RESTful API Access

Important:The product name for this user guide has changed from Foundation and Cloudscape to Business Service Discovery and Migration Planning. Previous UI pages known as Foundation have changed to Business Service Discovery. Previous UI pages known as CloudScape have changed to Migration Planning.

RISC Networks RESTful API service provides access to data collected and generated through a RISC Networks engagement. Due to the different format and use cases, the data made available through the API may be grouped differently when compared to the RISC Networks SaaS platform.

Access to the API requires the use of an API key. The API key may be requested from the Subscription Administration page by the subscription administrator on the RISC Networks portal. If a code has already been requested, it will be displayed on that page. If you are not the administrator but have the subscription code, you may enter the code on that page to get a list of the administrator(s).

Use of the API also requires an assessment code. This is the code which was used to bootstrap your assessment's RN150. Assessment codes for assessments on a given subscription are visible to subscription administrators on the Subscription Administration page.

Documentation

This is a startup guide. Documentation of the available end points is via swagger-based documentation at:

https://api.riscnetworks.com/docs.html 

Authentication

All of the data-fetching API methods require the use of a temporary authentication token for authentication. The token is retrieved through the /1_0/getAuthToken end point. Authentication to get the token requires the user ID (email address), the user's password, an assessment code, and the API key. The assessment code is the string used to bootstrap the RN150, and it can be retrieved from the Subscription Administration page.

The token returned should be used for all subsequent API calls. It is tied to the user and assessment. The token is valid for up to 8 hours, but it will expire after 15 minutes of inactivity.

Note:A previous authentication scheme using an authentication string built from a combination of password and API key is deprecated, and support for it will be removed soon.

Example Usage

You can find a sample client written in Perl here. This example goes through the process of fetching a token for the user, pulling assets, and pulling stack summary data.