API Keys
Csper's API uses bearer token authentication.
You can get API keys from within your project/organization on Csper. Click the "API Keys" tab on the left.
Report Groups
The reportgroups
API is used to get an aggregated list of reports seen within a time range.
Request:
Response:
Query Parameters
Name | Description | Examples |
timeRange | The time range to include reports form. 'month' means all reports received in the last month. | minute, hour, day, week, month, all |
policy | Only include reports that belonged to a specific policyID | 65ca1bfe2929e8b66f446548 |
directives | Only include reports matching a specific set of directions | "", "script-src,style-src" |
Alerts
View open alert events.
Request:
Response:
{
"id": "65ca2f402f843a28a0278b7d",
"projectID": "5eaeea372ba071b64ed27a58",
"alertID": "65ca2efe73ec25009956ae9b",
"ts": "2024-02-12T14:46:24.373Z",
"link": "https://csper.io/p/5eaeea372ba071b64ed27a58/analysis/fc0174c7b16a5b151c8a4a08d880d5b258b68a7403b4a309fea76193d3e90bc4",
"report": {
"id": "65ca2f1b73ec25009956aea6",
"projectID": "5eaeea372ba071b64ed27a58",
"policyID": "65ca1bfe2929e8b66f446548",
"ts": "2024-02-12T14:45:47.969Z",
"rawReport": "{\"csp-report\":{\"document-uri\":\"https://myamazingwebsite.example.com/4b99f\",\"referrer\":\"\",\"violated-directive\":\"script-src-elem\",\"effective-directive\":\"script-src-elem\",\"original-policy\":\"default-src 'none'; script-src 'self' 'report-sample'; connect-src 'self'; img-src 'self'; style-src 'self' 'report-sample'; font-src 'self'; report-uri http://localhost:8080/endpoint/5eaeea372ba071b64ed27a58?v=1&demo=true&demo=true&uid=4b99f;\",\"disposition\":\"enforce\",\"blocked-uri\":\"https://code.jquery.com/jquery-3.4.1.js\",\"status-code\":200,\"script-sample\":\"\"}}",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36",
"queryStringTags": {
"demo": "true",
"v": "1"
},
"blockedURI": "https://code.jquery.com/jquery-3.4.1.js",
"disposition": "enforce",
"documentURI": "https://myamazingwebsite.example.com/4b99f",
"effectiveDirective": "script-src-elem",
"originalPolicy": "default-src 'none'; script-src 'self' 'report-sample'; connect-src 'self'; img-src 'self'; style-src 'self' 'report-sample'; font-src 'self'; report-uri http://localhost:8080/endpoint/5eaeea372ba071b64ed27a58?v=1&demo=true&demo=true&uid=4b99f;",
"referrer": "",
"scriptSample": "",
"statusCode": "200",
"violatedDirective": "script-src-elem",
"sourceFile": "",
"columnNumber": 0,
"lineNumber": 0,
"oddities": null,
"classification": "source",
"directive": "script-src",
"hash": "fc0174c7b16a5b151c8a4a08d880d5b258b68a7403b4a309fea76193d3e90bc4",
"blockedURIOrigin": "https://code.jquery.com",
"documentURIOrigin": "https://myamazingwebsite.example.com",
"sourceFileOrigin": "",
"browser": "chrome",
"os": "windows",
"device": "desktop",
"browserAge": "2020-02-05T00:00:00Z",
"count": 4,
"firstSeen": "2024-02-12T14:45:47.969Z",
"lastSeen": "2024-02-12T14:46:09.077Z",
"browsers": [
"firefox",
"safari",
"chrome"
]
},
"hash": "fc0174c7b16a5b151c8a4a08d880d5b258b68a7403b4a309fea76193d3e90bc4",
"name": "XSS Atempt",
"severity": "HIGH",
"description": "",
"conditionType": "NEW_REPORT_TYPE",
"directives": "base-uri,block-all-mixed-content,child-src,connect-src,default-src,disown-opener,font-src,form-action,frame-ancestors,frame-src,img-src,manifest-src,media-src,navigate-to,object-src,plugin-types,prefetch-src,prefrech-src,referrer,report-to,report-uri,require-sri-for,sandbox,script-src,style-src,upgrade-insecure-requests,webrtc-src,worker-src",
"classifications": "source,inline,eval,form,mixed-content,injected,bot,extension,unactionable,malformed",
"browsers": "chrome,firefox,safari,edge,ie,samsung,uc,other",
"isFilterOldBrowsers": false,
"isEmail": false,
"emailList": "",
"isAcknowledged": false,
"acknowledgedTime": "0001-01-01T00:00:00Z",
"acknowledgedComment": "",
"acknowledgedAuthor": ""
}
Support
If there is more you'd like to do with Csper's API, please let us know at product@csper.io! We're happy to open up more API endpoints.