This section provides an overview of the Phoenix REST API and list to dedicated articles covering different aspects of the API.
Authentication
In order to access the REST API, users have to generate a set of API ID/Secret to authenticate against the API and obtain a temporary access token.
The id/secret pair is only used to obtain access tokens; all other access to the API endpoints is authenticated using the temporary access tokens.
Here you can read more about how to create API id/secret pairs and use them to obtain access tokens.
Response HTTP Codes
Requests to the REST API will receive a response with one of the following status codes.
Status Code | Verbs | Meaning | Suggested Action |
---|---|---|---|
200 OK | GET | The request succeeded and the response body contains the result of the request in JSON format. | You can use the results of the request. |
201 Created | POST, PUT | The new item was created successfully. | |
204 No Content | DELETE | The item was successfully deleted; the response doesn’t contain any further information. | |
401 Unauthorized | All | The access token sent with the request is wrong or has expired. | Obtain a new access token and retry the request. |
404 Not Found | GET | The items accessed by the request doesn’t exist – or the API credentials don’t have access to it. | If the item ID was returned by another API endpoint, contact support with details. |
500 Internal Error | All | There was a problem executing your request. This is a rare response and should not happen normally; however, clients should be ready to handle it. | The problem might be transient or permanent. Clients are advised not to retry indefinitely. |
503 Service Unavailable | All | This error means that the API service is not reachable at this point in time, but it’s likely to become available shortly. | Clients are advised to retry, for a limited number of times, if that suits their flow. |
Importing with the REST API
Phoenix REST API offers its users the ability to directly import scanner reports into their accounts. The API supports a whole range of scanner-native report formats.
In order to learn the details of how to import vulnerability reports through the API please see our article about importing scan reports with the REST API.