API Orview

Using the Csper API you can grab recent alerts/reports and feed them directly into your own SIEM/project management tools.

API Keys

Csper's API uses bearer token authentication.

You can get API keys from within your project/organization on Csper. Click the "API Keys" tab on the left.

Report Groups

The reportgroups API is used to get an aggregated list of reports seen within a time range.

Request:

curl 'http://csper.io/api/projects/INSERT_PROJECTID/reportgroups?timeRange=month' -H "Authorization: bearer INSERT_TOKEN"

Response:

{
  "id": "65ca1c1a2929e8b66f446560",
  "ts": "2024-02-12T13:24:41.993Z",
  "firstSeen": "2024-02-12T13:24:41.993Z",
  "lastSeen": "2024-02-12T13:25:24.164Z",
  "count": 8,
  "projectID": "5eaeea372ba071b64ed27a58",
  "policyIDs": ["65ca1bfe2929e8b66f446548"],
  "hash": "fc0174c7b16a5b151c8a4a08d880d5b258b68a7403b4a309fea76193d3e90bc4",
  "classification": "source",
  "directive": "script-src",
  "browsers": ["chrome", "firefox", "safari"],
  "blockedURI": "https://code.jquery.com/jquery-3.4.1.js",
  "disposition": "enforce",
  "documentURI": "https://myamazingwebsite.example.com/6393e",
  "effectiveDirective": "script-src-elem",
  "originalPolicy": "default-src 'none'; script-src 'self' 'report-sample'; connect-src 'self'; img-src 'self'; style-src 'self' 'report-sample'; font-src 'self'; report-uri http://localhost:8080/endpoint/5eaeea372ba071b64ed27a58?v=1&demo=true&demo=true&uid=6393e;",
  "referrer": "",
  "scriptSample": "",
  "statusCode": "200",
  "violatedDirective": "script-src-elem",
  "sourceFile": "",
  "columnNumber": 0,
  "lineNumber": 0,
  "blockedURIOrigin": "https://code.jquery.com",
  "documentURIOrigin": "https://myamazingwebsite.example.com",
  "sourceFileOrigin": "",
  "buckets": [
    {
      "id": "65ca1c1ae5c580ffd48f6be8",
      "projectID": "5eaeea372ba071b64ed27a58",
      "policyID": "65ca1bfe2929e8b66f446548",
      "reportGroupID": "65ca1c1a2929e8b66f446560",
      "hash": "",
      "start": "2024-02-12T00:00:00Z",
      "duration": "day",
      "count": 8
    }
  ]
}

Query Parameters

NameDescriptionExamples
timeRange The time range to include reports form. 'month' means all reports received in the last month. minute, hour, day, week, month, all
policyOnly include reports that belonged to a specific policyID65ca1bfe2929e8b66f446548
directivesOnly include reports matching a specific set of directions"", "script-src,style-src"

Alerts

View open alert events.

Request:

curl 'http://csper.io/api/projects/INSERT_PROJECTID/alerts/events' -H "Authorization: bearer INSERT_TOKEN"

Response:


{
  "id": "65ca2f402f843a28a0278b7d",
  "projectID": "5eaeea372ba071b64ed27a58",
  "alertID": "65ca2efe73ec25009956ae9b",
  "ts": "2024-02-12T14:46:24.373Z",
  "link": "https://csper.io/p/5eaeea372ba071b64ed27a58/analysis/fc0174c7b16a5b151c8a4a08d880d5b258b68a7403b4a309fea76193d3e90bc4",
  "report": {
    "id": "65ca2f1b73ec25009956aea6",
    "projectID": "5eaeea372ba071b64ed27a58",
    "policyID": "65ca1bfe2929e8b66f446548",
    "ts": "2024-02-12T14:45:47.969Z",
    "rawReport": "{\"csp-report\":{\"document-uri\":\"https://myamazingwebsite.example.com/4b99f\",\"referrer\":\"\",\"violated-directive\":\"script-src-elem\",\"effective-directive\":\"script-src-elem\",\"original-policy\":\"default-src 'none'; script-src 'self' 'report-sample'; connect-src 'self'; img-src 'self'; style-src 'self' 'report-sample'; font-src 'self'; report-uri http://localhost:8080/endpoint/5eaeea372ba071b64ed27a58?v=1&demo=true&demo=true&uid=4b99f;\",\"disposition\":\"enforce\",\"blocked-uri\":\"https://code.jquery.com/jquery-3.4.1.js\",\"status-code\":200,\"script-sample\":\"\"}}",
    "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36",
    "queryStringTags": {
      "demo": "true",
      "v": "1"
    },
    "blockedURI": "https://code.jquery.com/jquery-3.4.1.js",
    "disposition": "enforce",
    "documentURI": "https://myamazingwebsite.example.com/4b99f",
    "effectiveDirective": "script-src-elem",
    "originalPolicy": "default-src 'none'; script-src 'self' 'report-sample'; connect-src 'self'; img-src 'self'; style-src 'self' 'report-sample'; font-src 'self'; report-uri http://localhost:8080/endpoint/5eaeea372ba071b64ed27a58?v=1&demo=true&demo=true&uid=4b99f;",
    "referrer": "",
    "scriptSample": "",
    "statusCode": "200",
    "violatedDirective": "script-src-elem",
    "sourceFile": "",
    "columnNumber": 0,
    "lineNumber": 0,
    "oddities": null,
    "classification": "source",
    "directive": "script-src",
    "hash": "fc0174c7b16a5b151c8a4a08d880d5b258b68a7403b4a309fea76193d3e90bc4",
    "blockedURIOrigin": "https://code.jquery.com",
    "documentURIOrigin": "https://myamazingwebsite.example.com",
    "sourceFileOrigin": "",
    "browser": "chrome",
    "os": "windows",
    "device": "desktop",
    "browserAge": "2020-02-05T00:00:00Z",
    "count": 4,
    "firstSeen": "2024-02-12T14:45:47.969Z",
    "lastSeen": "2024-02-12T14:46:09.077Z",
    "browsers": [
      "firefox",
      "safari",
      "chrome"
    ]
  },
  "hash": "fc0174c7b16a5b151c8a4a08d880d5b258b68a7403b4a309fea76193d3e90bc4",
  "name": "XSS Atempt",
  "severity": "HIGH",
  "description": "",
  "conditionType": "NEW_REPORT_TYPE",
  "directives": "base-uri,block-all-mixed-content,child-src,connect-src,default-src,disown-opener,font-src,form-action,frame-ancestors,frame-src,img-src,manifest-src,media-src,navigate-to,object-src,plugin-types,prefetch-src,prefrech-src,referrer,report-to,report-uri,require-sri-for,sandbox,script-src,style-src,upgrade-insecure-requests,webrtc-src,worker-src",
  "classifications": "source,inline,eval,form,mixed-content,injected,bot,extension,unactionable,malformed",
  "browsers": "chrome,firefox,safari,edge,ie,samsung,uc,other",
  "isFilterOldBrowsers": false,
  "isEmail": false,
  "emailList": "",
  "isAcknowledged": false,
  "acknowledgedTime": "0001-01-01T00:00:00Z",
  "acknowledgedComment": "",
  "acknowledgedAuthor": ""
}

Support

If there is more you'd like to do with Csper's API, please let us know at product@csper.io! We're happy to open up more API endpoints.