Skip to main content
Skip table of contents

API 3.0 - Use with Postman

Overview

The easiest way to get started with Mend API 3.0 is to use it inside an API platform tool like Postman.

Mend Tip: We recommend reading our Getting Started with Mend API 3.0 documentation to understand the API’s basic functionality before diving into this implementation article.

Getting it done

Prerequisites before using the Mend Container Image API in Postman

Configure the Mend API 3.0 in Postman

Step One: Import the Mend API 3.0 as a Postman Collection

  1. Download the API’s definition in JSON format, by accessing the API 3.0 documentation and clicking the Download button.

    image-20240402-190333.png

  2. This opens a browser tab containing the API definition in JSON format.

  3. Select all the text (in JSON format) and copy.

  4. Open your Postman instance.

  5. Select Import.

    image-20240403-182320.png

  6. A new window will pop up. Paste the definition into Postman:

    image-20240403-182339.png

  7. Select Postman Collection, then click on Import:

    image-20240403-194217.png

  8. Copy your base URL, depending on your Mend Platform environment. The format of the URL is:

    1. For Mend instances: https://api-<instance>.mend.io/api/v3.0

    2. For WhiteSource instances: https://api-<instance>.whitesourcesoftware.com/api/v3.0

Examples: https://api-saas-eu.mend.io/api/v3.0 | https://api-saas-eu.whitesourcesoftware.com/api/v3.0

  1. Insert this URL as the {{baseUrl}} environment variable in Postman. You can set this in your Collection-level variables, Globals, or use a separate, dedicated environment for the Mend API and create the {{baseUrl}} environment variable there:

    image-20240403-182438.png

Log into Mend API 3.0

You must have a valid Mend user to log in to an organization to use the API endpoints. Use the login endpoint and add the following:

  • Your email address associated with your Mend user (Mend Platform → My Profile → General)

  • Your organization UUID (Mend Platform → Administration → General Configuration → Organization UUID)

  • Your Mend user key (Mend Platform → My Profile → User Keys)

Tip: Set the credentials above for the login endpoint using Postman environment variables. For example:

CODE 
{
  "email": "{{email}}",
  "orgUuid": "{{orgUuid}}",
  "userKey": "{{userKey}}"
}

The response returns the orgUuid and a refreshToken which is valid until it expires (30 minutes), for that organization only.

Note: Once logged in, you should log out before accessing a different organization.

Retrieve a jwtToken

Open the Refresh Access Token endpoint. Create a header key called wss-refresh-token and insert the refreshToken from the previous step:

image-20240626-212342.png

Calling this endpoint returns a jwtToken that is used to authenticate further API requests.

Authenticate Mend API 3.0 Calls in Postman

You will need to use the jwtToken to authenticate the API call for the specific organization. Each API call may require certain path variables, such as orgUuid or userUuid, depending on things such as the hierarchy level, report configuration requirements, etc.

Let’s use the Get Project Libraries (Dependencies - SCA) call as an example. To add the jwtToken to the call in Postman:

  1. Select the Authorization tab and select Bearer Token.

  2. Place the jwtToken value provided earlier into the Token setting:

    image-20240403-200623.png

  3. Save your changes.

Tip: For step 2, you can keep the Authorization Type as “Inherit auth from parent” and insert the jwtToken as a Postman environment variable for the API 3.0 collection:

image-20240626-212305.png

Continuing with our Get Project Libraries (Dependencies - SCA) call example, you will also need to set your projectUuid in the Path Variables. To do so:

  1. Select the Params tab.

  2. Under Path Variables, find the projectUuid Key and input your projectUuid received during login into the Value setting (Note: You can also set this as an environment variable):

    image-20240403-201038.png

  3. Save your changes.

Note: If you get Error 401 Unauthorized, it's because you forgot to add the bearer token or are accessing the wrong organization.

image-20240403-193903.png

Pagination and Sorting for Large Results

For large results, the API’s scalability allows:

image-20240403-193821.png

  • Limit by default is 50 results, where the first page is page 0. You can change the size of the page by editing limit while the maximum value for limit is 10,000.

  • Cursor indicates the starting point for retrieving results, the first call doesn't include a cursor parameter in the request, the API response includes the first set of results along with a cursor pointing to the last item retrieved.

Reference

Additional documentation resources

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close