Welcome

CybeDefend is an advanced API designed for application security analysis. Built on a microservices architecture using TypeScript and NestJS and ensuring seamless service communication via Kafka, it provides a robust solution for managing users, organizations, and projects. With OAuth 2.0 authentication and granular permission management based on REBAC, CybeDefend excels in static, dynamic, and IaC security analyses (SAST, DAST, IaC, etc.) by integrating various open source tools.

Authentication

CybeDefend offers two authentication methods for securing API requests:

JWT Bearer Token

You can use a JWT token passed as a Bearer token in the Authorization header. JWT tokens are short-lived with a validity period of 15 minutes. To obtain a JWT token, make a POST request to the /auth/renew endpoint on the IAM service (not the base API): 
POST /auth/renew
This endpoint requires you to be already authenticated (using session cookies). When successfully called, it returns an access token that can be used for subsequent API calls: 
{
  "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}
Once obtained, include the JWT in the Authorization header: 
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

API Key

Alternatively, you can authenticate using an API key. The API key replaces the Bearer token and should be placed in the request header. 
X-API-Key: your_api_key_here
For detailed information on creating and managing API keys, refer to the API Key documentation. Choose the authentication method that best suits your use case. For scripts or automated systems that require longer sessions, API keys are recommended. For interactive user sessions, JWT tokens provide better security.