Accessing the Public API through Postman
This article reviews how to use Postman in order to query Secureworks® Taegis™ VDR’s Public API and get a list of vulnerabilities matching a certain query criteria.
If you need to consume VDR’s public OpenAPI-compatible API with Postman, this article will guide you through the steps necessary to configure the Postman desktop application to access VDR’s data through OAUTH2 authentication mechanism.
Create a Public API Client in VDR ⫘
Follow the instructions found at Creating Public API Clients.
Tip
For Postman, use https://www.getpostman.com/oauth2/callback as a redirect URI. This path also needs to be included/updated also in the VDR Public API account Redirect URI property.
Configure Postman and Get a Request Token from the Previously Obtained Authorization Token ⫘
-
Start Postman and select the Import button.
-
Postman will ask for an API definition file. Direct it to your instance's API definition file, located at
https://<INSTANCE>.vdr.secureworks.com/api/v2/spec/openapi-2.0.json
Postman Import
- Once the API instance has been added to Postman, it will be present in the left panel under the name that was given at import time. You can then right-click on the API instance and choose Edit from the dropdown menu to configure the API authentication mechanisms.
Edit API Instance in Postman
- From the Edit Collection window that appears, navigate to the Authorization section.
API Instance Authorization in Postman
- From the Type dropdown in the left side of the window, choose OAuth 2.0 to have the token value on the right.
Choosing OAuth 2.0
- In the right pane, select the Get New Access Token button, and use the following parameters to fill in the missing info:
-
Token Name — Choose a name for this token
-
Grant Type — Authorization Code
-
Callback URL —
https://www.getpostman.com/oauth2/callback -
Auth URL —
https://<YOUR_INSTANCE>.vdr.secureworks.com/auth/oauth2/authorize -
Access Token URL —
https://<YOUR_INSTANCE>.vdr.secureworks.com/auth/oauth2/token -
Client ID — The
<CLIENT_ID>received previously -
Client Secret — The
<CLIENT_SECRET>received previously -
Scope —
read_onlyORfull_access(should match what you used in the Client ID creation interface) -
State — Leave empty
-
Client Authentication — Send client credentials in body
Get New Access Token
-
Once you select the Request Token button, you will be redirected to VDR’s login page. Enter the applicative user’s login information and grant access to the API user.
-
Once the authorization has been given, you will be redirected to a confirmation screen that shows the token characteristics.
-
Select Use Token to be redirected to the Edit Collection menu where the token will now be visible on the right part of the screen.
Important
Make sure to select the right token in the Access Token field, otherwise your requests might be denied with a 400 error.
Edit Collection
-
After selecting Update, the collection that was previously created can now run the requests through the API.
-
Navigate in the collection to the request of your choosing, and use the Send button to see Postman execute the API request and get the response.
Execute API Request