2.3 API Structure Overview

All API endpoint URIs consist of

https://

myIsoraURL/api/

endpoint-specific string

In addition to specifying the correct endpoint, each API call should include the following fields in the headers of the HTTP request:

Authorization: Token <your token value>

Content-Type: application/json

 

An example request is demonstrated below:

A screenshot of a RESTlet client application constructing an HTTP GET request

The remainder of this document covers details about each individual piece of the Isora GRC API.

Note that depending on who you are, you will see somewhat different information. Just like with the web application of Isora GRC, your identity and permissions will determine what information you have access to. For example, a superuser can see the full details about another user (including that user’s token value, if one exists). An ordinary user would not be able to see token values of other users.

Some API requests can return large amounts of data, so for performance reasons, output may be returned piecemeal. For example, requesting a list of all users in Isora GRC will return a paginated list (by default, of up to 25 users at a time), with each response including links to the previous and next page of users. Most GET requests allow you specify an optional page_size parameter of up to 300.

Be careful when specifying URIs that you don’t put a trailing slash, as this will cause the request to fail.

You can specify multiple parameters to a request by linking them together with an ampersand (&) sign.