Skip to main content
Skip table of contents

Differences between Mend SCA API 1.x and API 2.x

Introduction

Mend offers two API options: API 1.x and API 2.0. The main distinction between the two is that API 2.0 follows a RESTful architecture. API 2.0, being the newer version, comes with added features that are not available in API 1.x, including pagination. In most cases, it's advisable to use API 2.0, unless there's a specific feature in API 1.4 that you require, in which case you can fall back to API 1.4.

Reports are a key feature that 1.4 contains that 2.0 does not. API 1.4 includes both synchronous and asynchronous reporting

API 1.x

API 1.x does not follow the RESTful API specifications, it uses the same endpoint and method for all requests. All requests requires a UserKey as part of the authentication inside of the body.

A User Key must have either audit or administration access

At a minimum, the following information is required:

JSON 
URL: https://<environment>/api/v1.4
METHOD: POST
HEADERS: Content-Type: application/json
BODY:
{
  "requestType": "<requestType>",
  "userKey": "<your user key>"
}

As of this writing, there is generally no real reason to use API 1.3 over API 1.4. Many requests in API 1.4 were refactored to execute faster, reports can be generated asynchronously, and more

API 2.0

API 2.0 operates as a REST API, which differs significantly from API 1.4 in its execution. To make any API request in this version, users must first initiate a Login Request. This request provides a JWT Token, which serves as the authentication method for other API requests, using the 'Bearer Token' mechanism. The JWT Token has a session duration, and when that session expires, a new JWT Token must be acquired.
The method used for each API request depends on the intended action. Typically, API requests start with: '<https://api-<env>.whitesourcesoftware.com/api/v2.0.' When retrieving information, the 'GET' method is used; for uploading data to Mend servers, 'PUT' is employed. Requests that trigger server actions, like logging in, utilize the 'POST' method, while 'DELETE' is used for requests involving the removal of server-stored information. Each request also has a distinct endpoint.

Benefits

Although more steps are required to run API requests with API 2.0, there are some major benefits to using this API including:

  1. Permissions - API permissions align with those of the authenticated user. Users can only access what they've been granted permission to.

  2. Pagination - Users can control the page size and select the specific page they want to view

  3. Filtering - When making requests, like retrieving alerts, users can filter out unnecessary data from the API response and only retrieve the data they require

  4. Sorting - Users have the option to select the data field by which they want to sort the information

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close