Projects 101

Team and permissions

Activity feed and revision history

The Project Scheduler

Comments, Notifications, & Subscriptions

Using Nodes to structure the project

Node properties

Working with Notes

The Report Content page

Adding issues and evidence

Liquid Dynamic Content

Combine multiple Issues

Bulk-update Issues

CVSS and DREAD calculators

Add attachments

Tagging issues

Using methodologies

Project templates

Upload and work with tool output

Upload and work with CSV files

Search your project

Restore deleted content with the Trash feature

Quality Assurance View

Generate your report

Importing and exporting projects

Performing a retest

The Administrator role

Managing users

Enabling / disabling sign ups

Working with teams

Working with projects

The Instance-wide Trash

Integration and Tool Manager

Project Scheduler

The Business Intelligence Dashboard

The Remediation Tracker

The Mappings Manager

The Rules Engine

The IssueLibrary

Report templates

Report template properties

Note templates

Project templates

Methodology templates

Kit Uploads

System settings

Upgrading the app

Customizations and Configurations

Re-encrypt your LUKS-encrypted disk and generate a new volume key

Automatically unlock your LUKS-encrypted drive

Change your LUKs-encrypted drive's passphrase

Change default CIC password

Set up SSL certificates so that upgrades won't override them

Set up SSL certificates with Let's Encrypt

Increase the number of puma threads

Increase the number of export worker processes

Set maximum login attempts

Increase session timeout period

Usage analytics sharing

Configure the mail server

Configure the Burp-Dradis Extension

Connecting Dradis to MediaWiki

Enable extra import add-ons

Intro to the Command Line Interface

User's guide to the Dradis Console

Upload tool output from the command line

[scripting] Find projects with XSS issues

[scripting] Find Issues added in the past 24 hours

[scripting] Statistics on Issues and Projects

[scripting] From Nessus output to custom report

[scripting] Update your IssueLibrary entries

Intro to the BI Dashboard

Custom Team Properties

Custom Project Properties

From Properties to Metrics

Trend Analysis

Intro to Liquid Gateway Themes

Creating Liquid Gateway Themes

Using Liquid Gateway Themes

  1. Support Home
  2. Collaborate
  3. REST API
  4. API basics

API basics

This guide describes the official Dradis Pro API. If you have any problems or requests, please contact the support team.

Jump to: Current version | Schema | HTTP Verbs | Parameters | Authentication | Error codes | Endpoint cheatsheet

Current Version

By default, all requests receive the v3 version of the API, as of v4.10 of Dradis. We encourage you to explicitly request this version via the Accept header.

Accept: application/vnd.dradisapi; v=3

Schema

All API access is over HTTPS, and accessed through dradis-pro.dev/pro/api. All data is sent and received as JSON.

Blank fields are included as null instead of being omitted.

All timestamps are returned in ISO 8601 format:

YYYY-MM-DDTHH:MM:SSZ

HTTP Verbs

Where possible, the API strives to use appropriate HTTP verbs for each action.

  • HEAD: Can be issued against any resource to get just the HTTP header info.
  • GET: Used for retrieving resources.
  • POST: Used for creating resources
  • PUT: Used for updating resources with partial JSON data. A PUT request may accept one or more of the attributes to update the resource.
  • DELETE: Used for deleting resources.

Parameters

For POST, PATCH, PUT, and DELETE requests, parameters should be encoded as JSON with a Content-Type of application/json:

$ curl \
  -H 'Authorization: Token token="xMsNwttqN5bVNEYcrIF01s65"' \
  -H 'Content-type: application/json' \
  -d '{"team":{"name":"Test Client 4"}}' \
  https://dradis-pro.dev/pro/api/teams

Authentication

The API supports two different authentication modes: API token and HTTP Basic.

API token

Provide your token as part of the HTTP Authorization header:

Authorization: Token token="<API_token>"

Note that the header requires you to use double-quotes (").

For example:

$ curl \
  -H 'Authorization: Token token="xMsNwttqN5bVNEYcrIF01s65"' \
  https://dradis-pro.dev/pro/api/projects/1
Find your API token
  1. In the header, click the avatar icon in the top right corner and then select Profile from the dropdown that appears.
  2. Scroll down below Confirm password to find your API token:

Basic Authentication

Use the same credentials you log in with:

$ curl -u 'your@email.com' https://dradis-pro.dev/pro/api/projects/1
Enter host password for user 'your@email.com':

Error codes

These are the possible types of errors on API calls. The response will include a JSON object with the description and the proper HTTP status code:

HTTP Status Message Description
401 Authentication required No authentication credentials have been provided. Use one of the supported authentication methods (token or basic authentication).
403 Forbidden The authenticated user does not have access to this operation. Use a different user or ask the administrator to set the needed permissions for the current user.
404 Not found The resource couldn't be found.
415 JSON required Content-Type header needs to be set to 'application/json' for this request
422 Validation error Some fields have invalid values. Check the "errors" array in the response for further information.
500 Internal server error The application found an unexpected condition that prevented it from fulfilling the request.

Endpoints Cheatsheet

Check out the following pages for more details on each of the available endpoints:

Endpoint Description
Teams Retrieve details about the Teams on your instance.
Projects Retrieve content about all of the projects or work with a specific project.
Nodes Retrieve and work with the Nodes in a specific project.
Issues Retrieve and work with the Issues in a specific project.
Evidence Retrieve and work with the Evidence associated with specific Nodes in your project.
Content Blocks Retrieve and work with the Content Blocks in a specific project.
Notes Retrieve and work with the Notes associated with specific Nodes in your project.
Attachments Retrieve and work with the Attachments associated with specific Nodes in your project.
Document Properties Retrieve and work with the Document Properties in a specific project.
IssueLibrary Retrieve and work with the IssueLibrary entries on your instance.

Next help article: Teams endpoint →

Streamline InfoSec Project Delivery

Learn practical tips to reduce the overhead that drags down security assessment delivery with this 5-day course. These proven, innovative, and straightforward techniques will optimize all areas of your next engagement including:

  • Scoping
  • Scheduling
  • Project Planning
  • Delivery
  • Intra-team Collaboration
  • Reporting and much more...

Your email is kept private. We don't do the spam thing.