XML API 1.1 Request and Response Examples¶
Overview¶
The XML API, like most any web based api, accepts http POSTs with specific XML requests in and produces XML responses. The requests and responses are detailed below. The sync-id is an integer you provide to allow the NeXpose console to keep track of the uniqueness of each request. It is often not requred but will be useful on a tool that is actively communicating via the API.
- XML API 1.1 Request and Response Examples
- Overview
- Account
- Login
- Logout
- Scan Engine
- Site
- SiteListing
- Report
- Assets
- Device
Account¶
Login¶
| request | |
The sync-id will ensure that only a single session is opened in the case that the request is somehow sent more than once. |
| response | |
The response provides a session-id. Make sure you capture this as all future requests made in this session will have to be accompanied by the session-id. Success is a 1, anything else is a 0 |
Logout¶
| request | |
The obvious critical bit here is the session-id. The sync-id doesn't seem to be terribly useful in this case but may keep the console from spending cycles on worthless activity. |
| response | |
Success is a 1, anything else is a 0 |
Scan Engine¶
Site¶
SiteListing¶
| request | |
The obvious critical bit here is the session-id. The sync-id will keep the console from generating the site listing in the case that the request is sent more than once. |
| response | |
SiteSummary is defined in the XML schema files but basically breaks down like this: id: the console assigned number for the site name: the user assigned name for the site description: may be populated by the user riskfactor: overall site importance riskscore: cumulative value of the risk associated with the site's devices Success is a 1, anything else is a 0 |