with the name,
bearerToken
and leave it as empty. - Save the changes.
Configure authentication in the Endor REST API collection
- Select Endor REST API collection and select the Authentication tab.
- Select Bearer Token as the Auth Type.
- Enter
{{bearerToken}}
in the Bearer Token field. - Save the changes.
Add the pre-request script to the Endor REST API collection
-
Select Endor REST API collection and select the Scripts tab.
-
Select Pre-request.
-
Enter the following JavaScript code as the pre-request script.
const getTokenEndpoint = pm.environment.get("baseUrl") + '/v1/auth/api-key'; const apiKey = pm.environment.get("apiKey"); const apiSecret = pm.environment.get("apiSecret"); const requestOptions = { method: 'POST', url: getTokenEndpoint, header: { 'Content-Type': 'application/jsoncompact', 'Accept-Encoding': 'gzip, deflate, br, zstd' }, body: { mode: 'raw', raw: JSON.stringify({ "key": apiKey, "secret": apiSecret }) } }; pm.sendRequest(requestOptions, function(err, response) { if (err) { console.log(err); } else { const jsonResponse = response.json(); pm.environment.set("bearerToken", jsonResponse.token); // Set headers for the main request pm.request.headers.add({ key: 'Content-Type', value: 'application/jsoncompact' }); pm.request.headers.add({ key: 'Accept-Encoding', value: 'gzip, deflate, br, zstd' }); } });
-
Save the changes.
Run Endor Labs API from Postman
- Click Collections in the left navigation menu.
- Expand Endor REST API collection and select the API that you want to run.
- Configure the parameters in the Params tab.
- Select the Endor Labs API environment from the Environments drop-down list.
- Enter the name of your namespace in the
:tenant_meta.namespace
or:target_namespace
if your API request applies to a namespace. - Click Send to send the API request.
Customize and share Postman collection
You can configure parameters for multiple APIs according to your requirements, save the collection, and share the collection to quickly distribute API requests tailored for your organization.
For example, you might want to create multiple collections that apply to different namespaces and use different parameters for the namespaces. You can customize the parameters for each use case and export the collection for distribution in your development team.
Endor Labs API with Postman: An Example
Consider a scenario where you need to fetch findings that have a CVSS score of more than 9.7.
You need to run the ListFindings
API, which is available under Endor REST API > V1 > Namespaces > {tenant_meta.namespace} > findings
in the collection.
In the Params tab, select only list_parameters.filter
as the key and enter spec.finding_metadata.vulnerability.spec.cvss_v3_severity.score > 9.7
as the value.
Replace :tenant_meta.namespace
with the name of your namespace and click Send.
The response contains the list of findings that are vulnerabilities with CVSS score greater than 9.7.
Feedback
Was this page helpful?
Thanks for the feedback. Write to us at support@endor.ai to tell us more.
Thanks for the feedback. Write to us at support@endor.ai to tell us more.