ASMS API reference
AlgoSec Security Management Suite offers access to many features via web services, which are APIs that can be accessed and executed over the network. Web service APIs enable you to perform remote operations in ASMS without using the product interface directly.
Web service APIs are supported via REST for AFA, FireFlow, and AppViz, and via SOAP for AFA and FireFlow. In general, REST services are more advanced and are recommended for use over SOAP.
ASMS Swagger documentation
ASMS provides a set of Swagger API documentation, available from inside ASMS.
Swagger enables you to execute API request calls and access lists of request parameters. Access the ASMS Swagger API documentation using one of the following methods:
From inside ASMS |
From AFA, FireFlow, or AppViz, do the following:
|
Directly from your browser |
Log in to ASMS, and navigate to https://<ASMS IP address>/algosec/swagger/swagger-ui.html. |
In Swagger, select the spec for the APIs you want to view from the drop-down at the top-right.
Watch a quick tour of our Swagger here.
ASMS API Documentation reference
Both REST and SOAP APIs are also documented in the Tech Docs. For details, see:
- AFA REST web services
- AFA SOAP web services
- FireFlow REST web services
- FireFlow SOAP web services
- AppViz REST web services
Authenticating via API
Each set of APIs has it's own authentication requests.
If you are not already logged in to ASMS, make sure to use the REST or SOAP authentication APIs specific for AFA, FireFlow, or AppViz before any additional APIs. For details, see:
AFA authentication APIs |
REST: Login and logout APIs SOAP: Managing the Session |
FireFlow authentication APIs |
REST: Authenticating SOAP: Managing the Session |
AppViz authentication APIs | REST: Logging In |
Device names in the ASMS APIs
ASMS API parameter names and descriptions use the following terms to refer to devices managed by ASMS:
|
The device's name, as displayed in the UI, both at the bottom level of the device tree, and in other ASMS pages and reports. This name is not necessarily unique, and is therefore not recommended for use via API. |
|
A name for the device that includes an aggregated string of the device's name and the name of any parent or grandparent devices. This name is not displayed in the ASMS UI. It must be returned from the database by API. Use the device-setup-controller API (use the "name" parameter in the response):
Since this name includes the tree hierarchy, it is used as the unique system device. |