@lap v0.3
# Machine-readable API spec. Each @endpoint block is one API call.
@api InsightAppSec API
@base https://[region].api.insight.rapid7.com/ias/v1
@version v1
@auth ApiKey (inferred from docs)
@endpoints 102
@hint download_for_search
@toc apps(17), attack-templates(10), blackouts(5), engine-groups(6), engines(9), modules(4), reports(4), scan-configs(9), scans(9), schedules(5), search(1), tags(5), targets(5), vulnerabilities(13)

@group apps
@endpoint GET /apps
@optional {index: int(int32), size: int(int32), sort: str, page-token: str}
@returns(200) {data: [any], metadata: any, links: [any]}
@errors {400, 401, 403, 404, 415, 500}

@endpoint POST /apps
@required {name: str}
@optional {id: str(uuid), description: str}
@returns(201)
@errors {400, 401, 403, 404, 409, 415, 422, 500}

@endpoint GET /apps/{app-id}
@required {app-id: str(uuid)}
@returns(200) {id: str(uuid), name: str, description: str, links: [any]}
@errors {400, 401, 403, 404, 415, 500}

@endpoint PUT /apps/{app-id}
@required {app-id: str(uuid), name: str}
@optional {id: str(uuid), description: str}
@returns(200)
@errors {400, 401, 403, 404, 409, 415, 422, 500}

@endpoint DELETE /apps/{app-id}
@required {app-id: str(uuid)}
@returns(204)
@errors {400, 401, 403, 404, 409, 415, 500}

@endpoint GET /apps/{app-id}/files
@required {app-id: str(uuid)}
@optional {index: int(int32), size: int(int32), sort: str, page-token: str}
@returns(200) {data: [any], metadata: any, links: [any]}
@errors {400, 401, 403, 404, 415, 500}

@endpoint POST /apps/{app-id}/files
@required {app-id: str(uuid), name: str, type: str(MACRO/RECORDED_TRAFFIC/SELENIUM/WSDL/SWAGGER/CERTIFICATE/GRAPHQL), locked: bool}
@optional {id: str(uuid), description: str, owner: any, content_available: bool, last_updated_by_user: any, last_updated: str}
@returns(201)
@errors {400, 401, 403, 404, 409, 415, 422, 500}

@endpoint GET /apps/{app-id}/files/{file-id}
@required {app-id: str(uuid), file-id: str(uuid)}
@returns(200)
@errors {400, 401, 403, 404, 415, 500}

@endpoint PUT /apps/{app-id}/files/{file-id}
@required {app-id: str(uuid), file-id: str(uuid), name: str, type: str(MACRO/RECORDED_TRAFFIC/SELENIUM/WSDL/SWAGGER/CERTIFICATE/GRAPHQL), locked: bool}
@optional {id: str(uuid), description: str, owner: any, content_available: bool, last_updated_by_user: any, last_updated: str}
@returns(200)
@errors {400, 401, 403, 404, 409, 415, 422, 500}

@endpoint POST /apps/{app-id}/files/{file-id}
@required {app-id: str(uuid), file-id: str(uuid)}
@returns(201)
@errors {400, 401, 403, 404, 409, 415, 422, 500}

@endpoint DELETE /apps/{app-id}/files/{file-id}
@required {app-id: str(uuid), file-id: str(uuid)}
@returns(204)
@errors {400, 401, 403, 404, 409, 415, 500}

@endpoint GET /apps/{app-id}/tags
@required {app-id: str(uuid)}
@returns(200)
@errors {400, 401, 403, 404, 415, 500}

@endpoint POST /apps/{app-id}/tags
@required {app-id: str(uuid), id: str(uuid)}
@returns(201)
@errors {400, 401, 403, 404, 409, 415, 422, 500}

@endpoint DELETE /apps/{app-id}/tags/{tag-id}
@required {app-id: str(uuid), tag-id: str(uuid)}
@returns(204)
@errors {400, 401, 403, 404, 409, 415, 500}

@endpoint GET /apps/{app-id}/users
@required {app-id: str(uuid)}
@returns(200)
@errors {400, 401, 403, 404, 415, 500}

@endpoint POST /apps/{app-id}/users
@required {app-id: str(uuid), id: str(uuid)}
@returns(201)
@errors {400, 401, 403, 404, 409, 415, 422, 500}

@endpoint DELETE /apps/{app-id}/users/{user-id}
@required {app-id: str(uuid), user-id: str(uuid)}
@returns(204)
@errors {400, 401, 403, 404, 409, 415, 500}

@endgroup

@group attack-templates
@endpoint GET /attack-templates
@optional {index: int(int32), size: int(int32), sort: str, page-token: str}
@returns(200) {data: [any], metadata: any, links: [any]}
@errors {400, 401, 403, 404, 415, 500}

@endpoint POST /attack-templates
@required {name: str}
@optional {id: str(uuid), description: str, system_defined: bool, browser_encoding_enabled: bool, attack_prioritization: str(SEQUENTIAL/SMART/RANDOMIZED), advanced_attacks_enabled: bool, false_positive_regex: str}
@returns(200)
@errors {400, 401, 403, 404, 409, 415, 422, 500}

@endpoint GET /attack-templates/module-configs
@returns(200)
@errors {400, 401, 403, 404, 415, 500}

@endpoint GET /attack-templates/{attack-template-id}
@required {attack-template-id: str(uuid)}
@returns(200) {id: str(uuid), name: str, description: str, system_defined: bool, browser_encoding_enabled: bool, attack_prioritization: str, advanced_attacks_enabled: bool, false_positive_regex: str, links: [any]}
@errors {400, 401, 403, 404, 415, 500}

@endpoint PUT /attack-templates/{attack-template-id}
@required {attack-template-id: str(uuid), name: str}
@optional {id: str(uuid), description: str, system_defined: bool, browser_encoding_enabled: bool, attack_prioritization: str(SEQUENTIAL/SMART/RANDOMIZED), advanced_attacks_enabled: bool, false_positive_regex: str}
@returns(200)
@errors {400, 401, 403, 404, 409, 415, 422, 500}

@endpoint DELETE /attack-templates/{attack-template-id}
@required {attack-template-id: str(uuid)}
@returns(204)
@errors {400, 401, 403, 404, 409, 415, 500}

@endpoint GET /attack-templates/{attack-template-id}/modules
@required {attack-template-id: str(uuid)}
@returns(200)
@errors {400, 401, 403, 404, 415, 500}

@endpoint POST /attack-templates/{attack-template-id}/modules
@required {attack-template-id: str(uuid), module_config_id: str(uuid), severity: str(CRITICAL/HIGH/MEDIUM/LOW/INFORMATIONAL/SAFE), max_findings: int(int32)}
@optional {id: str(uuid), enabled: bool, parameter_locations: [str]}
@returns(200)
@errors {400, 401, 403, 404, 409, 415, 422, 500}

@endpoint PUT /attack-templates/{attack-template-id}/modules/{attack-module-id}
@required {attack-template-id: str(uuid), attack-module-id: str(uuid), module_config_id: str(uuid), severity: str(CRITICAL/HIGH/MEDIUM/LOW/INFORMATIONAL/SAFE), max_findings: int(int32)}
@optional {id: str(uuid), enabled: bool, parameter_locations: [str]}
@returns(200)
@errors {400, 401, 403, 404, 409, 415, 422, 500}

@endpoint DELETE /attack-templates/{attack-template-id}/modules/{attack-module-id}
@required {attack-template-id: str(uuid), attack-module-id: str(uuid)}
@returns(204)
@errors {400, 401, 403, 404, 409, 415, 500}

@endgroup

@group blackouts
@endpoint GET /blackouts
@optional {index: int(int32), size: int(int32), sort: str, page-token: str}
@returns(200) {data: [any], metadata: any, links: [any]}
@errors {400, 401, 403, 404, 415, 500}

@endpoint POST /blackouts
@required {name: str, enabled: bool, first_start: str(date-time), first_end: str(date-time)}
@optional {id: str(uuid), scope: str(APP/GLOBAL), active: bool, app: any, last_start: str(date-time), frequency: any, rrule: str}
@returns(201)
@errors {400, 401, 403, 404, 409, 415, 422, 500}

@endpoint GET /blackouts/{blackout-id}
@required {blackout-id: str(uuid)}
@returns(200) {id: str(uuid), name: str, scope: str, enabled: bool, active: bool, app: any, first_start: str(date-time), first_end: str(date-time), last_start: str(date-time), frequency: any, rrule: str, links: [any]}
@errors {400, 401, 403, 404, 415, 500}

@endpoint PUT /blackouts/{blackout-id}
@required {blackout-id: str(uuid), name: str, enabled: bool, first_start: str(date-time), first_end: str(date-time)}
@optional {id: str(uuid), scope: str(APP/GLOBAL), active: bool, app: any, last_start: str(date-time), frequency: any, rrule: str}
@returns(200)
@errors {400, 401, 403, 404, 409, 415, 422, 500}

@endpoint DELETE /blackouts/{blackout-id}
@required {blackout-id: str(uuid)}
@returns(204)
@errors {400, 401, 403, 404, 409, 415, 500}

@endgroup

@group engine-groups
@endpoint GET /engine-groups
@optional {index: int(int32), size: int(int32), sort: str, page-token: str}
@returns(200) {data: [any], metadata: any, links: [any]}
@errors {400, 401, 403, 404, 415, 500}

@endpoint POST /engine-groups
@required {name: str}
@optional {id: str(uuid), description: str}
@returns(201)
@errors {400, 401, 403, 404, 409, 415, 422, 500}

@endpoint GET /engine-groups/{engine-group-id}
@required {engine-group-id: str(uuid)}
@returns(200) {id: str(uuid), name: str, description: str, links: [any]}
@errors {400, 401, 403, 404, 415, 500}

@endpoint PUT /engine-groups/{engine-group-id}
@required {engine-group-id: str(uuid), name: str}
@optional {id: str(uuid), description: str}
@returns(200)
@errors {400, 401, 403, 404, 409, 415, 422, 500}

@endpoint DELETE /engine-groups/{engine-group-id}
@required {engine-group-id: str(uuid)}
@returns(204)
@errors {400, 401, 403, 404, 409, 415, 500}

@endpoint GET /engine-groups/{engine-group-id}/engines
@required {engine-group-id: str(uuid)}
@optional {index: int(int32), size: int(int32), sort: str, page-token: str}
@returns(200) {data: [any], metadata: any, links: [any]}
@errors {400, 401, 403, 404, 415, 500}

@endgroup

@group engines
@endpoint GET /engines
@required {pageConfig: any}
@returns(200) {data: [any], metadata: any, links: [any]}
@errors {400, 401, 403, 404, 415, 500}

@endpoint POST /engines
@required {name: str, auto_upgrade: bool}
@optional {id: str(uuid), engine_group: any, status: str(INITIALIZING/LICENSING/TERMINATING/IDLE/OFFLINE/SCANNING/UPGRADING/PARKED/FAILED), failure_reason: str(TERMINATION_FAILED/INITIALIZATION_FAILED/UPGRADE_FAILED/GENERAL_FAILURE), latest_version: bool, upgradeable: bool}
@returns(201)
@errors {400, 401, 403, 404, 409, 415, 422, 500}

@endpoint GET /engines/{engine-id}
@required {engine-id: str(uuid)}
@returns(200) {id: str(uuid), name: str, engine_group: any, status: str, failure_reason: str, latest_version: bool, upgradeable: bool, auto_upgrade: bool, links: [any]}
@errors {400, 401, 403, 404, 415, 500}

@endpoint PUT /engines/{engine-id}
@required {engine-id: str(uuid), name: str, auto_upgrade: bool}
@optional {id: str(uuid), engine_group: any, status: str(INITIALIZING/LICENSING/TERMINATING/IDLE/OFFLINE/SCANNING/UPGRADING/PARKED/FAILED), failure_reason: str(TERMINATION_FAILED/INITIALIZATION_FAILED/UPGRADE_FAILED/GENERAL_FAILURE), latest_version: bool, upgradeable: bool}
@returns(200)
@errors {400, 401, 403, 404, 409, 415, 422, 500}

@endpoint DELETE /engines/{engine-id}
@required {engine-id: str(uuid)}
@returns(204)
@errors {400, 401, 403, 404, 409, 415, 500}

@endpoint GET /engines/{engine-id}/credential
@required {engine-id: str(uuid)}
@returns(200) {api_key: str}
@errors {400, 401, 403, 404, 415, 500}

@endpoint PUT /engines/{engine-id}/credential
@required {engine-id: str(uuid)}
@returns(200)
@errors {400, 401, 403, 404, 409, 415, 422, 500}

@endpoint DELETE /engines/{engine-id}/credential
@required {engine-id: str(uuid)}
@returns(204)
@errors {400, 401, 403, 404, 409, 415, 500}

@endpoint POST /engines/{engine-id}/upgrade
@required {engine-id: str(uuid)}
@returns(202)
@errors {400, 401, 403, 404, 409, 415, 422, 500}

@endgroup

@group modules
@endpoint GET /modules
@returns(200)
@errors {400, 401, 403, 404, 415, 500}

@endpoint GET /modules/{module-id}
@required {module-id: str(uuid)}
@returns(200) {id: str(uuid), name: str, description: str}
@errors {400, 401, 403, 404, 415, 500}

@endpoint GET /modules/{module-id}/attacks/{attack-id}
@required {module-id: str(uuid), attack-id: str}
@returns(200) {id: str, type: str, class: str, description: str}
@errors {400, 401, 403, 404, 415, 500}

@endpoint GET /modules/{module-id}/attacks/{attack-id}/documentation
@required {module-id: str(uuid), attack-id: str}
@returns(200) {references: map, description: str, recommendation: str}
@errors {400, 401, 403, 404, 415, 500}

@endgroup

@group reports
@endpoint GET /reports
@optional {index: int(int32), size: int(int32), sort: str, page-token: str}
@returns(200) {data: [any], metadata: any, links: [any]}
@errors {400, 401, 403, 404, 415, 500}

@endpoint POST /reports
@required {name: str, type: str(VULN_SUMMARY/VULN_REMEDIATION/PCI_COMPLIANCE/PCI4_COMPLIANCE/OWASP_2013_COMPLIANCE/OWASP_2017_COMPLIANCE/OWASP_2021_COMPLIANCE/OWASP_2023API_COMPLIANCE/OWASP_2025_COMPLIANCE/GDPR_2016_COMPLIANCE/SOX_COMPLIANCE/HIPAA_COMPLIANCE/EXEC_SINGLE_APP/EXEC_ALL_APPS/EXEC_SINGLE_APP_NEW_VULNS/EXEC_ALL_APPS_NEW_VULNS/EXEC_SINGLE_APP_ALL_VULNS/EXEC_ALL_APPS_ALL_VULNS), format: str(HTML/CSV/PDF)}
@optional {scan: any, app: any, start: str, end: str, month: str, filter: str}
@returns(201)
@errors {400, 401, 403, 404, 409, 415, 422, 500}

@endpoint GET /reports/{report-id}
@required {report-id: str(uuid)}
@returns(200) {id: str(uuid), name: str, type: str, format: str, owner: any, generated_date: str(date-time), app: any, status: str, links: [any]}
@errors {400, 401, 403, 404, 415, 500}

@endpoint DELETE /reports/{report-id}
@required {report-id: str(uuid)}
@returns(204)
@errors {400, 401, 403, 404, 409, 415, 500}

@endgroup

@group scan-configs
@endpoint GET /scan-configs
@optional {include-errors: bool=true, index: int(int32), size: int(int32), sort: str, page-token: str}
@returns(200) {data: [any], metadata: any, links: [any]}
@errors {400, 401, 403, 404, 415, 500}

@endpoint POST /scan-configs
@required {name: str, app: any, attack_template: any}
@optional {id: str(uuid), description: str, incremental: bool, assignment: any, errors: [str]}
@returns(201)
@errors {400, 401, 403, 404, 409, 415, 422, 500}

@endpoint GET /scan-configs/options/default
@returns(200) {detailed_logging: bool, display_imminent_license_expiry_message: bool, java_script_engine: str, scan_module_parameter_files_list: [any], crawl_config: any, attacker_config: any, auth_config: any, proxy_config: any, ssl_cert_config: any, network_settings_config: any, performance_config: any, http_headers_config: any, manual_crawling_config: any, parameter_training_config: any, auto_sequence_config: any, macro_config: any, selenium_config: any, web_service_config: any, one_time_token_config: any, parameter_parser_config: any, parameter_value_config: any, chrome_host_config: any, token_replacement_config: any, chatbot_config: any}
@errors {400, 401, 403, 404, 415, 500}

@endpoint GET /scan-configs/{scan-config-id}
@required {scan-config-id: str(uuid)}
@returns(200) {id: str(uuid), name: str, description: str, app: any, attack_template: any, incremental: bool, assignment: any, errors: [str], links: [any]}
@errors {400, 401, 403, 404, 415, 500}

@endpoint PUT /scan-configs/{scan-config-id}
@required {scan-config-id: str(uuid), name: str, app: any, attack_template: any}
@optional {id: str(uuid), description: str, incremental: bool, assignment: any, errors: [str]}
@returns(200)
@errors {400, 401, 403, 404, 409, 415, 422, 500}

@endpoint DELETE /scan-configs/{scan-config-id}
@required {scan-config-id: str(uuid)}
@returns(204)
@errors {400, 401, 403, 404, 409, 415, 500}

@endpoint GET /scan-configs/{scan-config-id}/options
@required {scan-config-id: str(uuid)}
@returns(200) {detailed_logging: bool, display_imminent_license_expiry_message: bool, java_script_engine: str, scan_module_parameter_files_list: [any], crawl_config: any, attacker_config: any, auth_config: any, proxy_config: any, ssl_cert_config: any, network_settings_config: any, performance_config: any, http_headers_config: any, manual_crawling_config: any, parameter_training_config: any, auto_sequence_config: any, macro_config: any, selenium_config: any, web_service_config: any, one_time_token_config: any, parameter_parser_config: any, parameter_value_config: any, chrome_host_config: any, token_replacement_config: any, chatbot_config: any}
@errors {400, 401, 403, 404, 415, 500}

@endpoint PUT /scan-configs/{scan-config-id}/options
@required {scan-config-id: str(uuid)}
@optional {detailed_logging: bool, display_imminent_license_expiry_message: bool, java_script_engine: str(DEFAULT/INTERNET_EXPLORER/CHROME/CHROMIUM), scan_module_parameter_files_list: [any], crawl_config: any, attacker_config: any, auth_config: any, proxy_config: any, ssl_cert_config: any, network_settings_config: any, performance_config: any, http_headers_config: any, manual_crawling_config: any, parameter_training_config: any, auto_sequence_config: any, macro_config: any, selenium_config: any, web_service_config: any, one_time_token_config: any, parameter_parser_config: any, parameter_value_config: any, chrome_host_config: any, token_replacement_config: any, chatbot_config: any}
@returns(200)
@errors {400, 401, 403, 404, 409, 415, 422, 500}

@endpoint PATCH /scan-configs/{scan-config-id}/options
@required {scan-config-id: str(uuid)}
@optional {detailed_logging: bool, display_imminent_license_expiry_message: bool, java_script_engine: str(DEFAULT/INTERNET_EXPLORER/CHROME/CHROMIUM), scan_module_parameter_files_list: [any], crawl_config: any, attacker_config: any, auth_config: any, proxy_config: any, ssl_cert_config: any, network_settings_config: any, performance_config: any, http_headers_config: any, manual_crawling_config: any, parameter_training_config: any, auto_sequence_config: any, macro_config: any, selenium_config: any, web_service_config: any, one_time_token_config: any, parameter_parser_config: any, parameter_value_config: any, chrome_host_config: any, token_replacement_config: any, chatbot_config: any}
@returns(200)
@errors {400, 401, 403, 404, 415, 500}

@endgroup

@group scans
@endpoint GET /scans
@optional {index: int(int32), size: int(int32), sort: str, page-token: str}
@returns(200) {data: [any], metadata: any, links: [any]}
@errors {400, 401, 403, 404, 415, 500}

@endpoint POST /scans
@required {scan_config: any}
@optional {id: str(uuid), app: any, submitter: any, submit_time: str, completion_time: str, status: str(PENDING/QUEUED/PROVISIONING/RUNNING/SCANNED/PROCESSED/COMPLETE/PAUSED/BLACKED_OUT/AWAITING_AUTHENTICATION/AUTHENTICATED/PAUSING/RESUMING/STOPPING/CANCELING/AUTHENTICATING/FAILED), failure_reason: str(CANCELED/NETWORK_UNAVAILABLE/SYSTEM_ERROR/CONFIGURATION_INVALID/BAD_AUTH/LICENSE_INVALID/TARGETS_INVALID/ENGINE_UNAVAILABLE/INITIALIZATION_FAILURE/SWAGGER_PARSING_ERROR/DATABASE_TOO_LARGE/INSUFFICIENT_DISK_SPACE/INSUFFICIENT_MEMORY/TOO_MANY_THREADS/RASP_FAILURE/BOOTSTRAP_AUTHENTICATION_FAILURE/REPORT_GENERATION_FAILURE), validation: any, scan_type: str(REGULAR/VERIFICATION/INCREMENTAL), specialized_scan_parameters: any}
@returns(201)
@errors {400, 401, 403, 404, 409, 415, 422, 500}

@endpoint GET /scans/{scan-id}
@required {scan-id: str(uuid)}
@returns(200) {id: str(uuid), app: any, scan_config: any, submitter: any, submit_time: str, completion_time: str, status: str, failure_reason: str, validation: any, scan_type: str, specialized_scan_parameters: any, links: [any]}
@errors {400, 401, 403, 404, 415, 500}

@endpoint DELETE /scans/{scan-id}
@required {scan-id: str(uuid)}
@returns(204)
@errors {400, 401, 403, 404, 409, 415, 500}

@endpoint GET /scans/{scan-id}/action
@required {scan-id: str(uuid)}
@returns(204) {action: str}
@errors {400, 401, 403, 404, 415, 500}

@endpoint PUT /scans/{scan-id}/action
@required {scan-id: str(uuid), action: str(PAUSE/RESUME/STOP/AUTHENTICATE/CANCEL)}
@returns(200)
@errors {400, 401, 403, 404, 409, 415, 422, 500}

@endpoint GET /scans/{scan-id}/engine-events
@required {scan-id: str(uuid)}
@returns(200)
@errors {400, 401, 403, 404, 415, 500}

@endpoint GET /scans/{scan-id}/execution-details
@required {scan-id: str(uuid)}
@returns(200) {logged_in: bool, links_in_queue: int(int32), links_crawled: int(int32), attacks_in_queue: int(int32), attacked: int(int32), vulnerable: int(int32), requests: int(int32), failed_requests: int(int32), network_speed: int(int32), drip_delay: int(int32)}
@errors {400, 401, 403, 404, 415, 500}

@endpoint GET /scans/{scan-id}/platform-events
@required {scan-id: str(uuid)}
@returns(200)
@errors {400, 401, 403, 404, 415, 500}

@endgroup

@group schedules
@endpoint GET /schedules
@optional {index: int(int32), size: int(int32), sort: str, page-token: str}
@returns(200) {data: [any], metadata: any, links: [any]}
@errors {400, 401, 403, 404, 415, 500}

@endpoint POST /schedules
@required {name: str, enabled: bool, scan_config: any, first_start: str(date-time)}
@optional {id: str(uuid), last_start: str(date-time), frequency: any, rrule: str}
@returns(201)
@errors {400, 401, 403, 404, 409, 415, 422, 500}

@endpoint GET /schedules/{schedule-id}
@required {schedule-id: str(uuid)}
@returns(200) {id: str(uuid), name: str, enabled: bool, scan_config: any, first_start: str(date-time), last_start: str(date-time), frequency: any, rrule: str, links: [any]}
@errors {400, 401, 403, 404, 415, 500}

@endpoint PUT /schedules/{schedule-id}
@required {schedule-id: str(uuid), name: str, enabled: bool, scan_config: any, first_start: str(date-time)}
@optional {id: str(uuid), last_start: str(date-time), frequency: any, rrule: str}
@returns(200)
@errors {400, 401, 403, 404, 409, 415, 422, 500}

@endpoint DELETE /schedules/{schedule-id}
@required {schedule-id: str(uuid)}
@returns(204)
@errors {400, 401, 403, 404, 409, 415, 500}

@endgroup

@group search
@endpoint POST /search
@required {type: str(APP/SCAN/SCAN_CONFIG/VULNERABILITY/VULNERABILITY_DISCOVERY/ATTACK_TEMPLATE/TARGET/ENGINE/ENGINE_GROUP/SCHEDULE/BLACKOUT/FILE/TAG/REPORT), query: str}
@optional {limitData: bool, index: int(int32), size: int(int32), sort: str, page-token: str}
@returns(200) {data: [map], metadata: any, links: [any]}
@errors {400, 401, 403, 404, 409, 415, 422, 500}

@endgroup

@group tags
@endpoint GET /tags
@optional {root: bool=false, index: int(int32), size: int(int32), sort: str, page-token: str}
@returns(200) {data: [any], metadata: any, links: [any]}
@errors {400, 401, 403, 404, 415, 500}

@endpoint POST /tags
@required {name: str}
@optional {id: str(uuid), creator: any, create_time: str}
@returns(201)
@errors {400, 401, 403, 404, 409, 415, 422, 500}

@endpoint GET /tags/{tag-id}
@required {tag-id: str(uuid)}
@returns(200) {id: str(uuid), name: str, creator: any, create_time: str, links: [any]}
@errors {400, 401, 403, 404, 415, 500}

@endpoint PUT /tags/{tag-id}
@required {tag-id: str(uuid), name: str}
@optional {id: str(uuid), creator: any, create_time: str}
@returns(200)
@errors {400, 401, 403, 404, 409, 415, 422, 500}

@endpoint DELETE /tags/{tag-id}
@required {tag-id: str(uuid)}
@optional {cascade: bool=false}
@returns(204)
@errors {400, 401, 403, 404, 409, 415, 500}

@endgroup

@group targets
@endpoint GET /targets
@optional {index: int(int32), size: int(int32), sort: str, page-token: str}
@returns(200) {data: [any], metadata: any, links: [any]}
@errors {400, 401, 403, 404, 415, 500}

@endpoint POST /targets
@required {domain: str}
@optional {id: str(uuid), enabled: bool, archived: bool}
@returns(201)
@errors {400, 401, 403, 404, 409, 415, 422, 500}

@endpoint GET /targets/{target-id}
@required {target-id: str(uuid)}
@returns(200) {id: str(uuid), domain: str, enabled: bool, archived: bool, links: [any]}
@errors {400, 401, 403, 404, 415, 500}

@endpoint PUT /targets/{target-id}
@required {target-id: str(uuid), domain: str}
@optional {id: str(uuid), enabled: bool, archived: bool}
@returns(200)
@errors {400, 401, 403, 404, 409, 415, 422, 500}

@endpoint DELETE /targets/{target-id}
@required {target-id: str(uuid)}
@returns(204)
@errors {400, 401, 403, 404, 409, 415, 500}

@endgroup

@group vulnerabilities
@endpoint GET /vulnerabilities
@optional {index: int(int32), size: int(int32), sort: str, page-token: str}
@returns(200) {data: [any], metadata: any, links: [any]}
@errors {400, 401, 403, 404, 415, 500}

@endpoint POST /vulnerabilities/variances/documentation
@optional {variance_ids: [str(uuid)], scan_id: str(uuid), vuln_uuids: [str(uuid)], vuln_ids: [str(uuid)]}
@returns(200)
@errors {400, 401, 403, 404, 409, 415, 422, 500}

@endpoint GET /vulnerabilities/{vuln-id}
@required {vuln-id: str(uuid)}
@returns(200) {id: str(uuid), app: any, root_cause: any, severity: str, status: str, first_discovered: str, last_discovered: str, newly_discovered: bool, variances: [any], vector_string: str, vulnerability_score: num(double), insight_ui_url: str, updated_time: str(date-time), links: [any]}
@errors {400, 401, 403, 404, 415, 500}

@endpoint PUT /vulnerabilities/{vuln-id}
@required {vuln-id: str(uuid)}
@optional {id: str(uuid), app: any, root_cause: any, severity: str(SAFE/INFORMATIONAL/LOW/MEDIUM/HIGH/CRITICAL), status: str(UNREVIEWED/FALSE_POSITIVE/VERIFIED/IGNORED/REMEDIATED/DUPLICATE), first_discovered: str, last_discovered: str, newly_discovered: bool, variances: [any], vector_string: str, vulnerability_score: num(double), insight_ui_url: str, updated_time: str(date-time)}
@returns(200)
@errors {400, 401, 403, 404, 409, 415, 422, 500}

@endpoint GET /vulnerabilities/{vuln-id}/comments
@required {vuln-id: str(uuid)}
@returns(200) {data: [any], metadata: any, links: [any]}
@errors {400, 401, 403, 404, 415, 500}

@endpoint POST /vulnerabilities/{vuln-id}/comments
@required {vuln-id: str(uuid), content: str}
@optional {id: str(uuid), vulnerability: any, author: any, last_update_author: any, create_time: str, update_time: str}
@returns(201)
@errors {400, 401, 403, 404, 409, 415, 422, 500}

@endpoint GET /vulnerabilities/{vuln-id}/comments/{comment-id}
@required {vuln-id: str(uuid), comment-id: str(uuid)}
@returns(200) {id: str(uuid), vulnerability: any, author: any, last_update_author: any, content: str, create_time: str, update_time: str, links: [any]}
@errors {400, 401, 403, 404, 415, 500}

@endpoint PUT /vulnerabilities/{vuln-id}/comments/{comment-id}
@required {vuln-id: str(uuid), comment-id: str(uuid), content: str}
@optional {id: str(uuid), vulnerability: any, author: any, last_update_author: any, create_time: str, update_time: str}
@returns(200)
@errors {400, 401, 403, 404, 409, 415, 422, 500}

@endpoint DELETE /vulnerabilities/{vuln-id}/comments/{comment-id}
@required {vuln-id: str(uuid), comment-id: str(uuid)}
@returns(204)
@errors {400, 401, 403, 404, 409, 415, 500}

@endpoint GET /vulnerabilities/{vuln-id}/discoveries
@required {vuln-id: str(uuid)}
@optional {index: int(int32), size: int(int32), sort: str, page-token: str}
@returns(200) {data: [any], metadata: any, links: [any]}
@errors {400, 401, 403, 404, 415, 500}

@endpoint GET /vulnerabilities/{vuln-id}/discoveries/{vuln-discovery-id}
@required {vuln-id: str(uuid), vuln-discovery-id: str(uuid)}
@returns(200) {id: str(uuid), vulnerability: any, scan: any, discovered: str, links: [any]}
@errors {400, 401, 403, 404, 415, 500}

@endpoint GET /vulnerabilities/{vuln-id}/history
@required {vuln-id: str(uuid)}
@returns(200) {empty: bool, first: any, last: any}
@errors {400, 401, 403, 404, 415, 500}

@endpoint GET /vulnerabilities/{vuln-id}/variances/{variance-id}/documentation
@required {vuln-id: str(uuid), variance-id: str(uuid)}
@returns(200) {references: map, description: str, recommendation: str, id: str(uuid)}
@errors {400, 401, 403, 404, 415, 500}

@endgroup

@end