The CxSAST API provides developers with the ability to create client scripts for working with CxSAST projects, code scans, and result reports.
API Architecture and Authentication
CxSAST provides a separate web service for each version of each CxSAST client (such as the web console, the IDE plugins, and this API). An additional Resolver web service performs the sole function of providing clients with the appropriate web service URL for the client. So, any API client script needs to access two CxSAST web services:
- First, the client should access the Resolver web service (class: CxWSResolver), and use its single method to submit the client type (a fixed value representing that it is an API client rather than one of the other CxSAST clients) and the API version for which the script was written. The web service then returns the SDK web service URL for the appropriate API.
- The client can then access the appropriate SDK web service (class: CxSDKWebService), as obtained from the Resolver. All subsequent CxSAST API methods will be to this SDK web service.
API sessions to the SDK web service must be initiated by using the login method, which returns a Session ID. This Session ID must be submitted in all subsequent methods.
API Method Responses and Error Handling
The response objects returned by API methods all include the following fields:
- .IsSuccesfull (boolean): Upon any error(s) resulting from the method, this field's value is set to false.
- .ErrorMessage (string): Upon any error(s) resulting from the method, the error is specified in this field.
- Additional method-specific fields are described with the methods, where relevant.