Getting Started with Mend API 3.0

Overview

The Mend API 3.0 is a REST-compliant API that enables the automation of workflows in a REST-compliant format. The API features:

Access for any user with Mend credentials, via a user key, is available on the user's profile page in the Mend App.
Improved security with a JWT token per organization, which expires every 30 minutes.
Added scalability with support for cursor pagination and limiting results size.
Broader functionality is available programmatically.
API documentation in standard REST format for easy navigation and search.

Note: If you have a dedicated instance of Mend, contact your Mend representative to access this API on your instance.

Getting it done

Prerequisites before using Mend API 3.0

Log into Mend API 3.0

You must have a valid Mend user to log in to an organization to use the API endpoints. Use the login endpoint and add the following:

Your email address associated with your Mend user (Mend Platform → My Profile → General)
Your organization UUID (Mend Platform → Administration → General Configuration → Organization UUID)
Your Mend user key (Mend Platform → My Profile → User Keys)

Tip: Set the credentials above for the login endpoint using Postman environment variables. For example:

CODE

{
  "email": "{{email}}",
  "orgUuid": "{{orgUuid}}",
  "userKey": "{{userKey}}"
}

The response returns the orgUuid and a refreshToken which is valid until it expires (30 minutes), for that organization only.

Retrieve a jwtToken

Open the Refresh Access Token endpoint. Create a header key called wss-refresh-token and insert the refreshToken from the previous step:

Calling this endpoint returns a jwtToken that is used to authenticate further API requests.

Note: Once logged in, if you need access to a different organization, you can change the orgUuid in the “Login” endpoint.

Run Mend API 3.0

As there are many examples of using Mend API 3.0, let’s look at the typical workflow:

Identify your base URLs according to your Mend environment to use for Mend API 3.0:
- https://api-<your-instance>/api/v3.0
Log in to your Mend organization via the “Login” endpoint. This will provide you with your Refresh token (refreshToken) and the userUUID.
Use the “Refresh Access Token” endpoint to generate your Access Token (jwtToken) and authenticate your user and organization. This endpoint requires the parameter wss-refresh-token in the header, including the refreshToken as the value.
- The JWT token (authentication) and orgUUID are required for the Login and Refresh Access Token APIs. For the rest, only JWT Token is required.
Explore the multiple endpoints offered: Mend API 3.0.

Reference

Mend API 3.0 - Base URL Quick Access

For a quick view of all of the base URLs for the Mend API 3.0, please review the table provided below and use the URL relevant to your Mend Platform Application:

Mend Application Instance	Mend API 3.0 Base URL
App	Mend: `https://api-app.mend.io/api/v3.0` WhiteSource: `https://api-app.whitesourcesoftware.com/api/v3.0`
App-EU	WhiteSource only: `https://api-app-eu.whitesourcesoftware.com/api/v3.0`
SaaS	Mend: `https://api-saas.mend.io/api/v3.0` WhiteSource: `https://api-saas.whitesourcesoftware.com/api/v3.0`
SaaS-EU	Mend: `https://api-saas-eu.mend.io/api/v3.0` WhiteSource: `https://api-saas-eu.whitesourcesoftware.com/api/v3.0`

Mend API 3.0 - Pagination and Limitation for Large Results

For large results, Mend API 3.0 scalability allows for:

Limit by default is 50 results, where the first page is page 0. You can change the size of the page by editing limit while the maximum value for limit is 10,000.
Cursor indicates the starting point for retrieving results, the first call doesn't include a cursor parameter in the request, the API response includes the first set of results along with a cursor pointing to the last item retrieved.