API overview

Browse the Open API documentation

• https://public.vulnerablecode.io/api/docs/ for documentation with Swagger

• https://public.vulnerablecode.io/api/schema/ for the OpenAPI schema

Enable the API key authentication

There is a setting VULNERABLECODEIO_REQUIRE_AUTHENTICATION for this. Use it this way:

$ VULNERABLECODEIO_REQUIRE_AUTHENTICATION=1 make run

Create an API key-only user

This can be done in the admin and from the command line:

$ ./manage.py create_api_user --email "p4@nexb.com" --first-name="Phil" --last-name "Goel"
User p4@nexb.com created with API key: ce8616b929d2adsddd6146346c2f26536423423491

Access the API using curl

curl -X GET -H ‘Authorization: Token <YOUR TOKEN>’ https://public.vulnerablecode.io/api/

API endpoints

There are two primary endpoints:

• packages/: this is the main endpoint where you can lookup vulnerabilities by package.

• vulnerabilities/: to lookup by vulnerabilities

And two secondary endpoints, used to query vulnerability aliases (such as CVEs) and vulnerability by CPEs: cpes/ and aliases/