Introduction
CybeDefend API Documentation for Application Security Analysis
Welcome
CybeDefend is an advanced API designed for application security analysis. Built on a microservices architecture using TypeScript and NestJS and ensuring seamless service communication via Kafka, it provides a robust solution for managing users, organizations, and projects. With OAuth 2.0 authentication and granular permission management based on REBAC, CybeDefend excels in static, dynamic, and IaC security analyses (SAST, DAST, IaC, etc.) by integrating various open source tools.
Authentication
CybeDefend offers two authentication methods for securing API requests:
JWT Bearer Token
You can use a JWT token passed as a Bearer token in the Authorization header. JWT tokens are short-lived with a validity period of 15 minutes.
To obtain a JWT token, make a POST request to the /auth/renew endpoint on the IAM service (not the base API):
This endpoint requires you to be already authenticated (using session cookies). When successfully called, it returns an access token that can be used for subsequent API calls:
Once obtained, include the JWT in the Authorization header:
API Key
Alternatively, you can authenticate using an API key. The API key replaces the Bearer token and should be placed in the request header.
For detailed information on creating and managing API keys, refer to the API Key documentation.
Choose the authentication method that best suits your use case. For scripts or automated systems that require longer sessions, API keys are recommended. For interactive user sessions, JWT tokens provide better security.