Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

The VINCE API is still under development, but we are making this documentation available for folks who might want to try it out in the meantime. Please let us know what changes you'd like by submitting a work in progress. Please provide feedback through VINCE or GitHub.

Table of Contents

...

Authentication

...

First, you have to login to the VINCE COMM UI and generate a key in your profile:

Image Removed

...

  1. Log in to VINCE.
  2. Go to your User Profile.
  3. Scroll down to "Generate API Key".
  4. Copy they API key to a safe place, you

...

  1. will not be able to access it again.

...

  1. If lost, you need to regenerate a new one.
  2. Use the

...

  1. API key in the headers of your

...

Code Examples

Note

Edits in progress. This note will be removed when the page is stable. - Allen D. Householder  

  1. request as shown below.

Image Added

Code Block
languagepy
headers={'Authorization': "Token {}".format(token)}

Code Examples

List groups (organizations) you belong to

Code Block
languagepy
# get information about organizations you belong to:
api = 'https://kb.cert.org/vince/comm/api/vendor/'
headers={'Authorization': "Token {}".format(token) }
r = requests.get(api, headers=headers, stream=True)
print(r.text)
# get all the vendors involved in VU#701582 (also gets their status and statements)
Code Block
Code Block
languagepy

# get a list of your cases
headers={'Authorization': "Token {}".format(token)}
api = 'https://kb.cert.org/vince/comm/api/cases/'
r = requests.get(api, headers=headers, stream=True)
print(r.text)
Code Block
# get information about VU#701852
api = 'https://kb.cert.org/vince/comm/api/case/701852/'
r = requests.get(api, headers=headers, stream=True)
print(r.text)
Code Block
# get all posts for case VU#701852
api = 'https://kb.cert.org/vince/comm/api/case/posts/701852/'
r = requests.get(api, headers=headers, stream=True)
print(r.text)
Code Block
# get the original report for VU#701852
api = 'https://kb.cert.org/vince/comm/api/case/report/701852/'
r = requests.get(api, headers=headers, stream=True)
print(r.text)
Code Block
# get the vuls for VU#701852
api = 'https://kb.cert.org/vince/comm/api/case/vuls/701852/'
r = requests.get(api, headers=headers, stream=True)
print(r.text)
js
API: /vince/comm/api/vendor #get information about vendors you belong to
[   {   'emails': ['test@example.com'],
        'id': 3548,
        'users': ['vince.user'],
        'vendor_name': 'VendorCorp'},
    {   'emails': ['test@example.com'],
        'id': 3551,
        'users': ['vince.user'],
        'vendor_name': 'Testing Co'},
    {   'emails': ['test@example.com', 'test3@example.com'],
        'id': 3549,
        'users': ['vince.user', 'Vince User'],
        'vendor_name': 'Testing Vendor'}]

List cases you are participating in

Code Block
languagepy
# get a list of your cases
headers={'Authorization': "Token {}".format(token)}
api = 'https://kb.cert.org/vince/comm/api/casecases/vendors/701852/'
r = requests.get(api, headers=headers, stream=True)
print(r.text)
Code Block
# get all the vendors and their status/statement/references for each specific vul
api = f'https://kb.cert.org/vince/comm/api/case/vendors/vuls/{case}/'
headers={'content-type':'application/json', 'Authorization': "Token {}".format(token) }
r = requests.get(api, headers=headers, stream=True)
print(r.text)
Code Block
# get the vulnerability note, if available
api = f'https://kb.cert.org/vince/comm/api/case/note/{case}/'
headers={'content-type':'application/json', 'Authorization': "Token {}".format(token) }
r = requests.get(api, headers=headers, stream=True)
print(r.text)
Code Block
#update vendor status
api = f'https://kb.cert.org/vince/comm/api/case/vendor/statement/{case}/'
data = [{'vendor': 3548, 
	'status':'Not Affected', 
	'references':["http://www.test.gov", "https://www.google.com"], 
	'share':True,
	'vulnerability':'CVE-2020-19293', 
	'statement': 'This is my statement'}, 
	{'vendor': 3548, 
	'status':'Affected', 
	'statement':"Test", 
	'references':["http://www.test.gov","https://www.google.com"], 
	'share':True,
	'vulnerability':'VU#785701.2'}]
r = requests.post(api, headers=headers, data=json.dumps(data))
print(r.text)
API: /vince/comm/api/vendor #get information about vendors you belong to [ { 'emails': ['emilytest@gmail.com'], 'id': 3548,
Code Block
languagejs
API: /vince/comm/api/cases # get a list of cases involved in
[   {   'created': '2020-06-11T18:51:48.204903Z',
        'due_date': None,
        'status': 'Active',
        'summary': 'test',
        'title': 'test',
        'vuid': '782161'},
    {   'created': '2020-04-28T19:48:50.216317Z',
        'due_date': '2018-07-23T14:20:09Z',
        'status': 'Inactive',
        'summary': 'TechSmash firmware or operating system software drivers '
                   'may not sufficiently validate elliptic curve parameters '
          'users': ['emily.sarneso'],         'vendor_name': 'Microsoft'},
    {   'emails': ['emilytest@gmail.com'],used to generate public keys during a Diffie-Hellman key '
         'id': 3551,         'users': ['emily.sarneso'],
        'vendor_name': 'Testing Co'},exchange, which may allow a remote attacker to obtain the '
          {   'emails': ['emilytest@gmail.com', 'emilytest2@gmail.com'],    'encryption key used by the device'id': 3549,
        'userstitle': ['emily.sarneso', 'Emily Ecoff'],'TechSmash implementations may not sufficiently validate '
           'vendor_name': 'Testing Vendor'}]   API: /vince/comm/api/cases # get a list of cases involved in
[   { 'elliptic curve parameters during Diffie-Hellman key exchange',
        'createdvuid': '2020-06-11T18:51:48.204903Z',
        'due_date': None,
        'status': 'Active',
        'summary': 'test',
        'title': 'test',
   3123125'}]

Get case metadata

Code Block
languagepy
# get information about VU#701852
api = 'https://kb.cert.org/vince/comm/api/case/701852/'
r = requests.get(api, headers=headers, stream=True)
print(r.text)
Code Block
languagejs
API: vince/comm/api/case/701852/ # get information about a specific case
{   'created': '2020-06-11T18:51:48.204903Z',
    'due_date': None,
    'vuidstatus': '785701Active'},
    {   'createdsummary': '2020-04-28T19:48:50.216317Ztest',
 
      'due_datetitle': '2018-07-23T14:20:09Ztest',
        'statusvuid': 'Inactive',
        'summary': 'Bluetooth firmware or operating system software drivers '
                   'may not sufficiently validate elliptic curve parameters '
     785701'}

Get message posts for case

Code Block
languagepy
# get all posts for case VU#701852
api = 'https://kb.cert.org/vince/comm/api/case/701852/posts/'
r = requests.get(api, headers=headers, stream=True)
print(r.text)
Code Block
languagejs
API: vince/comm/api/case/701852/posts/ # get all posts for a specific case
[   {   'author': 'vince.user',
        'content': 'The [draft vulnerability '
             'used to generate public keys during a Diffie-Hellman key '
   'note](http://localhost:8000/vince/comm/case/18/notedraft/) '
               'exchange, which may allow a'has remote attacker to obtain the 'been updated.',
        'created': '2020-11-17T19:13:07.866230Z',
         'pinned'encryption key used by the device': True},
    {    'titleauthor': 'vince.user'Bluetooth,
implementations may not sufficiently validate '   'content': 'Please [view this draft vulnerability '
        'elliptic curve parameters during Diffie-Hellman key exchange',         'vuid': '304725'}]

API: 'note](http://localhost:8000/vince/comm/apicase/case18/701852notedraft/).',
# get information about a specific case
{   'created': '2020-0611-11T1817T19:5107:4856.204903Z624450Z',
     'due_date   'pinned': NoneTrue},
    {   'statusauthor': 'Activevince.user',
        'summarycontent': 'test 2',
        'titlecreated': 'test2020-10-29T19:49:33.422875Z',
        'vuidpinned': '785701'False},
 API: vince/comm/api/case/posts/701852/ # get all posts for a specific case
[      {   'author': 'ecoffvince.user',
        'content': 'The [draft vulnerability 'test 1',
        'created': '2020-10-29T19:49:30.434164Z',
        'pinned':   'note](http://localhost:8000False}]

Get original report for case

Code Block
languagepy
# get the original report for VU#701852
api = 'https://kb.cert.org/vince/comm/api/case/18701852/notedraftreport/) '
r = requests.get(api, headers=headers, stream=True)
print(r.text)
Code Block
languagejs
API: /vince/comm/case/701582/report/ # get report for a specific case
{     'has been updated.',
'contact_email': 'joebob@vendor.example.com',
       'created'contact_name': '2020-11-17T19:13:07.866230ZJoe Bob',
        'pinned'contact_org': True}'VendorExample',
    {   'author'contact_phone': 'ecoff5551231234',
    'date_submitted': '2020-06-08T20:01:47.896419Z',
    'contentdisclosure_plans': 'Please',
[view this draft vulnerability 'exploit_references': '',
    'product_name': 'test',
    'product_version': 'v. 12.3',
     'note](http://localhost:8000/vince/comm/case/18/notedraft/).',
   'public_references': '',
    'share_release': True,
    'createdvendor_name': '2020-11-17T19:07:56.624450ZTest Vendor',
 
      'pinnedvul_description': True},'This is the description',
 {   'authorvul_disclose': 'emily.sarneso'True,
        'content''vul_discovery': 'test 2This is the discovery.',
  
     'createdvul_exploit': '2020-10-29T19:49:33.422875Z',
   This is the exploit',
    'pinnedvul_exploited': False}True,
  
 {   'authorvul_impact': 'emily.sarneso',This is the impact',
     'contentvul_public': 'test 1',
        'created': '2020-10-29T19:49:30.434164Z',
        'pinned': False}]

API: True}

List vulnerabilities for case

Code Block
languagepy
# get the vuls for VU#701852
api = 'https://kb.cert.org/vince/comm/api/case/report701852/701582vuls/'
r = requests.get(api, headers=headers, stream=True)
print(r.text)
Code Block
languagejs
API: /vince/comm/case/701582/vuls/ # get reportvuls for a specific case
[   {   'contact_emailcve': 'joebob@rapid7.com'None,
        'contactdate_nameadded': 'Joe Bob',2020-11-19T21:43:17.210726Z',
        'contact_orgdescription': 'Rapid 7',This is another vul without a cve.',
        'contact_phonename': '5551231234VU#785701.2'},
    {   'date_submittedcve': '2020-06-08T20:01:47.896419Z19293',
    'disclosure_plans': '',     'exploitdate_referencesadded': ''2020-10-22T15:30:11.888074Z',
    'product_name': 'test',     'product_versiondescription': 'v. 12.3',
    'public_references': '',
    'share_release': True,Test this is a vul.',
        'vendor_name': 'Test Vendor',
    'vul_description': 'This is the description',
    'vul_disclose': True,
    'vul_discovery': 'This is the discovery.',
    'vul_exploit': 'This is the exploit',
    'vul_exploited': TrueCVE-2020-19293'}]

List vendors for case

Code Block
languagepy
# get all the vendors involved in VU#701582 (also gets their status and statements)
api = 'https://kb.cert.org/vince/comm/api/case/701852/vendors/'
r = requests.get(api, headers=headers, stream=True)
print(r.text)
Code Block
languagejs
API: /vince/comm/case/701582/vendors/ # get vendors for a specific case
[   {   'cert_addendum': None,
        'vuldate_impactadded': 'This is the impact','2020-11-20T14:40:24.080886Z',
        'vul_publicreferences': True}

API: /vince/comm/case/vuls/701582/ # get vuls for a specific case
[   {   'cve': None'http://www.example.com\nhttps://www.example.org',
        'statement': 'Test',
        'statement_date_added': '2020-11-19T2123T19:4350:1744.210726Z813809Z',
        'descriptionstatus': 'This is another vul without a cve.Unknown',
        'namevendor': 'VU#785701.2VendorCorp'},
    {   'cvecert_addendum': '2020-19293'None,
        'date_added': '2020-10-22T1508T18:3027:1141.888074Z526942Z',
        'descriptionreferences': 'Test this is a vul.http://www.example.com\nhttps://www.example.org',
        'namestatement': 'CVE-2020-19293'}]

API: /vince/comm/case/vendors/701582/ # get vendors for a specific case
[Test',
      {   'certstatement_addendumdate': None'2020-11-19T21:26:32.399730Z',
        'date_addedstatus': '2020-11-20T14:40:24.080886ZAffected',
        'referencesvendor': 'http://www.test.gov\nhttps://www.google.com',
        'statement': 'Test',
        'statement_date': '2020-11-23T19:50:44.813809Z',
        'status': 'Unknown',
        'vendor': 'Microsoft'},
    {   'cert_addendum': None,
        'date_added': '2020-10-08T18:27:41.526942Z',
        'references': 'http://www.test.govTesting Co'}]

List vendors including status and statement for each vulnerability

Code Block
languagepy
# get all the vendors and their status/statement/references for each specific vul
api = f'https://kb.cert.org/vince/comm/api/case/701582/vendors/vuls/'
headers={'content-type':'application/json', 'Authorization': "Token {}".format(token) }
r = requests.get(api, headers=headers, stream=True)
print(r.text)
Code Block
languagejs
API: /vince/comm/case/701582/vendors/vuls/ # get vendors status for specific vuls
[   {   'references': 'http://www.example.com\nhttps://www.googleexample.comorg',
        'statement': 'Test',
        'statement_date': '2020-11-19T21:2647:3244.399730Z239683Z',
        'status': 'Affected',
        'vendor': 'Testing Co'}]
API: /vince/comm/case/vendors/vuls/701582/ # get vendors status for specific vuls
[,
        'vulnerability': 'VU#785701.2'},
    {   'references': 'http://www.testexample.govcom\nhttps://www.googleexample.comorg',
        'statement': 'TestThis is my statement',
        'statement_date': '2020-1110-19T2122T15:4738:4411.239683Z859615Z',
        'status': 'Not Affected',
        'vendor': 'Testing Co',
        'vulnerability': 'VU#785701.2CVE-2020-19293'},
    {   'references': 'http://www.test.gov\nhttps://www.google.com',
        'statement': 'This is my statement',
        'statement_date': '2020-1011-22T1520T15:3823:1118.859615Z997947Z',
        'status': 'Not AffectedUnknown',
        'vendor': 'Testing CoVendorCorp',
        'vulnerability': 'CVE-2020-19293VU#785701.2'},
    {   'references': '',
        'statement': '',
        'statement_date': '2020-11-20T15:23:18.997947Z938232Z',
        'status': 'Unknown',
        'vendor': 'MicrosoftVendorCorp',
        'vulnerability': 'VU#785701.2CVE-2020-19293'},]

Get Vulnerability Note text (if it exists)

Code Block
languagepy
# get the {   'references': ''vulnerability note, if available
api =     'statement': '',
        'statement_date': '2020-11-20T15:23:18.938232Z',
        'status': 'Unknown',
        'vendor': 'Microsoft',
        'vulnerability': 'CVE-2020-19293'}]

f'https://kb.cert.org/vince/comm/api/case/701582/note'
headers={'content-type':'application/json', 'Authorization': "Token {}".format(token) }
r = requests.get(api, headers=headers, stream=True)
print(r.text)
Code Block
languagejs
#API: /vince/comm/api/case/710582/note/710582/ # get draft vul note
{   'content': '### Overview\r\n'
               '\r\n'
               'Testing API so need some content.\r\n'
               '\r\n'
               '\r\n'
               '### Description\r\n'
               '\r\n'
               '### Impact\r\n'
               'The complete impact of this vulnerability is not yet known.\r\n'
               '\r\n'
               '### Solution\r\n'
               'The CERT/CC is currently unaware of a practical solution to '
               'this problem.\r\n'
               '\r\n'
               '### Acknowledgements\r\n'
               'Thanks to the reporter who wishes to remain anonymous.\r\n'
               '\r\n'
               'This document was written by Emily Sarneso.',
    'datefirstpublished': None,
    'dateupdated': '2020-11-17T19:13:07.755453Z',
    'published': False,
    'references': ['www.googleexample.comorg', 'www.testexample.com'],
    'revision': 2,
    'title': 'test',
    'vuid': '785701'}

Update vendor status

Code Block
languagepy
#update vendor status
api = f'https://kb.cert.org/vince/comm/api/case/{case}/vendor/statement/{case}/'
data = [{'vendor': 3548,   # vendor ID only required if user belongs to multiple vendors in a case
	'status':'Not Affected',  # required:
['Affected', 'Not Affected', 'Unknown']
	'references':["http://www.test.gov", "https://www.google.com"],  #
not required, must be a list 
	'share':True,
# not required, default = False
	'vulnerability'	'vulnerability':'CVE-2020-19293', # required - must be in the form 'CVE-xxxx-xxxxx' or
'VU#xxxxxx.n'
	'statement': 'This is my statement'}], 
# not required 


OLD JWT WAY: (This doesn't work anymore)

First you have to "login" to get your jwt (JSON web token).

Code Block
url = 'https://vince-test.cert-dit.org/vinny/auth/api-token-auth/'
r = requests.post(url, data={'username':user, 'password':password})
rj = r.json()
token = rj['token']

Examples:

Code Block
# get a list of your cases
headers={'Authorization': "Bearer {}".format(token)}
api = 'https://vince-test.cert-dit.org/vinny/api/cases/'
r = requests.get(api, headers=headers, stream=True)
print(r.text)


# get information about VU#701852
api = 'https://vince-test.cert-dit.org/vinny/api/case/701852/'
r = requests.get(api, headers=headers, stream=True)
print(r.text)


# get all posts for case VU#701852
api = 'https://vince-test.cert-dit.org/vinny/api/case/posts/701852/'
r = requests.get(api, headers=headers, stream=True)
print(r.text)


# get the original report for VU#701852
api = 'https://vince-test.cert-dit.org/vinny/api/case/report/701852/'
r = requests.get(api, headers=headers, stream=True)
print(r.text)


# get the vuls for VU#701852
api = 'https://vince-test.cert-dit.org/vinny/api/case/vuls/701852/'
r = requests.get(api, headers=headers, stream=True)
print(r.text)


# get all the vendors involved in VU#701582 (also gets their status and statements)
api = 'https://vince-test.cert-dit.org/vinny/api/case/vendors/701852/'
	{'vendor': 3548, 
	'status':'Affected', 
	'statement':"Test", 
	'references':["http://www.test.gov","https://www.google.com"], 
	'share':True,
	'vulnerability':'VU#785701.2'}]
r = requests.post(api, headers=headers, data=json.dumps(data))
print(r.text)
Code Block
languagejs
#update vendor status
api = f'https://kb.cert.org/vince/comm/api/case/{case}/vendor/statement/'
data = [{'vendor': 3548,   # vendor ID only required if user belongs to multiple vendors in a case
	'status':'Not Affected',  # required: ['Affected', 'Not Affected', 'Unknown']
	'references':["http://www.test.gov", "https://www.google.com"],  # not required, must be a list 
	'share':True, # not required, default = False
	'vulnerability':'CVE-2020-19293', # required - must be in the form 'CVE-xxxx-xxxxx' or 'VU#xxxxxx.n'
	'statement': 'This is my statement'}]  # not required 

Look up CVE IDs (must have access to case)

Code Block
# lookup CVE-2021-55555 - must have access to case otherwise 404 
api = f'https://kb.cert.org/vince/comm/api/cve/2021-55555/' 
headers={'content-type':'application/json', 'Authorization': "Token {}".format(token) } 
r = requests.get(api, headers=headers, stream=True) 
print(r.text)

...

Code Block
curlAPI: -XCVE POST -F 'username=[username]' -F 'password=[password]' https://vince-test.cert-dit.org/vinny/auth/api-token-auth/


{"token":"eyJraWQiOiJ2OXdycTNXXC9FbG9SV2NLanUwNUdRd20wbzgzMm1IUGpVZklEYUcxWUpwaz0iLCJhbGciOiJSUzI1NiJ9.eyJjdXN0b206dGl0bGUiOiJEZXZlbG9wZXIxIiwic3ViIjoiNTM3ZGQ4NjItYWExYy00NDRjLWEzNzMtOWFlNTNjOTZiZTdiIiwiY29nbml0bzpncm91cHMiOlsiQ0VSVFwvQ0MiXSwiZW1haWxfdmVyaWZpZWQiOnRydWUsImlzcyI6Imh0dHBzOlwvXC9jb2duaXRvLWlkcC51cy1lYXN0LTIuYW1hem9uYXdzLmNvbVwvdXMtZWFzdC0yXzFnb2hyTXNIViIsInBob25lX251bWJlcl92ZXJpZmllZCI6dHJ1ZSwiY29nbml0bzp1c2VybmFtZSI6IjUzN2RkODYyLWFhMWMtNDQ0Yy1hMzczLTlhZTUzYzk2YmU3YiIsInByZWZlcnJlZF91c2VybmFtZSI6IkVtaWx5IFNhcm5lc28iLCJnaXZlbl9uYW1lIjoiRW1pbHkiLCJsb2NhbGUiOiJVUyIsImF1ZCI6IjJldGhsZW9nZnVoY2swbDducGFycWhhc3VrIiwiZXZlbnRfaWQiOiIyZGE2N2RjOC00ZGU0LTQyMGMtOWIxYS0zNmM4OGM1YTI3MDkiLCJjdXN0b206T3JnYW5pemF0aW9uIjoiQ0VSVFwvQ0MiLCJ0b2tlbl91c2UiOiJpZCIsImF1dGhfdGltZSI6MTU4MDgyODYxNSwicGhvbmVfbnVtYmVyIjoiKzE0MTI1MTk2NDI2IiwiZXhwIjoxNTgwODMyMjE1LCJpYXQiOjE1ODA4Mjg2MTUsImZhbWlseV9uYW1lIjoiU2FybmVzbyIsImVtYWlsIjoiZWNvZmZAY2VydC5vcmcifQ.bVvX5gNPXoxOY3rgMyb4siY0T6KqR_F4GTiMR-xeGlE3BLuPVL646vsdflsjdlfjsldjfjalfjlajsdla;ldfjtAKp2Tl-6NCeCdJ4utVXpVNLSZ8pUpLclRGI1q--920eieh2O5dugp9tYrXf1D4OuiwMqzAM2MUFwwIFlCJB79O5THXrTtbpmfAp_XNafu94R5kP4VKtiMHd5_vRygPG2eydbCmox6oe1K44sZ1Guc5P4CQ9QYhpT7e8ICscnpKYvHWnnSAdcKguAmCcDPbytJywGohpT7ajxJAmmQRapbaqbHftlipKfkyjWPsxE0X3v8Uf-_WZG7z9yZjxdeeB-EP_V7z2WRoay8mWhjxJjCVHHbaxlqDA","email":"ecoff@cert.org"}Lookup: https://kb.cert.org/vince/comm/api/cve/2021-55555/

{   'case': {   'created': '2020-03-11T18:56:14.975973Z',
             curl https://vince-test.cert-dit.org/vinny/api/case/report/701852/ -H 'due_date'Accept: application/json' -H 'Authorization: Bearer eyJraWQiOiJ2OXdycTNXXC9FbG9SV2NLanUwNUdRd20wbzgzMm1IUGpVZklEYUcxWUpwaz0iLCJhbGciOiJSUzI1NiJ9.eyJjdXN0b206dGl0bGUiOiJEZXZlbG9wZXIxIiwic3ViIjoiNTM3ZGQ4NjItYWExYy00NDRjLWEzNzMtOWFlNTNjOTZiZTdiIiwiY29nbml0bzpncm91cHMiOlsiQ0VSVFwvQ0MiXSwiZW1haWxfdmVyaWZpZWQiOnRydWUsImlzcyI6Imh0dHBzOlwvXC9jb2duaXRvLWlkcC51cy1lYXN0LTIuYW1hem9uYXdzLmNvbVwvdXMtZWFzdC0yXzFnb2hyTXNIViIsInBob25lX251bWJlcl92ZXJpZmllZCI6dHJ1ZSwiY29nbml0bzp1c2VybmFtZSI6IjUzN2RkODYyLWFhMWMtNDQ0Yy1hMzczLTlhZTUzYzk2YmU3YiIsInByZWZlcnJlZF91c2VybmFtZSI6IkVtaWx5IFNhcm5lc28iLCJnaXZlbl9uYW1lIjoiRW1pbHkiLCJsb2NhbGUiOiJVUyIsImF1ZCI6IjJldGhsZW9nZnVoY2swbDducGFycWhhc3VrIiwiZXZlbnRfaWQiOiIyZGE2N2RjOC00ZGU0LTQyMGMtOWIxYS0zNmM4OGM1YTI3MDkiLCJjdXN0b206T3JnYW5pemF0aW9uIjoiQ0VSVFwvQ0MiLCJ0b2tlbl91c2UiOiJpZCIsImF1dGhfdGltZSI6MTU4MDgyODYxNSwicGhvbmVfbnVtYmVyIjoiKzE0MTI1MTk2NDI2IiwiZXhwIjoxNTgwODMyMjE1LCJpYXQiOjE1ODA4Mjg2MTUsImZhbWlseV9uYW1lIjoiU2FybmVzbyIsImVtYWlsIjoiZWNvZmZAY2VydC5vcmcifQ.bVvX5gNPXoxOY3rgMyb4siY0T6KqR_F4GTiMR-xeGlE3BLuPVL646vtAKp2Tl-6NCeCdJ4udsfsdfsdfsdfsfsdtVXpVNLSZ8pUpLclRGI1q--920eieh2O5dugp9tYrXf1D4OuiwMqzAM2MUFwwIFlCJB79O5THXrTtbpmfAp_XNafu94R5kP4VKtiMHd5_vRygPG2eydbCmox6oe1K44sZ1Guc5P4CQ9QYhpT7e8ICscnpKYvHWnnSAdcKguAmCcDPbytJywGohpT7ajxJAmmQRapbaqbHftlipKfkyjWPsxE0X3v8Uf-_WZG7z9yZjxdeeB-EP_V7z2WRoay8mWhjxJjCVHHbaxlqDA'


{"vendor_name":"AwesomeTools","product_name":"AwesomeTools Library v.1.2.3","product_version":"v.1.2.3","vul_description":"Buffer Overflow","vul_exploit":"Populate library data structure with string field with 10000 characters","vul_impact":"Code execution","vul_discovery":"Fuzzing","vul_public":false,"public_references":"","vul_exploited":false,"exploit_references":"","vul_disclose":false,"disclosure_plans":"","date_submitted":"2020-01-27T15:25:24.028635Z","share_release":true,"contact_name":"Emily Smith3w","contact_phone":"","contact_email":"emilysmith42675-usability3@yahoo.com","contact_org":"Usability"}
Warning

Items below this line are older API docs

Getting an Authentication Token

  1. Log in to VINCE.
  2. Go to your User Profile.
  3. Scroll down to "Generate API Key".
  4. Copy they API key to a safe place, you will not be able to access it again. If lost, you need to regenerate a new one.

Using the token

Code Block
headers={'Authorization': "Token {}".format(token)}

API Reference

List cases

Code Block
# get a list of your cases
api = 'https://[VINCE_URL]/comm/api/cases/'
r = requests.get(api, headers=headers, stream=True)
print(r.text)

Retrieve a specific case

Code Block
# get information about VU#701852
api = 'https://[VINCE_URL]/comm/api/case/701852/'
r = requests.get(api, headers=headers, stream=True)
print(r.text)

Retrieve posts for a case

Code Block
# get all posts for case VU#701852
api = 'https://[VINCE_URL]/comm/api/case/posts/701852/'
r = requests.get(api, headers=headers, stream=True)
print(r.text)

Retrieve original report for a case

Code Block
# get the original report for VU#701852
api = 'https://[VINCE_URL]/comm/api/case/report/701852/'
r = requests.get(api, headers=headers, stream=True)
print(r.text)

Retrieve vuls for a case

Code Block
# get the vuls for VU#701852
api = 'https://[VINCE_URL]/comm/api/case/vuls/701852/'
r = requests.get(api, headers=headers, stream=True)
print(r.text)

Retrieve vendors for a case

Code Block
# get all the vendors involved in VU#701582 (also gets their status and statements)
api = 'https://[VINCE_URL]/comm/api/case/vendors/701852/'
r = requests.get(api, headers=headers, stream=True)
print(r.text)'2020-03-25T0000Z',
                'status': 'Active',
                'summary': 'This is a summary',
                'title': 'This is a title',
                'vuid': '123456'},
    'note': 'NOT Public',
    'vendors': [ {   'references': '',
                       'statement': '',
                       'statement_date': '2020-11-20T11:05:07.603524Z',
                       'status': 'Unknown',
                       'vendor': 'Test Vendor',
                       'vulnerability': 'CVE-2021-55555'}],
    'vulnerability': {   'cve': '2021-55555',
                         'date_added': '2020-03-11T20:37:51.629151Z',
                         'description': 'This is a description of the vulnerability',
                         'name': 'CVE-2021-55555'}}