Skip to main content

Access Control API

The Checkmarx Access Control API (CxAccessControl API) defines a set of resources which developers can use to perform actions (HTTP verbs such as GET, POST, PUT, PATCH, DELETE etc.) and receive result responses (usually as a JSON or xml, depending on the media / response type) via the HTTP protocol. Almost all requests for the Checkmarx Access Control API require authentication and authorization.

Versioning and Media Type

CxSAST is installed with the latest version (i.e., v=1.0) of the CxREST API. In order to use another version of the CxAccessControl API you will need to add ';v=<version>' to a media type header in the request. The media type header defined will depend on the request being used:

  • GET Request – Accept: application/json;v=1.0

The request should look similar to the following Postman example:

API_1.png
  • POST, PUT, PATCH and DELETE Requests – Content-Type: application/json;v=1.0

The request should look similar to the following Postman example:

API_2.png

The version returned will be in the Content-Type header. Not specifying the version at all will automatically apply the latest default version and may cause your script/code to break.

CxOrigin

In order to be compliant with an audit trail, you need to add 'cxOrigin=<request_origin>' to a media type header in the request, for example 'cxOrigin: cx-jenkins'.

The request looks similar to the following Postman example:

API_3.png

Specifying the origin ensures that all CxREST requests are logged to the audit trail with their original source. Not specifying the origin automatically applies the default origin, which means Other.

Navigate to Access Control (REST) API (v1.5 and up).