The built-in REST API interface provides you with a way to visualize RESTful web services. The API documentation is built using Swagger, where you can test API operations and instantly view the results to help you scan your applications faster.

Before you begin

Important: REST API v4 Now Available!

We're thrilled to announce the release of REST API version 4, bringing you improved performance and enhanced features. This API serves as a vital tool for users employing automation scripts to execute diverse tasks on AppScan on Cloud.

Key Points:

  1. Transition Period: The current version, v2, will remain functional for the next few months. However, we encourage users to proactively update their scripts to leverage the new and improved capabilities of API v4.

  2. Migration Assistance:To facilitate a seamless transition to the updated API, refer to the technical overview provided. It includes essential information and guidance to ensure a smooth migration process.

  3. API v2 availability:API v2 will remain available until July 30, 2024. This extended availability is intended to provide users with ample time to migrate to API v4. If you are using the API through automation scripts, please ensure that a migration plan is in place to avoid disruptions after the specified date.

About this task

Learn how to use the interactive framework by following this example to import an application inventory by using the /api/v4/Apps/ImportFile REST API.


  1. Go to your Swagger page and bookmark it for future reference:
  2. Log in to Swagger with your HCL ID.
    1. Expand the Account API and click POST api/v4/Account/ApiKeyLogin to expand the operation details.
      POST API displaying login with API key
    2. Replace the "string" parameters with your Api Key Id and Api Key Secret. Keep the quotation marks.
    3. Click Execute.
    4. Copy the "Token" value from the Response Body.Response body displaying the token
    5. Paste it into the Access token field at the top of the Swagger interface.
      From now on the token is applied automatically to all API calls.
  3. Create an asset group:
    1. Expand the Asset Groups API and click POST /api/v4/AssetGroups.
    2. Replace the "string" parameters with a name and description for the asset group. Keep the quotation marks. Creating an Asset Group API
    3. Click Execute.
    4. Make note of the ID in the Response Body section; you'll need to use that ID in the next API.
      Copy ID from response body
  4. Import an application inventory file:
    1. Expand the Applications API and click POST /api/v4/Apps/ImportFile.
      In the Implementation section, there is a sample file that you can download to get a sense of the types of attributes to include in your file.
    2. Enter the assetGroupId from step 3d in the Value field of the Parameters section.
    3. Click Browse in the uploadedFile section to locate your CSV file of applications to import.
    4. Click Execute.
      A successful import appears as follows:Successful application import