API Use Cases

Introducing the Cobalt API

The Cobalt RESTful API gives you access to your assets, pentests, findings, and more. With our API, you can integrate Cobalt into your development and application security workflows—and automate your pentest processes.

Here are some examples of how you can scale your workflows:

• Retrieve findings that our pentesters discovered during a pentest.
• Pull findings into your security dashboard to perform a holistic internal analysis.
• Integrate findings into your data visualization tool for a comprehensive view of your vulnerability and application landscape.

This document assumes that you can run curl in a command line on your system. You can also set up the REST calls in this book in other API clients such as Postman or Insomnia.

If you run curl from the command line, we recommend that you use the jq command line JSON processor to format output.

Format JSON Responses

Without the | jq., you may have output that looks like:

{"pagination":{"next_page":null,"prev_page":null},"data":[{"resource":{"id":"YOUR-ORG-ID","name":"ORG-NAME","token":"YOUR-V2-ORGANIZATION-TOKEN"},"links":{"ui":{"url":"URL-WITH-YOUR-PENTESTS"}}}]}

If you add a | jq . to the end of your REST call, you may find it easier to read the output:

{
  "pagination": {
    "next_page": null,
    "prev_page": null
  },
  "data": [
    {
      "resource": {
        "id": "YOUR-ORG-ID",
        "name": "ORG-NAME",
        "token": "YOUR-V2-ORGANIZATION-TOKEN"
      },
      "links": {
        "ui": {
          "url": "URL-WITH-YOUR-PENTESTS"
        }
      }
    }
  ]
}

For your convenience, we include | jq . in all of our sample REST calls that provide actual output.