Skip to content
/
Update an app

Push Security REST API (v1)

Overview

The Push Security REST API provides programmatic access to the administrative functionality of the Push platform. This API adheres to RESTful principles, featuring resource-oriented URLs that are predictable and easy to navigate.

The API uses JSON-formatted request bodies and responses along with standard HTTP response codes, authentication methods, and HTTP verbs.

Rate limits are in place to ensure consistent performance for all users.

Authentication

To interact with the Push Security API, you'll need an API key for authentication. To create or manage your API keys, go to the Settings page in the Push admin console.

When generating a new key, you have two permission levels to choose from: Read only and Full access. A Read only key lets you make GET requests, while Full access allows for all types of requests.

To authenticate your API requests, include a header named x-api-key and set its value to your API key.

All API calls must be made over HTTPS.

Rate limits

The Push Security API enforces rate limiting to ensure equitable access and maintain performance. Each user is permitted up to 10 API requests per second, with a temporary burst capacity that allows an additional 10 requests for brief intervals.

If you surpass these limits, the API will return a 429 status code as an indication.

Errors

The Push Security API uses standard HTTP response codes to signal the outcome of an API call. Here's what you need to know:

2xx codes: These indicate that your request was successful.

4xx codes: A client-side issue, usually because something is missing or incorrect in your request.

5xx codes: These suggest a problem on our end, although these occurrences are infrequent.

Common Response Codes

HTTP CodeDescription
200 OKYour request was successfully processed.
400 Bad RequestYour request is missing something or is incorrect. Double-check your parameters.
429 Too Many RequestsYou've exceeded the rate limits. Consider implementing exponential backoffs in your API calls.
500 Server ErrorSomething's not right on our end.

Versioning

You're currently working with version 1 of the Push Security API. Should there be any breaking changes in the future, we'll bump up the API version number. If you hold an active API key, we'll send you notifications over email about the deprecation date for the older version.

Download OpenAPI description
rest-v1.json
rest-v1.yaml
Overview
URL
https://pushsecurity.com/contact/
support
support@pushsecurity.com
License
Commercial
Terms of Service
Languages
Servers
https://api.pushsecurity.com/

Accounts

These objects represent the accounts (owned by employees) in your organization.

Operations

Accounts (Other)

These objects represent the accounts (other) (owned by employees) in your organization.

Operations

Apps

These objects represent the apps that have been found in your organization.

Operations

Retrieve an app

Request

Security
x-api-key
Path
idstringrequired

Unique identifier for the app

curl -i -X GET \
  'https://api.pushsecurity.com/v1/apps/{id}' \
  -H 'x-api-key: YOUR_API_KEY_HERE'

Responses

OK

Bodyapplication/json
idstring

Unique identifier for this object

Example: "2a2197de-ad2c-47e4-8dcb-fb0f04cf83e0"
typestring

The type of app, formatted as an ENUM value.

Example: "ZAPIER"
approvalStatusstring or null(ApprovalStatusType)

Approval status of the app, null if not set

Enum ValueDescription
UNDER_REVIEW

The app is under review

APPROVED

The app has been approved

NOT_APPROVED

The app has not been approved

sensitivityLevelstring or null(SensitivityLevelType)

The sensitivity level of the app, null if not set

Enum ValueDescription
HIGH

The sensitivity of the app is high

MEDIUM

The sensitivity of the app is medium

LOW

The sensitivity of the app is low

ownerIdstring or null

Identifier of the employee who is the owner of this platform

Example: "87569da6-fb7a-4df7-8ce2-246c14044911"
notesstring

Notes recorded on this app

Example: "Last security audit: 16 January 2023"
websitestring

URL to the app's homepage

Example: "https://zapier.com/"
descriptionstring

Description of the app's purpose

Example: "Zapier is a cloud-based automation tool that enables users to integrate and automate various web applications without requiring extensive coding knowledge, potentially streamlining workflows and processes."
friendlyNamestring

The friendly name of the app

Example: "Zapier"
labelsArray of strings

Labels associated with this app

Example: ["GenAI","marketing"]
creationTimestampinteger

When the app was first observed, formatted as a UNIX timestamp (in seconds)

Example: 1698064423
Response
application/json
{
  "id": "2a2197de-ad2c-47e4-8dcb-fb0f04cf83e0",
  "type": "ZAPIER",
  "approvalStatus": "UNDER_REVIEW",
  "sensitivityLevel": "HIGH",
  "ownerId": "87569da6-fb7a-4df7-8ce2-246c14044911",
  "notes": "Last security audit: 16 January 2023",
  "website": "https://zapier.com/",
  "description": "Zapier is a cloud-based automation tool that enables users to integrate and automate various web applications without requiring extensive coding knowledge, potentially streamlining workflows and processes.",
  "friendlyName": "Zapier",
  "labels": [
    "GenAI",
    "marketing"
  ],
  "creationTimestamp": 1698064423
}

Update an app

Request

Security
x-api-key
Path
idstringrequired

Unique identifier for the app

Bodyapplication/jsonrequired

Update an app's approval status, sensitivity level, and/or notes.

approvalStatusstring or null

The desired approval status for the app. If null, the current approval status will be unset.

Enum"APPROVED""NOT_APPROVED""UNDER_REVIEW"
Example: "APPROVED"
sensitivityLevelstring or null

The desired sensitivity level for the app. If null, the current sensitivity level will be unset.

Enum"HIGH""MEDIUM""LOW"
Example: "HIGH"
notesstring or null

The desired notes for the app. If null, any existing notes will be deleted.

Example: "Last security audit: 16 January 2024"
ownerIdstring or null

The employee ID for the owner of this app. If null, the current owner will be unset.

curl -i -X PATCH \
  'https://api.pushsecurity.com/v1/apps/{id}' \
  -H 'Content-Type: application/json' \
  -H 'x-api-key: YOUR_API_KEY_HERE' \
  -d '{}'

Responses

OK

Bodyapplication/json
idstring

Unique identifier for this object

Example: "2a2197de-ad2c-47e4-8dcb-fb0f04cf83e0"
typestring

The type of app, formatted as an ENUM value.

Example: "ZAPIER"
approvalStatusstring or null(ApprovalStatusType)

Approval status of the app, null if not set

Enum ValueDescription
UNDER_REVIEW

The app is under review

APPROVED

The app has been approved

NOT_APPROVED

The app has not been approved

sensitivityLevelstring or null(SensitivityLevelType)

The sensitivity level of the app, null if not set

Enum ValueDescription
HIGH

The sensitivity of the app is high

MEDIUM

The sensitivity of the app is medium

LOW

The sensitivity of the app is low

ownerIdstring or null

Identifier of the employee who is the owner of this platform

Example: "87569da6-fb7a-4df7-8ce2-246c14044911"
notesstring

Notes recorded on this app

Example: "Last security audit: 16 January 2023"
websitestring

URL to the app's homepage

Example: "https://zapier.com/"
descriptionstring

Description of the app's purpose

Example: "Zapier is a cloud-based automation tool that enables users to integrate and automate various web applications without requiring extensive coding knowledge, potentially streamlining workflows and processes."
friendlyNamestring

The friendly name of the app

Example: "Zapier"
labelsArray of strings

Labels associated with this app

Example: ["GenAI","marketing"]
creationTimestampinteger

When the app was first observed, formatted as a UNIX timestamp (in seconds)

Example: 1698064423
Response
application/json
{
  "id": "2a2197de-ad2c-47e4-8dcb-fb0f04cf83e0",
  "type": "ZAPIER",
  "approvalStatus": "UNDER_REVIEW",
  "sensitivityLevel": "HIGH",
  "ownerId": "87569da6-fb7a-4df7-8ce2-246c14044911",
  "notes": "Last security audit: 16 January 2023",
  "website": "https://zapier.com/",
  "description": "Zapier is a cloud-based automation tool that enables users to integrate and automate various web applications without requiring extensive coding knowledge, potentially streamlining workflows and processes.",
  "friendlyName": "Zapier",
  "labels": [
    "GenAI",
    "marketing"
  ],
  "creationTimestamp": 1698064423
}

Add a label to an app.

Request

Security
x-api-key
Path
idstringrequired

Unique identifier for the app

Bodyapplication/jsonrequired

Add a label to an app.

labelstringrequired

The label to add to the app (max 50 characters)

Example: "personal-use"
curl -i -X POST \
  'https://api.pushsecurity.com/v1/apps/{id}/labels' \
  -H 'Content-Type: application/json' \
  -H 'x-api-key: YOUR_API_KEY_HERE' \
  -d '{
    "label": "personal-use"
  }'

Responses

OK. Returns all labels associated with the app.

Bodyapplication/json
labelsArray of stringsrequired

The labels associated with the app.

Example: ["personal-use","other-label"]
Response
application/json
{
  "labels": [
    "personal-use",
    "other-label"
  ]
}

Apps (Other)

These objects represent the apps (other) that have been found in your organization.

Operations

Browsers

These objects represent the browsers (used by employees) in your organization.

Operations

Browser Extensions

Operations

Detections

Operations

Employees

These objects represent the employees in your organization.

Operations

Findings

These objects represent the findings that have been found in your organization.

Operations

URL blocking

These objects represent the blocked URLs configured in your organization.

Operations

Stolen credential detection

Manage custom stolen credentials that you have added to your organization for monitoring and enforcement.

Operations