Security scores API

You're viewing Apigee X documentation.
View Apigee Edge documentation.

In addition to viewing Security scores in the Apigee UI, you can also access them through the Apigee API.

The following sections give examples of using the Security Scores API and Profiles API.

Attach an environment to the default profile

To view security scores, you need to attach a profile to the environment whose security you want to evaluate. To attach the default security profile, use the following command:

curl "https://apigee.googleapis.com/v1/organizations/ORG/securityProfiles/default" \
       -X POST -d '{"name": "ENV", "securityProfileRevisionId": 1}' \
       -H 'Content-type: application/json' \
       -H "Authorization: Bearer $TOKEN"

Get scores for an environment attached to the default security profile

To get the scores for an environment, enter the following command:

curl "apigee.googleapis.com/v1/organizations/ORG/securityProfiles/default/environments/ENV:computeEnvironmentScores" \
       -H 'Content-type: application/json' \
       -H "Authorization: Bearer $TOKEN"

Get the default security profile definition

To get the definition of the default security profile, enter the following command:

curl apigee.googleapis.com/v1/organizations/ORG/securityProfiles/default" \
       -H 'Content-type: application/json' \
       -H "Authorization: Bearer $TOKEN"

Detach an environment from the default profile

If you need to detach an environment from the default profile, you can do so as follows:

curl "apigee.googleapis.com/v1/organizations/ORG/securityProfiles/default/environments/ENV" \
       -X DELETE -H 'Content-type: application/json' \
       -H "Authorization: Bearer $TOKEN"

Limitations on security scores

Security scores have the following limitations:

  • Proxies with no policies don't show up in the proxy assessment and don't impact the score.
  • Currently, the supported input fields in JSON are:
    • "timeRange" - Time range for score calculation is at most 14 days.
    • "filters" - Filter scores by component paths. See Filters supported in the API.
    • "pageSize" - Maximum number of subcomponents to be returned in a single page (Max = 100).
  • Multiple input filters are not supported.
  • Impact field in response is not supported. (Impact field is the potential impact of this recommendation on the overall score. This denotes how important this recommendation is to improve the score.)

Filters supported in the API

The following table lists the filters that are supported in the API, and their component paths. In the component paths, replace the variables as follows:

  • ORG: Your organization.
  • ENV: The environment in which you are viewing the scores.
  • PROXY_NAME: The name of the proxy.
Filter Component path
Environment scores /org@ORG/envgroup@$envgroup/env@ENV
Source scores all underlying components /org@ORG/envgroup@$envgroup/env@ENV/source
Abuse scores /org@ORG/envgroup@$envgroup/env@ENV/source/abuse
Scores for all proxies /org@ORG/envgroup@$envgroup/env@ENV/proxies
Scores for specific proxy /org@ORG/envgroup@$envgroup/env@ENV/proxies/proxy@PROXY_NAME
Policy scores for specific proxy
  • /org@ORG/envgroup@$envgroup/env@ENV/proxies/proxy@PROXY_NAME/policies
  • /org@ORG/envgroup@$envgroup/env@ENV/proxies/proxy@PROXY_NAME/policies/individual
Mediation policy scores for specific proxy /org@ORG/envgroup@$envgroup/env@ENV/proxies/proxy@PROXY_NAME/policies/individual/mediation
Security policy scores for specific proxy /org@ORG/envgroup@$envgroup/env@ENV/proxies/proxy@PROXY_NAME/policies/individual/security
Auth policy scores for specific proxy /org@ORG/envgroup@$envgroup/env@ENV/proxies/proxy@PROXY_NAME/policies/individual/security/auth
CORS policy score for specific proxy /org@ORG/envgroup@$envgroup/env@ENV/proxies/proxy@PROXY_NAME/policies/individual/security/cors
Threat policy scores for specific proxy /org@ORG/envgroup@$envgroup/env@ENV/proxies/proxy@PROXY_NAME/policies/individual/security/threat
Policy scores for all proxies in the env
  • /org@ORG/envgroup@$envgroup/env@ENV/proxies/proxy@$proxy/policies
  • /org@ORG/envgroup@$envgroup/env@ENV/proxies/proxy@$proxy/policies/individual
Mediation policy scores for all proxies in the env /org@ORG/envgroup@$envgroup/env@ENV/proxies/proxy@$proxy/policies/individual/mediation
Security policy scores for all proxies in the env /org@ORG/envgroup@$envgroup/env@ENV/proxies/proxy@$proxy/policies/individual/security
Auth policy scores for all proxies in the env /org@ORG/envgroup@$envgroup/env@ENV/proxies/proxy@$proxy/policies/individual/security/auth
CORS policy scores for all proxies in the env /org@ORG/envgroup@$envgroup/env@ENV/proxies/proxy@$proxy/policies/individual/security/cors
Threat policy scores for all proxies in the env /org@ORG/envgroup@$envgroup/env@ENV/proxies/proxy@$proxy/policies/individual/security/threat