Secure Code Warrior API API Reference

This Secure Code Warrior API provides programmatic access to company data.

Authentication

API access is disabled by default. Generate a new key from the Company Administration > [Edit Company] section.

The API key must be used in the header of the request, in the field X-API-Key. Please see the example calls using curl for an illustration.

curl -X GET "https://portal-api.securecodewarrior.com/api/v2/training/developer-leaderboard?report_period=7" -H "accept: application/json" -H "X-API-Key: d5b9ce1761f7da46799307494a806dc58dfd79f85e84552cf21a5a86eaa49548"

SCW API Endpoints

API Center: https://portal-api.securecodewarrior.com/api/v2

Example call using curl

curl -X GET "https://portal-api.securecodewarrior.com/api/v2/training/developer-leaderboard?report_period=7" -H "accept: application/json" -H "X-API-Key: d5b9ce1761f7da46799307494a806dc58dfd79f85e84552cf21a5a86eaa49548"

Request Content-Types: application/json
Response Content-Types: application/json
Version: 2.0.0

Authentication

APITokenFromHeader

API access is disabled by default. Generate a new key from the Company Administration > [Edit Company] section.

type
apiKey
in
header
name
X-API-Key

Training

Authorized Keys: Report API key, Admin API key, Team API Key

Get Developer Leaderboard

GET /training/developer-leaderboard

This endpoint returns a list of all developers within the organisation, with their current stats as well as the change in stats over the report period (which may be 1, 7 or 30 days).

report_period: integer 1, 7, 30
in query

The number of days over which to view the changes in statistics

page: integer
in query

The page number of results

startdate: string (dateTime)
in query

Include progress for leaderboard completed on or after the given time. Format: YYYY-MM-DDTHH:mm:ss.SSSZ

enddate: string (dateTime)
in query

Include progress for leaderboard completed on or before the given time. Format: YYYY-MM-DDTHH:mm:ss.SSSZ

Returns an array of leaderboard entries

400 Bad Request

Bad request.

422 Unprocessable Entity

An invalid page parameter was supplied (either a page that is higher than the total number of pages, or a page which is less that 1).

Response Example (200 OK)
{
  "report_period_in_days": 7,
  "leaderboard": [
    {
      "rank": 1,
      "developer": {
        "name": "Code Warrior",
        "email": "user@securecodewarrior.com",
        "member_since": "2018-01-01T04:57:47.715Z",
        "last_logged_in": "2018-01-01T04:57:47.715Z",
        "status": "enabled",
        "company": "Secure Code Warrior",
        "team": "Team Awesome",
        "tags": [
          "Syd branch"
        ],
        "roles": [
          "developer"
        ]
      },
      "overall_stats_over_report_period": {
        "installed_sensei": true,
        "used_sensei": true,
        "points_gained": 25,
        "accuracy_change": 21,
        "confidence_level_change": 28,
        "minutes_spent": 52,
        "challenges_correct": 32,
        "challenges_incorrect": 0
      },
      "challenges": [
        {
          "language": "Java Spring",
          "challenges_completed": 32,
          "total_challenges": 32,
          "progress": 100,
          "security_maturity": "Security Champion",
          "points": 120,
          "accuracy": 100,
          "confidence_level": 100,
          "minutes_spent": 52,
          "stats_over_report_period": {
            "points_gained": 25,
            "accuracy_change": 21,
            "confidence_level_change": 28,
            "minutes_spent": 52,
            "challenges_correct": 32,
            "challenges_incorrect": 0
          }
        }
      ],
      "challenges_summary": {
        "challenges_completed": 32,
        "total_challenges": 32,
        "progress": 100,
        "security_maturity": "Security Champion",
        "points": 6200,
        "accuracy": 100,
        "confidence_level": 100,
        "minutes_spent": 72
      }
    }
  ],
  "links": {
    "total_pages": 10,
    "results_per_page": 100,
    "next_page": 3,
    "prev_page": 1
  }
}

Get Developer Progress

GET /training/developers-progress

This endpoint returns the training progress of all developers within the organisation, with current realm, level and quest progress.

page: integer
in query

The page number of results

Returns an array of developer progress entries

400 Bad Request

Bad request.

422 Unprocessable Entity

An invalid page parameter was supplied (either a page that is higher than the total number of pages, or a page which is less that 1).

Response Example (200 OK)
{
  "developers": [
    {
      "developer": {
        "name": "Code Warrior",
        "email": "user@securecodewarrior.com",
        "member_since": "2018-01-01T04:57:47.715Z",
        "last_logged_in": "2018-01-01T04:57:47.715Z",
        "status": "enabled",
        "company": "Secure Code Warrior",
        "team": "Team Awesome",
        "tags": [
          "Syd branch"
        ],
        "roles": [
          "developer"
        ]
      },
      "languages": [
        {
          "name": "Java Spring",
          "language_progress": 100,
          "realms": [
            {
              "name": "Defend Your Code",
              "realm_progress": 100,
              "levels": [
                {
                  "name": "Most Critical Weaknesses",
                  "level_progress": 100,
                  "quests": [
                    {
                      "name": "SQL Injection",
                      "quest_progress": 100
                    }
                  ]
                }
              ]
            }
          ]
        }
      ]
    }
  ],
  "links": {
    "total_pages": 10,
    "results_per_page": 100,
    "next_page": 3,
    "prev_page": 1
  }
}

Get Developer Activity

GET /training/developers-activity

This endpoint returns the detailed challenge log of all developers within the organisation, with challenge score, difficulty and challenge outcome of the developer.

page: integer
in query

The page number of results

Returns an array of developer challenge log entries

400 Bad Request

Bad request.

422 Unprocessable Entity

An invalid page parameter was supplied (either a page that is higher than the total number of pages, or a page which is less that 1).

Response Example (200 OK)
{
  "activities": [
    {
      "developer": {
        "name": "Code Warrior",
        "email": "user@securecodewarrior.com",
        "member_since": "2018-01-01T04:57:47.715Z",
        "last_logged_in": "2018-01-01T04:57:47.715Z",
        "status": "enabled",
        "company": "Secure Code Warrior",
        "team": "Team Awesome",
        "tags": [
          "Syd branch"
        ],
        "roles": [
          "developer"
        ]
      },
      "challenge": {
        "language": "Java Spring",
        "realm": "Defend Your Code",
        "level": "Most Critical Weaknesses",
        "quest": "SQL Injection",
        "category": "Injection Flaws",
        "subcategory": "SQL Injection",
        "difficulty": "Hard",
        "started": "2018-01-17T04:57:47.715Z",
        "completed": "2018-01-18T04:57:47.715Z",
        "duration": 120,
        "status": "correct",
        "hints_used": 0,
        "score": 300,
        "max_score": 300,
        "select_vulnerability": {
          "attempt_index": 1,
          "status": "correct",
          "max_score": 100,
          "score": 100,
          "skipped": false
        },
        "locate_vulnerability": {
          "attempt_index": 1,
          "status": "correct",
          "max_score": 100,
          "score": 100
        },
        "identify_solution": {
          "attempt_index": 1,
          "status": "correct",
          "max_score": 100,
          "score": 100
        }
      }
    }
  ],
  "links": {
    "total_pages": 10,
    "results_per_page": 100,
    "next_page": 3,
    "prev_page": 1
  }
}

Get Team Leaderboard

GET /training/team-leaderboard

This endpoint returns a list of all teams within the organisation, with their current stats as well as the change in stats over the report period (which may be 1, 7 or 30 days).

report_period: integer 1, 7, 30
in query

The number of days over which to view the changes in statistics

omitInactive: boolean
in query

When set to true, will omit all inactive accounts from results

page: integer
in query

The page number of results

startdate: string (dateTime)
in query

Include progress for leaderboard completed on or after the given time. Format: YYYY-MM-DDTHH:mm:ss.SSSZ

enddate: string (dateTime)
in query

Include progress for leaderboard completed on or before the given time. Format: YYYY-MM-DDTHH:mm:ss.SSSZ

Returns all entries for the leaderboard

400 Bad Request

Bad request.

422 Unprocessable Entity

An invalid page parameter was supplied (either a page that is higher than the total number of pages, or a page which is less that 1).

Response Example (200 OK)
[
  {
    "report_period_in_days": 7,
    "leaderboard": [
      {
        "rank": 1,
        "name": "Team Awesome",
        "developers": 7,
        "points_average": 300,
        "points_total": 2100,
        "accuracy": 100,
        "confidence_level": 100,
        "time_spent": 100,
        "installed_sensei": 3,
        "stats_over_report_period": {
          "points_gained": 25,
          "accuracy_change": 21,
          "confidence_level_change": 28,
          "minutes_spent": 52,
          "challenges_correct": 32,
          "challenges_incorrect": 0
        }
      }
    ],
    "links": {
      "total_pages": 10,
      "results_per_page": 100,
      "next_page": 3,
      "prev_page": 1
    }
  }
]

Search Developer Leaderboard

POST /training/developer-leaderboard/search

This endpoint returns a list of all developers within the organisation, with their current stats. This also lists the change in stats over the report period (which may be 1, 7 or 30 days) or a given date range. Results can be filtered based on developer emails, developer tags and team names.

Leaderboard search filters

Request Example
{
  "report_period_in_days": 1,
  "startdate": "2017-01-01T00:00:00.000Z",
  "enddate": "2019-01-01T00:00:00.000Z",
  "users": "dev1@securecodewarrior.com, dev2@securecodewarrior.com",
  "team_names": "Company 1 Team 1, Company 1 Team 2",
  "tags": "tag-11, tag-12",
  "page": 1
}

Returns an array of leaderboard entries

400 Bad Request

Bad request.

422 Unprocessable Entity

An invalid page parameter was supplied (either a page that is higher than the total number of pages, or a page which is less that 1).

Response Example (200 OK)
{
  "report_period_in_days": 7,
  "leaderboard": [
    {
      "rank": 1,
      "developer": {
        "name": "Code Warrior",
        "email": "user@securecodewarrior.com",
        "member_since": "2018-01-01T04:57:47.715Z",
        "last_logged_in": "2018-01-01T04:57:47.715Z",
        "status": "enabled",
        "company": "Secure Code Warrior",
        "team": "Team Awesome",
        "tags": [
          "Syd branch"
        ],
        "roles": [
          "developer"
        ]
      },
      "overall_stats_over_report_period": {
        "installed_sensei": true,
        "used_sensei": true,
        "points_gained": 25,
        "accuracy_change": 21,
        "confidence_level_change": 28,
        "minutes_spent": 52,
        "challenges_correct": 32,
        "challenges_incorrect": 0
      },
      "challenges": [
        {
          "language": "Java Spring",
          "challenges_completed": 32,
          "total_challenges": 32,
          "progress": 100,
          "security_maturity": "Security Champion",
          "points": 120,
          "accuracy": 100,
          "confidence_level": 100,
          "minutes_spent": 52,
          "stats_over_report_period": {
            "points_gained": 25,
            "accuracy_change": 21,
            "confidence_level_change": 28,
            "minutes_spent": 52,
            "challenges_correct": 32,
            "challenges_incorrect": 0
          }
        }
      ],
      "challenges_summary": {
        "challenges_completed": 32,
        "total_challenges": 32,
        "progress": 100,
        "security_maturity": "Security Champion",
        "points": 6200,
        "accuracy": 100,
        "confidence_level": 100,
        "minutes_spent": 72
      }
    }
  ],
  "links": {
    "total_pages": 10,
    "results_per_page": 100,
    "next_page": 3,
    "prev_page": 1
  }
}

Search Developers Progress

POST /training/developers-progress/search

This endpoint returns the training progress of all developers within the organisation, with current realm, level and quest progress. This also lists the change in developer progress over the report period (which may be 1, 7 or 30 days) or a given date range. Results can be filtered based on developer emails, developer tags and team names.

Developer progress search filters

Request Example
{
  "report_period_in_days": 1,
  "startdate": "2017-01-01T00:00:00.000Z",
  "enddate": "2019-01-01T00:00:00.000Z",
  "users": "dev1@securecodewarrior.com, dev2@securecodewarrior.com",
  "team_names": "Company 1 Team 1, Company 1 Team 2",
  "tags": "tag-11, tag-12",
  "page": 1
}

Returns an array of developer progress entries

400 Bad Request

Bad request.

422 Unprocessable Entity

An invalid page parameter was supplied (either a page that is higher than the total number of pages, or a page which is less that 1).

Response Example (200 OK)
{
  "developers": [
    {
      "developer": {
        "name": "Code Warrior",
        "email": "user@securecodewarrior.com",
        "member_since": "2018-01-01T04:57:47.715Z",
        "last_logged_in": "2018-01-01T04:57:47.715Z",
        "status": "enabled",
        "company": "Secure Code Warrior",
        "team": "Team Awesome",
        "tags": [
          "Syd branch"
        ],
        "roles": [
          "developer"
        ]
      },
      "languages": [
        {
          "name": "Java Spring",
          "language_progress": 100,
          "realms": [
            {
              "name": "Defend Your Code",
              "realm_progress": 100,
              "levels": [
                {
                  "name": "Most Critical Weaknesses",
                  "level_progress": 100,
                  "quests": [
                    {
                      "name": "SQL Injection",
                      "quest_progress": 100
                    }
                  ]
                }
              ]
            }
          ]
        }
      ]
    }
  ],
  "links": {
    "total_pages": 10,
    "results_per_page": 100,
    "next_page": 3,
    "prev_page": 1
  }
}

Search Developers Activity

POST /training/developers-activity/search

This endpoint returns the detailed challenge log of all developers within the organisation, with challenge score, difficulty and challenge outcome of the developer. This also lists the challenge log over the report period (which may be 1, 7 or 30 days) or a given date range. Results can be filtered based on developer emails, developer tags and team names.

developer activity search filters

Request Example
{
  "report_period_in_days": 1,
  "startdate": "2017-01-01T00:00:00.000Z",
  "enddate": "2019-01-01T00:00:00.000Z",
  "users": "dev1@securecodewarrior.com, dev2@securecodewarrior.com",
  "team_names": "Company 1 Team 1, Company 1 Team 2",
  "tags": "tag-11, tag-12",
  "page": 1
}

Returns an array of developer challenge log entries

400 Bad Request

Bad request.

422 Unprocessable Entity

An invalid page parameter was supplied (either a page that is higher than the total number of pages, or a page which is less that 1).

Response Example (200 OK)
{
  "activities": [
    {
      "developer": {
        "name": "Code Warrior",
        "email": "user@securecodewarrior.com",
        "member_since": "2018-01-01T04:57:47.715Z",
        "last_logged_in": "2018-01-01T04:57:47.715Z",
        "status": "enabled",
        "company": "Secure Code Warrior",
        "team": "Team Awesome",
        "tags": [
          "Syd branch"
        ],
        "roles": [
          "developer"
        ]
      },
      "challenge": {
        "language": "Java Spring",
        "realm": "Defend Your Code",
        "level": "Most Critical Weaknesses",
        "quest": "SQL Injection",
        "category": "Injection Flaws",
        "subcategory": "SQL Injection",
        "difficulty": "Hard",
        "started": "2018-01-17T04:57:47.715Z",
        "completed": "2018-01-18T04:57:47.715Z",
        "duration": 120,
        "status": "correct",
        "hints_used": 0,
        "score": 300,
        "max_score": 300,
        "select_vulnerability": {
          "attempt_index": 1,
          "status": "correct",
          "max_score": 100,
          "score": 100,
          "skipped": false
        },
        "locate_vulnerability": {
          "attempt_index": 1,
          "status": "correct",
          "max_score": 100,
          "score": 100
        },
        "identify_solution": {
          "attempt_index": 1,
          "status": "correct",
          "max_score": 100,
          "score": 100
        }
      }
    }
  ],
  "links": {
    "total_pages": 10,
    "results_per_page": 100,
    "next_page": 3,
    "prev_page": 1
  }
}

Assessments

Authorized Keys: Report API key, Admin API key, Team API Key

Get Assessments

GET /assessments

This endpoint will return a list of Assessment objects which contain a range of datapoints related to assessments. This includes assessment IDs, which may be used in conjunction with the other assessments API endpoints.

page: integer
in query

The page number of results

startdate: string (dateTime)
in query

Only return assessments started on and after the given date. Format: YYYY-MM-DDTHH:mm:ss.SSSZ

enddate: string (dateTime)
in query

Only return assessments started or completed before the given date. Format: YYYY-MM-DDTHH:mm:ss.SSSZ

200 OK

Returns an array of Assessment objects

type
object
400 Bad Request

Bad request.

422 Unprocessable Entity

An invalid page parameter was supplied (either a page that is higher than the total number of pages, or a page which is less that 1).

Response Example (200 OK)
{
  "assessments": [
    {
      "_id": "5702d346c6bf9dfe533ffa6d",
      "status": "correct",
      "name": "Junior Developer Assessment",
      "description": "This assessment is useful for onboarding new developers into the team",
      "supported_languages": [
        "[\"Java Spring\", \"Ruby Rails\"]"
      ],
      "difficulty": "medium",
      "success_ratio": 75,
      "emits_certificate": true,
      "time_limit": 3600000,
      "start_date": "2018-01-17T04:57:47.715Z",
      "end_date": "2018-01-18T04:57:47.715Z",
      "timezone": "Australia/Sydney",
      "number_of_challenges": 21,
      "self_assess": true,
      "retries_allowed": true
    }
  ],
  "links": {
    "total_pages": 10,
    "results_per_page": 100,
    "next_page": 3,
    "prev_page": 1
  }
}

Get Assessment Attempts

GET /assessments/{assessment_id}/attempts

This endpoint returns a detailed report for all developers who have taken the Assessment with the given ID. The scope of the report may be filtered in a number of ways. You may filter results to a given developer by supplying their email address with the query. If a start date is supplied, only attempts started or completed after (and including) this date are included. If an end date is supplied, only challenges started or completed before this date are included. Providing both indicates a date range to filter on. This includes all the data in the summary report plus details on all the challenges that are a part of the assessment.

assessment_id: string
in path

The assessment ID

page: integer
in query

The page number of results

developer: string
in query

The email address of the developer to filter on

startdate: string (dateTime)
in query

Only return attempts started on and after the given date. Format: YYYY-MM-DDTHH:mm:ss.SSSZ

enddate: string (dateTime)
in query

Only return attempts started or completed before the given date. Format: YYYY-MM-DDTHH:mm:ss.SSSZ

200 OK

Returns the detailed assessment data

type
object
400 Bad Request

Bad request.

403 Forbidden

Forbidden.

422 Unprocessable Entity

An invalid page parameter was supplied (either a page that is higher than the total number of pages, or a page which is less that 1).

Response Example (200 OK)
{
  "attempts": [
    {
      "_id": "string",
      "_assessment": "5702d346c6bf9dfe533ffa6d",
      "name": "Junior Developer Assessment",
      "developer": {
        "name": "Code Warrior",
        "email": "user@securecodewarrior.com",
        "member_since": "2018-01-01T04:57:47.715Z",
        "last_logged_in": "2018-01-01T04:57:47.715Z",
        "status": "enabled",
        "company": "Secure Code Warrior",
        "team": "Team Awesome",
        "tags": [
          "Syd branch"
        ],
        "roles": [
          "developer"
        ]
      },
      "status": "correct",
      "language": "Java Spring",
      "started": "2018-01-17T04:57:47.715Z",
      "completed": "2018-01-18T04:57:47.715Z",
      "deadline": "2018-01-19T04:57:47.715Z",
      "score": 100,
      "completed_in": "2 seconds",
      "passing_grade": 30,
      "pass_status": "Passed",
      "progress": {
        "correct": 25,
        "incorrect": 0,
        "number_of_challenges": 25,
        "completed": 25
      },
      "accuracy": {
        "located": 100,
        "identified": 100,
        "fixed": 100
      },
      "challenges": [
        {
          "number": 1,
          "category": "Injection Flaws",
          "subcategory": "SQL Injection",
          "difficulty": "medium",
          "status": "correct",
          "max_score": 300,
          "score": 300,
          "locate": {
            "status": "correct"
          },
          "identify": {
            "status": "correct"
          },
          "fix": {
            "status": "correct"
          }
        }
      ]
    }
  ],
  "links": {
    "total_pages": 10,
    "results_per_page": 100,
    "next_page": 3,
    "prev_page": 1
  }
}

Search Assessment

POST /assessments/search

This endpoint will return a list of Assessment objects which contain a range of datapoints related to assessments. This includes assessment IDs, which may be used in conjunction with the other assessments API endpoints. Results can be filtered based on status, name, supported language and difficulty.

Assessments search filters

Request Example
{
  "status": "enabled",
  "name": "Example assessment",
  "supported_languages": [
    {
      "_id": "java",
      "_framework": "spring"
    }
  ],
  "difficulty": "easy",
  "page": 1
}
200 OK

Returns an array of Assessment objects

type
object
400 Bad Request

Bad request.

422 Unprocessable Entity

An invalid page parameter was supplied (either a page that is higher than the total number of pages, or a page which is less that 1).

Response Example (200 OK)
{
  "assessments": [
    {
      "_id": "5702d346c6bf9dfe533ffa6d",
      "status": "correct",
      "name": "Junior Developer Assessment",
      "description": "This assessment is useful for onboarding new developers into the team",
      "supported_languages": [
        "[\"Java Spring\", \"Ruby Rails\"]"
      ],
      "difficulty": "medium",
      "success_ratio": 75,
      "emits_certificate": true,
      "time_limit": 3600000,
      "start_date": "2018-01-17T04:57:47.715Z",
      "end_date": "2018-01-18T04:57:47.715Z",
      "timezone": "Australia/Sydney",
      "number_of_challenges": 21,
      "self_assess": true,
      "retries_allowed": true
    }
  ],
  "links": {
    "total_pages": 10,
    "results_per_page": 100,
    "next_page": 3,
    "prev_page": 1
  }
}

Search Assessment Attempts

POST /assessments/attempts/search

This endpoint returns a detailed report for all developers who have taken the Assessment with the given ID. The scope of the report may be filtered in a number of ways. You may filter results to given developer(s) by supplying their email address(es) with the query. If a status is supplied, only assessment attempts with specified status are included. If team name(s) supplied, only assessment attempts of users within those team(s) are included. If tags(s) supplied, only assessment attempts of users with those tag(s) are included. If a pass_status is supplied, only assessment attempts with specified pass_status are included. This includes all the data in the summary report plus details on all the challenges that are a part of the assessment.

Assessment attempts search filters

Request Example
{
  "assessment_id": "51c258a2551350e514d1ae24",
  "name": "Junior Developer Assessment",
  "users": "dev1@securecodewarrior.com, dev2@securecodewarrior.com",
  "status": "pending",
  "team_names": "Company 1 Team 1, Company 1 Team 2",
  "tags": "tag-11, tag-12",
  "pass_status": "pass",
  "page": 1
}
200 OK

Returns the detailed assessment data

type
object
400 Bad Request

Bad request.

422 Unprocessable Entity

An invalid page parameter was supplied (either a page that is higher than the total number of pages, or a page which is less that 1).

Response Example (200 OK)
{
  "attempts": [
    {
      "_id": "string",
      "_assessment": "5702d346c6bf9dfe533ffa6d",
      "name": "Junior Developer Assessment",
      "developer": {
        "name": "Code Warrior",
        "email": "user@securecodewarrior.com",
        "member_since": "2018-01-01T04:57:47.715Z",
        "last_logged_in": "2018-01-01T04:57:47.715Z",
        "status": "enabled",
        "company": "Secure Code Warrior",
        "team": "Team Awesome",
        "tags": [
          "Syd branch"
        ],
        "roles": [
          "developer"
        ]
      },
      "status": "correct",
      "language": "Java Spring",
      "started": "2018-01-17T04:57:47.715Z",
      "completed": "2018-01-18T04:57:47.715Z",
      "deadline": "2018-01-19T04:57:47.715Z",
      "score": 100,
      "completed_in": "2 seconds",
      "passing_grade": 30,
      "pass_status": "Passed",
      "progress": {
        "correct": 25,
        "incorrect": 0,
        "number_of_challenges": 25,
        "completed": 25
      },
      "accuracy": {
        "located": 100,
        "identified": 100,
        "fixed": 100
      },
      "challenges": [
        {
          "number": 1,
          "category": "Injection Flaws",
          "subcategory": "SQL Injection",
          "difficulty": "medium",
          "status": "correct",
          "max_score": 300,
          "score": 300,
          "locate": {
            "status": "correct"
          },
          "identify": {
            "status": "correct"
          },
          "fix": {
            "status": "correct"
          }
        }
      ]
    }
  ],
  "links": {
    "total_pages": 10,
    "results_per_page": 100,
    "next_page": 3,
    "prev_page": 1
  }
}

Assign Assessments

POST /assessments/{assessment_id}/assign

This endpoint will assign the given assessment to the specified users/teams. Returns a list of users that were assigned to the assessment with their email, inviteUrl and status indicating whether invite email was sent.

Assign assessment to users/teams

assessment_id: string
in path

The assessment ID

Request Example
{
  "users": [
    "dev1@securecodewarrior.com"
  ],
  "teams": [
    "Company 1 Team 1"
  ],
  "sendEmail": false
}
200 OK

Returns an array of users with details about assessment assignment

type
object
400 Bad Request

Bad request.

413 Request Entity Too Large

Too many users to be handled per request. Please split the request into small ones and request multiple times.

422 Unprocessable Entity

An invalid page parameter was supplied (either a page that is higher than the total number of pages, or a page which is less that 1).

Response Example (200 OK)
{
  "assessmentInvitations": [
    {
      "user": "dev3@securecodewarrior.com",
      "inviteEmailSent": true,
      "inviteUrl": "https://portal.securecodewarrior.com/#/invite-accept/..."
    }
  ]
}

Tournaments

Authorized Keys: Report API key, Admin API key

Get Tournaments

GET /tournaments

This endpoint returns a list of tournaments in the company.

page: integer
in query

The page number of results

name: string
in query

Tournament name

startdate: string (dateTime)
in query

Only return tournaments that start on or after the given time. Format: YYYY-MM-DDTHH:mm:ss.SSSZ

enddate: string (dateTime)
in query

Only return tournaments that finish on or before the given time. time: YYYY-MM-DDTHH:mm:ss.SSSZ

200 OK

Returns the tournament ids

type
object
400 Bad Request

Bad request.

422 Unprocessable Entity

An invalid page parameter was supplied (either a page that is higher than the total number of pages, or a page which is less that 1).

Response Example (200 OK)
{
  "tournaments": [
    {
      "_id": "58454294bc0cedf458849d49",
      "name": "Annual Tournament",
      "description": "Get ready for the ultimate tournament! Test your skills and win some prizes.",
      "start_time": "2018-01-17T04:57:47.715Z",
      "end_time": "2018-01-21T04:57:47.715Z",
      "timezone": "Australia/Sydney"
    }
  ],
  "links": {
    "total_pages": 10,
    "results_per_page": 100,
    "next_page": 3,
    "prev_page": 1
  }
}

Get Tournament Leaderboard

GET /tournaments/{tournament_id}/leaderboard

This endpoint returns the leaderboard for a single tournament. This includes all levels, challenges and stages that the developer participated in, with detailed metrics of each.

tournament_id: string
in path

The tournament ID

page: integer
in query

The page number of results

200 OK

Returns the detailed tournament data

type
object
Response Example (200 OK)
{
  "leaderboard": [
    {
      "rank": 1,
      "developer": {
        "name": "Code Warrior",
        "email": "user@securecodewarrior.com",
        "member_since": "2018-01-01T04:57:47.715Z",
        "last_logged_in": "2018-01-01T04:57:47.715Z",
        "status": "enabled",
        "company": "Secure Code Warrior",
        "team": "Team Awesome",
        "tags": [
          "Syd branch"
        ],
        "roles": [
          "developer"
        ]
      },
      "blocked": false,
      "minutes_spent": 45,
      "language": "Java Spring",
      "max_points": 4000,
      "points": 3500,
      "hints_used": 25,
      "lives_lost": 10,
      "levels": [
        {
          "name": "Level 1",
          "challenges": [
            {
              "number": 1,
              "category": "Injection Flaws",
              "subcategory": "SQL Injection",
              "difficulty": "hard",
              "status": "correct",
              "max_points": 350,
              "points": 320,
              "codebase_size": "large",
              "minutes_spent": 3,
              "stages": [
                {
                  "number": 1,
                  "name": "Locate Vulnerability",
                  "status": "correct",
                  "points": 320,
                  "max_points": 350,
                  "minutes_spent": 3,
                  "lives_lost": 1,
                  "hints_used": 0
                }
              ]
            }
          ]
        }
      ]
    }
  ],
  "links": {
    "total_pages": 10,
    "results_per_page": 100,
    "next_page": 3,
    "prev_page": 1
  }
}

Search Tournament Leaderboard

POST /tournaments/{tournament_id}/leaderboard/search

This endpoint returns the leaderboard for a single tournament. This includes all levels, challenges and stages that the developer participated in, with detailed metrics of each. This endpoint can also return the leaderboard over a report period (which may be 1, 7 or 30 days) or a given date range. Results can be filtered based on developer emails, developer tags and team names.

Tournament Leaderboard search filters

tournament_id: string
in path

The tournament ID

Request Example
{
  "report_period_in_days": 1,
  "startdate": "2017-01-01T00:00:00.000Z",
  "enddate": "2019-01-01T00:00:00.000Z",
  "users": "dev1@securecodewarrior.com, dev2@securecodewarrior.com",
  "team_names": "Company 1 Team 1, Company 1 Team 2",
  "tags": "tag-11, tag-12",
  "page": 1
}
200 OK

Returns the detailed tournament participant data

type
object
Response Example (200 OK)
{
  "leaderboard": [
    {
      "rank": 1,
      "developer": {
        "name": "Code Warrior",
        "email": "user@securecodewarrior.com",
        "member_since": "2018-01-01T04:57:47.715Z",
        "last_logged_in": "2018-01-01T04:57:47.715Z",
        "status": "enabled",
        "company": "Secure Code Warrior",
        "team": "Team Awesome",
        "tags": [
          "Syd branch"
        ],
        "roles": [
          "developer"
        ]
      },
      "blocked": false,
      "minutes_spent": 45,
      "language": "Java Spring",
      "max_points": 4000,
      "points": 3500,
      "hints_used": 25,
      "lives_lost": 10,
      "levels": [
        {
          "name": "Level 1",
          "challenges": [
            {
              "number": 1,
              "category": "Injection Flaws",
              "subcategory": "SQL Injection",
              "difficulty": "hard",
              "status": "correct",
              "max_points": 350,
              "points": 320,
              "codebase_size": "large",
              "minutes_spent": 3,
              "stages": [
                {
                  "number": 1,
                  "name": "Locate Vulnerability",
                  "status": "correct",
                  "points": 320,
                  "max_points": 350,
                  "minutes_spent": 3,
                  "lives_lost": 1,
                  "hints_used": 0
                }
              ]
            }
          ]
        }
      ]
    }
  ],
  "links": {
    "total_pages": 10,
    "results_per_page": 100,
    "next_page": 3,
    "prev_page": 1
  }
}

Learning

Authorized Keys: Report API key, Admin API key, Team API Key

Shows learning resources which have be completed, read or watched.

GET /learning/progress

Learning description

page: integer
in query

The page number of results

200 OK

Returns the detailed learning progress data

type
object
Response Example (200 OK)
{
  "developers": [
    {
      "profile": {
        "name": "Code Warrior",
        "email": "user@securecodewarrior.com",
        "member_since": "2018-01-01T04:57:47.715Z",
        "last_logged_in": "2018-01-01T04:57:47.715Z",
        "status": "enabled",
        "company": "Secure Code Warrior",
        "team": "Team Awesome",
        "tags": [
          "Syd branch"
        ],
        "roles": [
          "developer"
        ]
      },
      "completed": [
        {
          "resource": [
            "Application Security Weaknesses",
            "Web",
            "Data Handling",
            "Injection Flaws",
            "SQL Injection"
          ],
          "time_completed": "2018-01-01T04:57:47.715Z"
        }
      ]
    }
  ],
  "links": {
    "total_pages": 10,
    "results_per_page": 100,
    "next_page": 3,
    "prev_page": 1
  }
}

Get Resources

GET /learning/resources

Learning resources list

200 OK

Returns the list of learning resources

type
object
Response Example (200 OK)
{
  "resources": [
    {
      "id": "security_fundamentals",
      "name": "Security Fundamentals",
      "items": [
        {
          "id": "application_security_concepts",
          "name": "Application Security Concepts"
        }
      ]
    }
  ]
}

Search Learning Progress

POST /learning/progress/search

Learning description Filters - users, teams and tags

learning progress search filters

Request Example
{
  "users": "dev1@securecodewarrior.com, dev2@securecodewarrior.com",
  "team_names": "Company 1 Team 1, Company 1 Team 2",
  "tags": "tag-11, tag-12",
  "page": 1
}
200 OK

Returns the detailed learning progress data

type
object
400 Bad Request

Bad request.

422 Unprocessable Entity

An invalid page parameter was supplied (either a page that is higher than the total number of pages, or a page which is less that 1).

Response Example (200 OK)
{
  "developers": [
    {
      "profile": {
        "name": "Code Warrior",
        "email": "user@securecodewarrior.com",
        "member_since": "2018-01-01T04:57:47.715Z",
        "last_logged_in": "2018-01-01T04:57:47.715Z",
        "status": "enabled",
        "company": "Secure Code Warrior",
        "team": "Team Awesome",
        "tags": [
          "Syd branch"
        ],
        "roles": [
          "developer"
        ]
      },
      "completed": [
        {
          "resource": [
            "Application Security Weaknesses",
            "Web",
            "Data Handling",
            "Injection Flaws",
            "SQL Injection"
          ],
          "time_completed": "2018-01-01T04:57:47.715Z"
        }
      ]
    }
  ],
  "links": {
    "total_pages": 10,
    "results_per_page": 100,
    "next_page": 3,
    "prev_page": 1
  }
}

Users

Authorized Keys: Admin API key

Get Users

GET /users

This is used to retrieve all user records. The response may be shaped by passing in a fields query parameter listing the attribute names to return.

fields: string[] email,role,name,status,tags,team.name,preferredDevLanguages
in query

Only returns the attributes provided. Each attribute should be comma separated.

Array values passed separated by comma: ?fields=aaa,bbb
page: integer 1
in query

Returns the given page number of a paginated result set. Page sizes are 1000 records.

200 OK

Returns a list of UserData

400 Bad Request

A bad request error

413 Request Entity Too Large

The request entity was too large. Limit is 1mb.

422 Unprocessable Entity

Invalid Input Error

Response Content-Types: application/json
Response Example (200 OK)
{
  "users": [
    {
      "id": "c0f1d2b3-ae71-440a-82fc-95d5fec4d91e",
      "email": "user@securecodewarrior.com",
      "role": "developer",
      "name": {
        "first": "Secure",
        "middle": "Code",
        "last": "Warrior"
      },
      "status": "enabled",
      "invite-date": "2020-01-01T00:00:00.000Z",
      "team": {
        "name": "Team Awesome"
      },
      "tags": [
        "Syd branch"
      ],
      "preferredDevLanguages": [
        {
          "_id": "java",
          "_framework": "spring"
        }
      ]
    }
  ]
}
Response Example (400 Bad Request)
{
  "statusCode": 422,
  "error": "Unprocessable Entity",
  "message": "Team license limit reached. Contact your company admin for an upgrade",
  "code": "902",
  "request-id": "54d8a210-c27b-11e9-9e7e-c9a96cdbf4cb"
}
Response Example (413 Request Entity Too Large)
{
  "statusCode": 422,
  "error": "Unprocessable Entity",
  "message": "Team license limit reached. Contact your company admin for an upgrade",
  "code": "902",
  "request-id": "54d8a210-c27b-11e9-9e7e-c9a96cdbf4cb"
}
Response Example (422 Unprocessable Entity)
{
  "statusCode": 422,
  "error": "Unprocessable Entity",
  "message": "Team license limit reached. Contact your company admin for an upgrade",
  "code": "902",
  "request-id": "54d8a210-c27b-11e9-9e7e-c9a96cdbf4cb"
}

Create a user

POST /users

Creates a User.

User object to be added

sendInvite: boolean
in query

Flag to disable user invite and invite reminders.

Request Content-Types: application/json
Request Example
{
  "enabled": true,
  "email": "user@securecodewarrior.com",
  "role": "developer",
  "team": "Team Awesome",
  "tags": [
    "Syd branch"
  ],
  "preferredDevLanguages": [
    {
      "_id": "java",
      "_framework": "spring"
    }
  ]
}
201 Created

User Created

400 Bad Request

A bad request error

413 Request Entity Too Large

The request entity was too large. Limit is 1mb.

422 Unprocessable Entity

An error response

Response Example (201 Created)
{
  "id": "c0f1d2b3-ae71-440a-82fc-95d5fec4d91e",
  "statusCode": 201,
  "message": "User Created",
  "code": "100",
  "request-id": "54d8a210-c27b-11e9-9e7e-c9a96cdbf4cb"
}
Response Example (400 Bad Request)
{
  "statusCode": 422,
  "error": "Unprocessable Entity",
  "message": "Team license limit reached. Contact your company admin for an upgrade",
  "code": "902",
  "request-id": "54d8a210-c27b-11e9-9e7e-c9a96cdbf4cb"
}
Response Example (413 Request Entity Too Large)
{
  "statusCode": 422,
  "error": "Unprocessable Entity",
  "message": "Team license limit reached. Contact your company admin for an upgrade",
  "code": "902",
  "request-id": "54d8a210-c27b-11e9-9e7e-c9a96cdbf4cb"
}
Response Example (422 Unprocessable Entity)
{
  "statusCode": 422,
  "error": "Unprocessable Entity",
  "message": "Team license limit reached. Contact your company admin for an upgrade",
  "code": "902",
  "request-id": "54d8a210-c27b-11e9-9e7e-c9a96cdbf4cb"
}

Search Users

POST /users/search

This is used to retrieve all user records. The response may be shaped by passing in a fields query parameter listing the attribute names to return. Filter is achieved by passing the filter criteria through the body.

User object to be added

fields: string[] email,role,name,status,tags,team.name,preferredDevLanguages
in query

Only returns the attributes provided. Each attribute should be comma separated.

Array values passed separated by comma: ?fields=aaa,bbb
page: integer 1
in query

Returns the given page number of a paginated result set. Page sizes are 1000 records.

Request Example
{
  "id": "c0f1d2b3-ae71-440a-82fc-95d5fec4d91e",
  "email": "user@securecodewarrior.com",
  "role": "developer",
  "team": "Team Awesome",
  "tags": [
    "Syd branch"
  ]
}
200 OK

Returns a list of UserData

400 Bad Request

A bad request error

413 Request Entity Too Large

The request entity was too large. Limit is 1mb.

422 Unprocessable Entity

Invalid Input Error

Response Content-Types: application/json
Response Example (200 OK)
{
  "users": [
    {
      "id": "c0f1d2b3-ae71-440a-82fc-95d5fec4d91e",
      "email": "user@securecodewarrior.com",
      "role": "developer",
      "name": {
        "first": "Secure",
        "middle": "Code",
        "last": "Warrior"
      },
      "status": "enabled",
      "invite-date": "2020-01-01T00:00:00.000Z",
      "team": {
        "name": "Team Awesome"
      },
      "tags": [
        "Syd branch"
      ],
      "preferredDevLanguages": [
        {
          "_id": "java",
          "_framework": "spring"
        }
      ]
    }
  ]
}
Response Example (400 Bad Request)
{
  "statusCode": 422,
  "error": "Unprocessable Entity",
  "message": "Team license limit reached. Contact your company admin for an upgrade",
  "code": "902",
  "request-id": "54d8a210-c27b-11e9-9e7e-c9a96cdbf4cb"
}
Response Example (413 Request Entity Too Large)
{
  "statusCode": 422,
  "error": "Unprocessable Entity",
  "message": "Team license limit reached. Contact your company admin for an upgrade",
  "code": "902",
  "request-id": "54d8a210-c27b-11e9-9e7e-c9a96cdbf4cb"
}
Response Example (422 Unprocessable Entity)
{
  "statusCode": 422,
  "error": "Unprocessable Entity",
  "message": "Team license limit reached. Contact your company admin for an upgrade",
  "code": "902",
  "request-id": "54d8a210-c27b-11e9-9e7e-c9a96cdbf4cb"
}

Get User

GET /users/{id}

This is used to retrieve a single user record. The response may be shaped by passing in a fields query parameter listing the attribute names to return.

fields: string[] email,role,name,status,tags,team.name,preferredDevLanguages
in query

Only returns the attributes specified in the Filter. Each attribute should be comma separated.

Array values passed separated by comma: ?fields=aaa,bbb
id: string (string)
in path

The user resource ID.

idtype: string email
in query

Used to classify the type of user ID in the URL.

200 OK
400 Bad Request

A bad request error

413 Request Entity Too Large

The request entity was too large. Limit is 1mb.

422 Unprocessable Entity

Invalid Input Error

Response Content-Types: application/json
Response Example (200 OK)
{
  "id": "c0f1d2b3-ae71-440a-82fc-95d5fec4d91e",
  "email": "user@securecodewarrior.com",
  "role": "developer",
  "name": {
    "first": "Secure",
    "middle": "Code",
    "last": "Warrior"
  },
  "status": "enabled",
  "invite-date": "2020-01-01T00:00:00.000Z",
  "team": {
    "name": "Team Awesome"
  },
  "tags": [
    "Syd branch"
  ],
  "preferredDevLanguages": [
    {
      "_id": "java",
      "_framework": "spring"
    }
  ]
}
Response Example (400 Bad Request)
{
  "statusCode": 422,
  "error": "Unprocessable Entity",
  "message": "Team license limit reached. Contact your company admin for an upgrade",
  "code": "902",
  "request-id": "54d8a210-c27b-11e9-9e7e-c9a96cdbf4cb"
}
Response Example (413 Request Entity Too Large)
{
  "statusCode": 422,
  "error": "Unprocessable Entity",
  "message": "Team license limit reached. Contact your company admin for an upgrade",
  "code": "902",
  "request-id": "54d8a210-c27b-11e9-9e7e-c9a96cdbf4cb"
}
Response Example (422 Unprocessable Entity)
{
  "statusCode": 422,
  "error": "Unprocessable Entity",
  "message": "Team license limit reached. Contact your company admin for an upgrade",
  "code": "902",
  "request-id": "54d8a210-c27b-11e9-9e7e-c9a96cdbf4cb"
}

Delete User

DELETE /users/{id}

Deletes the user referenced by the given ID.

idtype: string email
in query

Used to classify the type of user ID in the URL.

id: string (string)
in path

The user resource ID.

idtype: string email
in query

Used to classify the type of user ID in the URL.

200 OK

User Deleted

400 Bad Request

A bad request error

413 Request Entity Too Large

The request entity was too large. Limit is 1mb.

422 Unprocessable Entity

An error response

Response Example (200 OK)
{
  "statusCode": 200,
  "message": "User Deleted",
  "code": "102",
  "request-id": "54d8a210-c27b-11e9-9e7e-c9a96cdbf4cb"
}
Response Example (400 Bad Request)
{
  "statusCode": 422,
  "error": "Unprocessable Entity",
  "message": "Team license limit reached. Contact your company admin for an upgrade",
  "code": "902",
  "request-id": "54d8a210-c27b-11e9-9e7e-c9a96cdbf4cb"
}
Response Example (413 Request Entity Too Large)
{
  "statusCode": 422,
  "error": "Unprocessable Entity",
  "message": "Team license limit reached. Contact your company admin for an upgrade",
  "code": "902",
  "request-id": "54d8a210-c27b-11e9-9e7e-c9a96cdbf4cb"
}
Response Example (422 Unprocessable Entity)
{
  "statusCode": 422,
  "error": "Unprocessable Entity",
  "message": "Team license limit reached. Contact your company admin for an upgrade",
  "code": "902",
  "request-id": "54d8a210-c27b-11e9-9e7e-c9a96cdbf4cb"
}

Update User

PATCH /users/{id}

Updates a user with the given data. Tags will be replaced.

Updates resource with the provided values

idtype: string email
in query

Used to classify the type of user ID in the URL.

id: string (string)
in path

The user resource ID.

idtype: string email
in query

Used to classify the type of user ID in the URL.

Request Content-Types: application/json
Request Example
{
  "enabled": false,
  "role": "developer",
  "team": "Team Awesome",
  "tags": [
    "Syd branch"
  ],
  "preferredDevLanguages": [
    {
      "_id": "java",
      "_framework": "spring"
    }
  ]
}
200 OK

User Updated

400 Bad Request

A bad request error

413 Request Entity Too Large

The request entity was too large. Limit is 1mb.

422 Unprocessable Entity

An error response

Response Example (200 OK)
{
  "statusCode": 200,
  "message": "User Updated",
  "code": "103",
  "request-id": "54d8a210-c27b-11e9-9e7e-c9a96cdbf4cb"
}
Response Example (400 Bad Request)
{
  "statusCode": 422,
  "error": "Unprocessable Entity",
  "message": "Team license limit reached. Contact your company admin for an upgrade",
  "code": "902",
  "request-id": "54d8a210-c27b-11e9-9e7e-c9a96cdbf4cb"
}
Response Example (413 Request Entity Too Large)
{
  "statusCode": 422,
  "error": "Unprocessable Entity",
  "message": "Team license limit reached. Contact your company admin for an upgrade",
  "code": "902",
  "request-id": "54d8a210-c27b-11e9-9e7e-c9a96cdbf4cb"
}
Response Example (422 Unprocessable Entity)
{
  "statusCode": 422,
  "error": "Unprocessable Entity",
  "message": "Team license limit reached. Contact your company admin for an upgrade",
  "code": "902",
  "request-id": "54d8a210-c27b-11e9-9e7e-c9a96cdbf4cb"
}

Teams

Authorized Keys: Admin API key

Create a team

POST /team

This is used to create a team.

Properties to create team with.

Request Example
{
  "name": "New Sample Team",
  "activeFrom": "2017-01-01T00:00:00.000Z",
  "activeUntil": "2019-01-01T00:00:00.000Z",
  "languages": [
    "java::spring",
    "java::ee",
    "nodejs::express"
  ],
  "onboardingmessage": "Sample on boarding message",
  "licensing": {
    "training": {
      "type": "usage",
      "granted": 50
    },
    "assessments": {
      "type": "usage",
      "granted": 50
    },
    "tournaments": {
      "type": "usage",
      "granted": 50
    }
  }
}
200 OK

Team create.

400 Bad Request

Bad request.

422 Unprocessable Entity

Invalid request parameters.

Response Example (200 OK)
{
  "id": "123fdab9ea7834e11e84a5bb",
  "name": "Demo Team",
  "onboardingMessage": "Sample on boarding message",
  "status": "enabled",
  "memberJoinToken": "544219613",
  "companyName": "Demo Company",
  "languages": [
    "Java Spring",
    "Java Enterprise Edition (JSP)",
    "JavaScript Node.js (Express)"
  ]
}

Get team details

GET /team/{team_id}

This is used to get details of a team.

team_id: string
in path

Team ID

200 OK

Team details.

400 Bad Request

Bad request.

422 Unprocessable Entity

Invalid request parameters.

Response Example (200 OK)
{
  "id": "123fdab9ea7834e11e84a5bb",
  "name": "Demo Team",
  "onboardingMessage": "Sample on boarding message",
  "status": "enabled",
  "memberJoinToken": "544219613",
  "companyName": "Demo Company",
  "languages": [
    "Java Spring",
    "Java Enterprise Edition (JSP)",
    "JavaScript Node.js (Express)"
  ]
}

Delete team

DELETE /team/{team_id}

This is used to delete a team.

team_id: string
in path

Team ID

Delete team response.

400 Bad Request

Bad request.

422 Unprocessable Entity

Invalid request parameters.

Response Example (200 OK)
{
  "deleteStatus": "success"
}

Update team details

PATCH /team/{team_id}

This is used to update details of a team.

Team properties to update

team_id: string
in path

Team ID

Request Example
{
  "name": "New Updated Team",
  "status": "enabled",
  "onboardingmessage": "Sample on boarding message",
  "languages": [
    "java::spring",
    "java::ee",
    "nodejs::express"
  ]
}
200 OK

Updated Team In Response.

400 Bad Request

Bad request.

422 Unprocessable Entity

Invalid request parameters.

Response Example (200 OK)
{
  "id": "123fdab9ea7834e11e84a5bb",
  "name": "Demo Team",
  "onboardingMessage": "Sample on boarding message",
  "status": "enabled",
  "memberJoinToken": "544219613",
  "companyName": "Demo Company",
  "languages": [
    "Java Spring",
    "Java Enterprise Edition (JSP)",
    "JavaScript Node.js (Express)"
  ]
}

URL fetcher

Authorized Keys: Report API key, Admin API key, Team API Key

Get Course URL

GET /url-fetcher/course

JSON containing course URL

language_framework: string (up to 32 chars)
in query

Name of language and framework in the format of "Java::Spring"

course: string (up to 64 chars)
in query

Name of course

module: string (up to 64 chars)
in query

Name of course module

redirect: boolean
in query

Redirects user to the return URL

200 OK

Returns a course URL

302 Found

Redirect straight to course URL

Response Example (200 OK)
{
  "url": "https://portal.securecodewarrior.com/#/game/013/play/java/spring/realm/training_ground/level/common_weaknesses"
}

Metrics

Authorized Keys: Report API key, Admin API key, Team API Key

Get Activity Strengths and Weaknesses

GET /metrics/activity/strengths-and-weaknesses

This endpoint returns the average strengths and weaknesses for a company, team or user (depending on the level of granularity of the query) for a specific language or all languages

targetType: string company, team, developer
in query

Type of target. Defaults depending on the scope of the API key. Report key defaults to company. Team key defaults to team.

targetIdentifier: string
in query

Target Identifier (Team Name, User email or User Id)

languageId: string
in query

Language Id

languageFramework: string
in query

Language Framework

page: integer
in query

The page number of results

Returns an object containing strengths and weaknesses by management categories

400 Bad Request

Bad request.

422 Unprocessable Entity

An invalid page parameter was supplied (either a page that is higher than the total number of pages, or a page which is less that 1).

Response Example (200 OK)
{
  "auth": {
    "challenges": {
      "attempted": 727,
      "correct": 276,
      "incorrect": 451,
      "percentageCorrect": 38,
      "ratioCorrect": 0.3796423658872077
    },
    "hints": {
      "confidenceLevel": 94,
      "total": 4030,
      "used": 260
    },
    "points": 65686,
    "timeSpent": 99442723
  },
  "data_handling": {
    "challenges": {
      "attempted": 727,
      "correct": 276,
      "incorrect": 451,
      "percentageCorrect": 38,
      "ratioCorrect": 0.3796423658872077
    },
    "hints": {
      "confidenceLevel": 94,
      "total": 4030,
      "used": 260
    },
    "points": 65686,
    "timeSpent": 99442723
  },
  "misconfig": {
    "challenges": {
      "attempted": 727,
      "correct": 276,
      "incorrect": 451,
      "percentageCorrect": 38,
      "ratioCorrect": 0.3796423658872077
    },
    "hints": {
      "confidenceLevel": 94,
      "total": 4030,
      "used": 260
    },
    "points": 65686,
    "timeSpent": 99442723
  },
  "practices": {
    "challenges": {
      "attempted": 727,
      "correct": 276,
      "incorrect": 451,
      "percentageCorrect": 38,
      "ratioCorrect": 0.3796423658872077
    },
    "hints": {
      "confidenceLevel": 94,
      "total": 4030,
      "used": 260
    },
    "points": 65686,
    "timeSpent": 99442723
  },
  "sensitive_data": {
    "challenges": {
      "attempted": 727,
      "correct": 276,
      "incorrect": 451,
      "percentageCorrect": 38,
      "ratioCorrect": 0.3796423658872077
    },
    "hints": {
      "confidenceLevel": 94,
      "total": 4030,
      "used": 260
    },
    "points": 65686,
    "timeSpent": 99442723
  },
  "other": {
    "challenges": {
      "attempted": 727,
      "correct": 276,
      "incorrect": 451,
      "percentageCorrect": 38,
      "ratioCorrect": 0.3796423658872077
    },
    "hints": {
      "confidenceLevel": 94,
      "total": 4030,
      "used": 260
    },
    "points": 65686,
    "timeSpent": 99442723
  }
}

Get Team Activity Most Engaged

GET /metrics/activity/teams/most-engaged

This endpoint returns the top 'N' most engaged teams.

report_period: integer 1, 7, 30
in query

The number of days over which to view most engaged teams (report_period should be specified alone or with enddate)

startdate: string
in query

Start date for date range (should not be specified with report_period). Format: YYYY-MM-DDTHH:mm:ss.SSSZ

enddate: string
in query

End date for date range (should be greater than startdate). Format: YYYY-MM-DDTHH:mm:ss.SSSZ

number_of_teams: integer
in query

Top 'N' number of teams

tags: string
in query

User tags

page: integer
in query

The page number of results

Returns an array of teams

400 Bad Request

Bad request.

422 Unprocessable Entity

An invalid page parameter was supplied (either a page that is higher than the total number of pages, or a page which is less that 1).

Response Example (200 OK)
{
  "teams": [
    {
      "name": "Demo Team",
      "status": "enabled",
      "timeSpent": 826765
    }
  ],
  "links": {
    "total_pages": 10,
    "results_per_page": 100,
    "next_page": 3,
    "prev_page": 1
  }
}

Get Users Activity Most Engaged

GET /metrics/activity/users/most-engaged

This endpoint returns the top 'N' most engaged users.

report_period: integer 1, 7, 30
in query

The number of days over which to view most engaged users (report_period should be specified alone or with enddate)

startdate: string
in query

Start date for date range (should not be specified with report_period). Format: YYYY-MM-DDTHH:mm:ss.SSSZ

enddate: string
in query

End date for date range (should be greater than startdate). Format: YYYY-MM-DDTHH:mm:ss.SSSZ

number_of_users: integer
in query

Top 'N' number of users

team_name: string
in query

Team Name

tags: string
in query

User tags

page: integer
in query

The page number of results

Returns an array of users

400 Bad Request

Bad request.

422 Unprocessable Entity

An invalid page parameter was supplied (either a page that is higher than the total number of pages, or a page which is less that 1).

Response Example (200 OK)
{
  "users": [
    {
      "name": "Demo User",
      "status": "enabled",
      "timeSpent": 826765,
      "resourceID": "105a1bd6-c985-4a9f-abd8-9ac5cdf0c237"
    }
  ],
  "links": {
    "total_pages": 10,
    "results_per_page": 100,
    "next_page": 3,
    "prev_page": 1
  }
}

Get time spent

GET /metrics/time-spent

Time spent on the platform across Assessments, Learning, Tournaments and Training.

page: integer
in query

The page number of results

id: string
in query

Filter results based on user Id in UUID format

email: string
in query

Filter results based on email

tags: string
in query

Filter results base to show users with the tags. Specified tags are seperated by commas and uses OR logic to filter results.

team: string
in query

Filter results to show users belong to specified team

startdate: string (dateTime)
in query

Filter results to include results from start of day. Date format 'YYYY-MM-DD'. In UTC

enddate: string (dateTime)
in query

Filter results to including all results till end of day. Date format 'YYYY-MM-DD'. In UTC

200 OK

Returns list of users with logs of their time-spent per activity.

type
object
400 Bad Request

Bad request.

422 Unprocessable Entity

Invalid request parameters

Response Example (200 OK)
{
  "users": [
    {
      "id": "c0f1d2b3-ae71-440a-82fc-95d5fec4d91e",
      "email": "user@securecodewarrior.com",
      "name": {
        "first": "Secure",
        "middle": "Code",
        "last": "Warrior"
      },
      "tags": [
        "Syd branch"
      ],
      "status": "enabled",
      "team": {
        "name": "Team Awesome"
      },
      "time-spent": [
        {
          "date": "2020-01-01",
          "activity": {
            "Assessments": 30,
            "Learning": 60,
            "Tournaments": 129,
            "Training": 300
          }
        }
      ]
    }
  ],
  "links": {
    "total_pages": 10,
    "results_per_page": 100,
    "next_page": 3,
    "prev_page": 1
  }
}

Get Activity Top Performers

GET /metrics/activity-top-performers

This is used to retrieve list of top performing users.

report_period: integer 1, 7, 30
in query

The number of days over which to view the changes in statistics

num_users: integer 10
in query

The number of top performers to be returned

page: integer
in query

The page number of results

tags: string
in query

Filter results to show top peformers for the specified tags. Specified tags are seperated by commas and uses OR logic to filter results.

team: string
in query

Filter results to show top performers for the given team

starttime: string (dateTime)
in query

Includes points from progress completed on or after the given time. Format: YYYY-MM-DDTHH:mm:ss.SSSZ

endtime: string (dateTime)
in query

Include points from progress completed on or before the given time. Format: YYYY-MM-DDTHH:mm:ss.SSSZ

200 OK

List of top performing users.

type
object
400 Bad Request

Bad request.

422 Unprocessable Entity

Invalid request parameters.

Response Example (200 OK)
{
  "schema": {
    "report_period_in_days": 7,
    "top_performers": [
      {
        "points": 90000,
        "id": "c0f1d2b3-ae71-440a-82fc-95d5fec4d91e",
        "email": "user@securecodewarrior.com",
        "name": {
          "first": "Secure",
          "middle": "Code",
          "last": "Warrior"
        },
        "tags": [
          "Syd branch"
        ],
        "status": "enabled",
        "team": {
          "name": "Team Awesome"
        }
      }
    ],
    "links": {
      "total_pages": 10,
      "results_per_page": 100,
      "next_page": 3,
      "prev_page": 1
    }
  }
}

Schema Definitions

Tournament: object

_id: string

The ID of the tournament

name: string

The name of the tournament

description: string

The tournament description

start_time: string (dateTime)

The time the tournament starts

end_time: string (dateTime)

The time the tournament ends

timezone: string

The timezone that the tournament is being held in

Example
{
  "_id": "58454294bc0cedf458849d49",
  "name": "Annual Tournament",
  "description": "Get ready for the ultimate tournament! Test your skills and win some prizes.",
  "start_time": "2018-01-17T04:57:47.715Z",
  "end_time": "2018-01-21T04:57:47.715Z",
  "timezone": "Australia/Sydney"
}

TournamentLeaderboardSearch: object

Tournament leaderboard search filters

report_period_in_days: integer

The number of days into the past to report on (valid values - 1, 7 and 30 days)

startdate: string

developer leaderboard completed on or after the given time. Format: YYYY-MM-DDTHH:mm:ss.SSSZ

enddate: string

developer leaderboard completed on or before the given time. Format: YYYY-MM-DDTHH:mm:ss.SSSZ

users: string

Users to include in leaderboard (one or more user emails, separated by comma)

team_names: string

Team names (one or more team names, separated by comma)

tags: string

User tags (one or more user tags, separated by comma)

page: integer

The page number of results

Example
{
  "report_period_in_days": 1,
  "startdate": "2017-01-01T00:00:00.000Z",
  "enddate": "2019-01-01T00:00:00.000Z",
  "users": "dev1@securecodewarrior.com, dev2@securecodewarrior.com",
  "team_names": "Company 1 Team 1, Company 1 Team 2",
  "tags": "tag-11, tag-12",
  "page": 1
}

TournamentParticipant: object

rank: integer

The final position of the participant within the tournament

developer: Developer
blocked: boolean

Whether this participant was blocked from the tournnament

minutes_spent: integer

How long the developer spent answering (in minutes)

language: string

The language/framework the the participant used

max_points: integer

The maximum amount of points available in the tournament

points: integer

The amount of points the participant gained

hints_used: integer

Number of hints the participant used

lives_lost: integer

The number of lives the participant lost during the tournament

levels: Level

The levels of the challenge

Level
Example
{
  "rank": 1,
  "developer": {
    "name": "Code Warrior",
    "email": "user@securecodewarrior.com",
    "member_since": "2018-01-01T04:57:47.715Z",
    "last_logged_in": "2018-01-01T04:57:47.715Z",
    "status": "enabled",
    "company": "Secure Code Warrior",
    "team": "Team Awesome",
    "tags": [
      "Syd branch"
    ],
    "roles": [
      "developer"
    ]
  },
  "blocked": false,
  "minutes_spent": 45,
  "language": "Java Spring",
  "max_points": 4000,
  "points": 3500,
  "hints_used": 25,
  "lives_lost": 10,
  "levels": [
    {
      "name": "Level 1",
      "challenges": [
        {
          "number": 1,
          "category": "Injection Flaws",
          "subcategory": "SQL Injection",
          "difficulty": "hard",
          "status": "correct",
          "max_points": 350,
          "points": 320,
          "codebase_size": "large",
          "minutes_spent": 3,
          "stages": [
            {
              "number": 1,
              "name": "Locate Vulnerability",
              "status": "correct",
              "points": 320,
              "max_points": 350,
              "minutes_spent": 3,
              "lives_lost": 1,
              "hints_used": 0
            }
          ]
        }
      ]
    }
  ]
}

Level: object

name: string

The level name

challenges: object[]
object
number: integer

The challenge number (starts at 1)

category: string

The challenge category

subcategory: string

The challenge subcategory

difficulty: string easy, medium, hard
status: Status
max_points: integer

The maximum points available for this challenge

points: integer

The points obtained for this challenge

codebase_size: string small, large
minutes_spent: integer

How long the developer spent answering (in minutes)

stages: Stage
Stage
Example
{
  "name": "Level 1",
  "challenges": [
    {
      "number": 1,
      "category": "Injection Flaws",
      "subcategory": "SQL Injection",
      "difficulty": "hard",
      "status": "correct",
      "max_points": 350,
      "points": 320,
      "codebase_size": "large",
      "minutes_spent": 3,
      "stages": [
        {
          "number": 1,
          "name": "Locate Vulnerability",
          "status": "correct",
          "points": 320,
          "max_points": 350,
          "minutes_spent": 3,
          "lives_lost": 1,
          "hints_used": 0
        }
      ]
    }
  ]
}

Stage: object

number: integer

The stage number

name: string

The name of the stage

status: string correct, incorrect, pending

The status of the attempt at this stage

points: integer

Points gained on this stage

max_points: integer

Maximum points available on this stage

minutes_spent: integer

How long the developer spent answering (in minutes)

lives_lost: integer

The number of lives lost on this stage

hints_used: integer

The number of hints used on this stage

Example
{
  "number": 1,
  "name": "Locate Vulnerability",
  "status": "correct",
  "points": 320,
  "max_points": 350,
  "minutes_spent": 3,
  "lives_lost": 1,
  "hints_used": 0
}

Assessment: object

_id: string

The assessment ID

status: string correct, incorrect, done

The status of the assessment

name: string

The name of the assessment

description: string

The assessment description

supported_languages: string[]

List of languages/frameworks available for the assessment

string
difficulty: string easy, medium, hard

The difficulty of the assessment

success_ratio: integer

The percentage required to pass the assessment

emits_certificate: boolean

Is the assessment linked to a certificate?

time_limit: integer

The time limit of the assessment in milliseconds. null = no time limit

start_date: string (dateTime)

The date the assessment starts

end_date: string (dateTime)

The date the assessment ends

timezone: string

The timezone of the assessment

number_of_challenges: integer

The number of challenges in the assessment

self_assess: boolean

Is assessment a public assessment?

retries_allowed: boolean

Are retries allowed for this assessment?

Example
{
  "_id": "5702d346c6bf9dfe533ffa6d",
  "status": "correct",
  "name": "Junior Developer Assessment",
  "description": "This assessment is useful for onboarding new developers into the team",
  "supported_languages": [
    "[\"Java Spring\", \"Ruby Rails\"]"
  ],
  "difficulty": "medium",
  "success_ratio": 75,
  "emits_certificate": true,
  "time_limit": 3600000,
  "start_date": "2018-01-17T04:57:47.715Z",
  "end_date": "2018-01-18T04:57:47.715Z",
  "timezone": "Australia/Sydney",
  "number_of_challenges": 21,
  "self_assess": true,
  "retries_allowed": true
}

AccuracyStats: object

Accuracy statistics in percentages. A pair is returned. Either located/fixed or identified/fixed

located: integer

The % of vulnerabilities located

identified: integer

The % of vulnerabilities identified

fixed: integer

The % of vulnerabilities fixed

Example
{
  "located": 100,
  "identified": 100,
  "fixed": 100
}

AssessmentAttempt: object

_id: string

The assessment attempt ID

_assessment: string

The assessment it belongs to

name: string

The assessment name

developer: Developer
status: Status
language: string

The language/framework of the assessment. null = language/framework not selected for assessment supporting more than one language

started: string (dateTime)

The date/time that the assessment was started

completed: string (dateTime)

The date/time that the assessment was completed

deadline: string (dateTime)

The date/time of the assessment deadline. If an assessment does not have a time limit, deadline will be null

score: integer

Assessment score in %

completed_in: string

The amount of time taken to complete the assessment attempt

passing_grade: integer

The percentage required to pass the assessment

pass_status: string

The pass status of the assessment

progress: object

Details of the assessment attempt

correct: integer

The number of correct challenges

incorrect: integer

The number of incorrect challenges

number_of_challenges: integer

The total number of challenges

completed: integer

The number of challenges completed

accuracy:

The accuracy of locating/identifying/fixing the vulnerabilities

challenges: Challenge
Challenge
Example
{
  "_id": "string",
  "_assessment": "5702d346c6bf9dfe533ffa6d",
  "name": "Junior Developer Assessment",
  "developer": {
    "name": "Code Warrior",
    "email": "user@securecodewarrior.com",
    "member_since": "2018-01-01T04:57:47.715Z",
    "last_logged_in": "2018-01-01T04:57:47.715Z",
    "status": "enabled",
    "company": "Secure Code Warrior",
    "team": "Team Awesome",
    "tags": [
      "Syd branch"
    ],
    "roles": [
      "developer"
    ]
  },
  "status": "correct",
  "language": "Java Spring",
  "started": "2018-01-17T04:57:47.715Z",
  "completed": "2018-01-18T04:57:47.715Z",
  "deadline": "2018-01-19T04:57:47.715Z",
  "score": 100,
  "completed_in": "2 seconds",
  "passing_grade": 30,
  "pass_status": "Passed",
  "progress": {
    "correct": 25,
    "incorrect": 0,
    "number_of_challenges": 25,
    "completed": 25
  },
  "accuracy": {
    "located": 100,
    "identified": 100,
    "fixed": 100
  },
  "challenges": [
    {
      "number": 1,
      "category": "Injection Flaws",
      "subcategory": "SQL Injection",
      "difficulty": "medium",
      "status": "correct",
      "max_score": 300,
      "score": 300,
      "locate": {
        "status": "correct"
      },
      "identify": {
        "status": "correct"
      },
      "fix": {
        "status": "correct"
      }
    }
  ]
}

Status: string

Indicates the status of a challenge/assessment which may be pending, in progress, done or 'out of reach'

string pending, in_progress, done, out_of_reach, skipped, correct, incorrect

Challenge: object

A challenge object represents all the data relevent to a given type of challenge. The locate and identify fields are mutually exclusive thus only one will be returned based on the type of challenge. Empty array of challenges occurs when the language for the assessment attempt has yet to be selected

number: integer

The challenge number (starts at 1)

category: string

The challenge category

subcategory: string

The challenge subcategory

difficulty: string easy, medium, hard
status: Status
max_score: integer

The maximum score available for this challenge

score: integer

The score obtained for this challenge

locate: object

The statistics associated with the "locating vulnerabilities" stage

status: string correct, incorrect

The current status of the stage

identify: object

The statistics associated with the "identifying vulnerabilities" stage

status: string correct, incorrect

The current status of the stage

fix: object

The statistics associated with the "fixing vulnerabilities" stage

status: string correct, incorrect

The current status of the stage

Example
{
  "number": 1,
  "category": "Injection Flaws",
  "subcategory": "SQL Injection",
  "difficulty": "medium",
  "status": "correct",
  "max_score": 300,
  "score": 300,
  "locate": {
    "status": "correct"
  },
  "identify": {
    "status": "correct"
  },
  "fix": {
    "status": "correct"
  }
}

AssessmentsSearch: object

Assessments search filters

status: string enabled, disabled, closed

Assessment status

name: string

Assessment name

supported_languages: SupportedLanguage

Language(s) supported by assessment

SupportedLanguage
difficulty: string easy, medium, hard

Assessment difficulty

page: integer

The page number of results

Example
{
  "status": "enabled",
  "name": "Example assessment",
  "supported_languages": [
    {
      "_id": "java",
      "_framework": "spring"
    }
  ],
  "difficulty": "easy",
  "page": 1
}

AssessmentAttemptsSearch: object

Assessment attempts search filters

assessment_id: string

The assessment ID

name: string

The assessment name

users: string

Users attempting the assessment (one or more user emails, separated by comma)

status: string pending, in_progress, done

Assessment attempt status

team_names: string

Team names (one or more team names, separated by comma)

tags: string

User tags (one or more user tags, separated by comma)

pass_status: string pass, fail, in_progress

Assessment attempt pass status

page: integer

The page number of results

Example
{
  "assessment_id": "51c258a2551350e514d1ae24",
  "name": "Junior Developer Assessment",
  "users": "dev1@securecodewarrior.com, dev2@securecodewarrior.com",
  "status": "pending",
  "team_names": "Company 1 Team 1, Company 1 Team 2",
  "tags": "tag-11, tag-12",
  "pass_status": "pass",
  "page": 1
}

AssessmentAssign: object

Assign assessment to users/teams

users: string[]

List of users to assign the assessment to

string

User to assign to assessment

teams: string[]

List of teams to assign the assessment to

string

Team to assign to assessment

sendEmail: boolean

Flag to indicate if assessment invite email sent on assigning assessment (Default: true)

Example
{
  "users": [
    "dev1@securecodewarrior.com"
  ],
  "teams": [
    "Company 1 Team 1"
  ],
  "sendEmail": false
}

SupportedLanguage: object

Language supported by the assessment

_id: string

Language Id

_framework: string

Language framework

Example
{
  "_id": "java",
  "_framework": "spring"
}

preferredDevLanguage: object

Dev language preference

_id: string

Language Id

_framework: string

Language Framework

Example
{
  "_id": "java",
  "_framework": "spring"
}

AssessmentAssignResponse: object

Response to assessment assign POST request

user: string

User email Id

inviteEmailSent: boolean

Was invite email sent ?

inviteUrl: string

Assessment invite url

Example
{
  "user": "dev3@securecodewarrior.com",
  "inviteEmailSent": true,
  "inviteUrl": "https://portal.securecodewarrior.com/#/invite-accept/..."
}

TeamLeaderboard: object

The team leaderboard contains all the team leaderboard entries valid during the given reporting period

report_period_in_days: integer 1, 7, 30

The number of days into the past to report on

leaderboard: TeamLeaderboardEntry
TeamLeaderboardEntry
links: Links
Example
{
  "report_period_in_days": 7,
  "leaderboard": [
    {
      "rank": 1,
      "name": "Team Awesome",
      "developers": 7,
      "points_average": 300,
      "points_total": 2100,
      "accuracy": 100,
      "confidence_level": 100,
      "time_spent": 100,
      "installed_sensei": 3,
      "stats_over_report_period": {
        "points_gained": 25,
        "accuracy_change": 21,
        "confidence_level_change": 28,
        "minutes_spent": 52,
        "challenges_correct": 32,
        "challenges_incorrect": 0
      }
    }
  ],
  "links": {
    "total_pages": 10,
    "results_per_page": 100,
    "next_page": 3,
    "prev_page": 1
  }
}

TeamLeaderboardEntry: object

An entry in the team leaderboard

rank: integer

The team's rank on the leaderboard.

name: string

The name of the team

developers: integer

The number of developers on the team

points_average: integer

The team's average points

points_total: integer

The team's total points

accuracy: integer

The team's accuracy (in %)

confidence_level: integer

The team's confidence level (in %)

time_spent: integer

The total minutes spent by the team on challenges

installed_sensei: integer

The number of developers in the team that have installed sensei

stats_over_report_period: StatsOverReportPeriod
Example
{
  "rank": 1,
  "name": "Team Awesome",
  "developers": 7,
  "points_average": 300,
  "points_total": 2100,
  "accuracy": 100,
  "confidence_level": 100,
  "time_spent": 100,
  "installed_sensei": 3,
  "stats_over_report_period": {
    "points_gained": 25,
    "accuracy_change": 21,
    "confidence_level_change": 28,
    "minutes_spent": 52,
    "challenges_correct": 32,
    "challenges_incorrect": 0
  }
}

MostEngagedTeams: object

Most Engaged Teams in the company

teams: TeamEntry

Team details

TeamEntry
links: Links
Example
{
  "teams": [
    {
      "name": "Demo Team",
      "status": "enabled",
      "timeSpent": 826765
    }
  ],
  "links": {
    "total_pages": 10,
    "results_per_page": 100,
    "next_page": 3,
    "prev_page": 1
  }
}

TeamEntry: object

This object represents team details

name: string

Name of the team

status: string

Status of the team

timeSpent: integer

Team time spent

Example
{
  "name": "Demo Team",
  "status": "enabled",
  "timeSpent": 826765
}

MostEngagedUsers: object

Most Engaged Users in the company

users: UserEntry

User details

UserEntry
links: Links
Example
{
  "users": [
    {
      "name": "Demo User",
      "status": "enabled",
      "timeSpent": 826765,
      "resourceID": "105a1bd6-c985-4a9f-abd8-9ac5cdf0c237"
    }
  ],
  "links": {
    "total_pages": 10,
    "results_per_page": 100,
    "next_page": 3,
    "prev_page": 1
  }
}

UserEntry: object

This object represents user details

name: string

Name of the user

status: string

Status of the user

timeSpent: integer

Time spent by the user

resourceID: string

resourceID of user

Example
{
  "name": "Demo User",
  "status": "enabled",
  "timeSpent": 826765,
  "resourceID": "105a1bd6-c985-4a9f-abd8-9ac5cdf0c237"
}

StatsOverReportPeriod: object

The statistics computed for the given report period

points_gained: integer

The number of points the developer has gained

accuracy_change: integer

The change in accuracy over the reporting period

confidence_level_change: integer

The change in confidence level over the reporting period

minutes_spent: integer

The minutes spent by the team on challenges

challenges_correct: integer

The number of correct challenges

challenges_incorrect: integer

The number of incorrect challenges

Example
{
  "points_gained": 25,
  "accuracy_change": 21,
  "confidence_level_change": 28,
  "minutes_spent": 52,
  "challenges_correct": 32,
  "challenges_incorrect": 0
}

Developer: object

Information about an individual developer

name: string

The name of the developer (first + middle + surname)

email: string

The developers email address

member_since: string (dateTime)

The date the developer became a member

last_logged_in: string (dateTime)

The date the developer last logged in

status: string

The current status of the developer account

company: string

The company name that the developer is a part of

team: string

The team name that the developer is a part of

tags: string[]

The tags associated with this developer

string
roles: string[] user, developer, team manager, company admin

The roles that this developer has

string
Example
{
  "name": "Code Warrior",
  "email": "user@securecodewarrior.com",
  "member_since": "2018-01-01T04:57:47.715Z",
  "last_logged_in": "2018-01-01T04:57:47.715Z",
  "status": "enabled",
  "company": "Secure Code Warrior",
  "team": "Team Awesome",
  "tags": [
    "Syd branch"
  ],
  "roles": [
    "developer"
  ]
}

DeveloperLeaderboardEntry: object

This object represents an entry in the developer leaderboard

rank: integer

The developer's rank on the leaderboard

developer: Developer
overall_stats_over_report_period:

The statistics computed overall for the given report period

challenges: object[]

The challenges that have been attempted

object
language: string

The language/framework the the challenge relates to

challenges_completed: integer

The number of challenges completed

total_challenges: integer

The total number of challenges available

progress: integer

The % progress made through the challenge

security_maturity: string Beginner, Security Aware, Security Skilled, Security Champion

The security maturity level of the developer

points: integer

The points gained on this challenge

accuracy: integer

How accurate the developer was in answering (in %)

confidence_level: integer

How confident the developer was in answering (in %)

minutes_spent: integer

How long the developer spent answering (in minutes)

stats_over_report_period: StatsOverReportPeriod
challenges_summary: object

Summary data for the challenges

challenges_completed: integer

The number of challenges completed

total_challenges: integer

The total number of challenges available

progress: integer

The amount of progress the developer has made (in %)

security_maturity: string Beginner, Security Aware, Security Skilled, Security Champion

The security maturity level of the developer

points: integer

The total points gained in the challenges

accuracy: integer

How accurate the developer was overall in answering the challenges (in %)

confidence_level: integer

How confident the developer was in answering the challenges (in %)

minutes_spent: integer

How long the developer spent answering (in minutes)

Example
{
  "rank": 1,
  "developer": {
    "name": "Code Warrior",
    "email": "user@securecodewarrior.com",
    "member_since": "2018-01-01T04:57:47.715Z",
    "last_logged_in": "2018-01-01T04:57:47.715Z",
    "status": "enabled",
    "company": "Secure Code Warrior",
    "team": "Team Awesome",
    "tags": [
      "Syd branch"
    ],
    "roles": [
      "developer"
    ]
  },
  "overall_stats_over_report_period": {
    "installed_sensei": true,
    "used_sensei": true,
    "points_gained": 25,
    "accuracy_change": 21,
    "confidence_level_change": 28,
    "minutes_spent": 52,
    "challenges_correct": 32,
    "challenges_incorrect": 0
  },
  "challenges": [
    {
      "language": "Java Spring",
      "challenges_completed": 32,
      "total_challenges": 32,
      "progress": 100,
      "security_maturity": "Security Champion",
      "points": 120,
      "accuracy": 100,
      "confidence_level": 100,
      "minutes_spent": 52,
      "stats_over_report_period": {
        "points_gained": 25,
        "accuracy_change": 21,
        "confidence_level_change": 28,
        "minutes_spent": 52,
        "challenges_correct": 32,
        "challenges_incorrect": 0
      }
    }
  ],
  "challenges_summary": {
    "challenges_completed": 32,
    "total_challenges": 32,
    "progress": 100,
    "security_maturity": "Security Champion",
    "points": 6200,
    "accuracy": 100,
    "confidence_level": 100,
    "minutes_spent": 72
  }
}

DeveloperLeaderboardSearch: object

Developer leaderboard search filters

report_period_in_days: integer

The number of days into the past to report on (valid values - 1, 7 and 30 days)

startdate: string

developer leaderboard completed on or after the given time. Format: YYYY-MM-DDTHH:mm:ss.SSSZ

enddate: string

developer leaderboard completed on or before the given time. Format: YYYY-MM-DDTHH:mm:ss.SSSZ

users: string

Users to include in leaderboard (one or more user emails, separated by comma)

team_names: string

Team names (one or more team names, separated by comma)

tags: string

User tags (one or more user tags, separated by comma)

page: integer

The page number of results

Example
{
  "report_period_in_days": 1,
  "startdate": "2017-01-01T00:00:00.000Z",
  "enddate": "2019-01-01T00:00:00.000Z",
  "users": "dev1@securecodewarrior.com, dev2@securecodewarrior.com",
  "team_names": "Company 1 Team 1, Company 1 Team 2",
  "tags": "tag-11, tag-12",
  "page": 1
}

DeveloperLeaderboard: object

The developer leaderboard contains all the developer leaderboard entries valid during the given reporting period

report_period_in_days: integer 1, 7, 30

The number of days into the past to report on

leaderboard: DeveloperLeaderboardEntry

The leaderboard entries

DeveloperLeaderboardEntry
links: Links
Example
{
  "report_period_in_days": 7,
  "leaderboard": [
    {
      "rank": 1,
      "developer": {
        "name": "Code Warrior",
        "email": "user@securecodewarrior.com",
        "member_since": "2018-01-01T04:57:47.715Z",
        "last_logged_in": "2018-01-01T04:57:47.715Z",
        "status": "enabled",
        "company": "Secure Code Warrior",
        "team": "Team Awesome",
        "tags": [
          "Syd branch"
        ],
        "roles": [
          "developer"
        ]
      },
      "overall_stats_over_report_period": {
        "installed_sensei": true,
        "used_sensei": true,
        "points_gained": 25,
        "accuracy_change": 21,
        "confidence_level_change": 28,
        "minutes_spent": 52,
        "challenges_correct": 32,
        "challenges_incorrect": 0
      },
      "challenges": [
        {
          "language": "Java Spring",
          "challenges_completed": 32,
          "total_challenges": 32,
          "progress": 100,
          "security_maturity": "Security Champion",
          "points": 120,
          "accuracy": 100,
          "confidence_level": 100,
          "minutes_spent": 52,
          "stats_over_report_period": {
            "points_gained": 25,
            "accuracy_change": 21,
            "confidence_level_change": 28,
            "minutes_spent": 52,
            "challenges_correct": 32,
            "challenges_incorrect": 0
          }
        }
      ],
      "challenges_summary": {
        "challenges_completed": 32,
        "total_challenges": 32,
        "progress": 100,
        "security_maturity": "Security Champion",
        "points": 6200,
        "accuracy": 100,
        "confidence_level": 100,
        "minutes_spent": 72
      }
    }
  ],
  "links": {
    "total_pages": 10,
    "results_per_page": 100,
    "next_page": 3,
    "prev_page": 1
  }
}

DeveloperProgressSearch: object

Developer progress search filters

report_period_in_days: integer

The number of days into the past to report on (valid values - 1, 7 and 30 days)

startdate: string

developer progress completed on or after the given time. Format: YYYY-MM-DDTHH:mm:ss.SSSZ

enddate: string

developer progress completed on or before the given time. Format: YYYY-MM-DDTHH:mm:ss.SSSZ

users: string

Users to include in developer progress (one or more user emails, separated by comma)

team_names: string

Team names (one or more team names, separated by comma)

tags: string

User tags (one or more user tags, separated by comma)

page: integer

The page number of results

Example
{
  "report_period_in_days": 1,
  "startdate": "2017-01-01T00:00:00.000Z",
  "enddate": "2019-01-01T00:00:00.000Z",
  "users": "dev1@securecodewarrior.com, dev2@securecodewarrior.com",
  "team_names": "Company 1 Team 1, Company 1 Team 2",
  "tags": "tag-11, tag-12",
  "page": 1
}

DevelopersProgress: object

This contains the progress of each developer on each of languages, realms, levels, and quests

developers: DeveloperProgressEntry

List of developers who have made an attempt at training

DeveloperProgressEntry
links: Links
Example
{
  "developers": [
    {
      "developer": {
        "name": "Code Warrior",
        "email": "user@securecodewarrior.com",
        "member_since": "2018-01-01T04:57:47.715Z",
        "last_logged_in": "2018-01-01T04:57:47.715Z",
        "status": "enabled",
        "company": "Secure Code Warrior",
        "team": "Team Awesome",
        "tags": [
          "Syd branch"
        ],
        "roles": [
          "developer"
        ]
      },
      "languages": [
        {
          "name": "Java Spring",
          "language_progress": 100,
          "realms": [
            {
              "name": "Defend Your Code",
              "realm_progress": 100,
              "levels": [
                {
                  "name": "Most Critical Weaknesses",
                  "level_progress": 100,
                  "quests": [
                    {
                      "name": "SQL Injection",
                      "quest_progress": 100
                    }
                  ]
                }
              ]
            }
          ]
        }
      ]
    }
  ],
  "links": {
    "total_pages": 10,
    "results_per_page": 100,
    "next_page": 3,
    "prev_page": 1
  }
}

DeveloperProgressEntry: object

This entry represents an object in the developers training progress containing information the developer and the progress of their attempts in training mode

developer: Developer
languages: TrainingProgressEntry

List of languages attempted by the developer on training mode

TrainingProgressEntry
Example
{
  "developer": {
    "name": "Code Warrior",
    "email": "user@securecodewarrior.com",
    "member_since": "2018-01-01T04:57:47.715Z",
    "last_logged_in": "2018-01-01T04:57:47.715Z",
    "status": "enabled",
    "company": "Secure Code Warrior",
    "team": "Team Awesome",
    "tags": [
      "Syd branch"
    ],
    "roles": [
      "developer"
    ]
  },
  "languages": [
    {
      "name": "Java Spring",
      "language_progress": 100,
      "realms": [
        {
          "name": "Defend Your Code",
          "realm_progress": 100,
          "levels": [
            {
              "name": "Most Critical Weaknesses",
              "level_progress": 100,
              "quests": [
                {
                  "name": "SQL Injection",
                  "quest_progress": 100
                }
              ]
            }
          ]
        }
      ]
    }
  ]
}

TrainingProgressEntry: object

Entry with progress of completion on languages and list of realms

name: string

Name of language framework

language_progress: integer

Percentage of the language completed

realms: object[]

List of realms for each language

object
name: string

Name of realm

realm_progress: integer

Percentage of the realm completed

levels: object[]

List of levels for each realm

object
name: string

Name of level

level_progress: integer

Percentage of the level completed

quests: object[]

List of quests for each level

object
name: string

Name of quest

quest_progress: integer

percentage of quest completed

Example
{
  "name": "Java Spring",
  "language_progress": 100,
  "realms": [
    {
      "name": "Defend Your Code",
      "realm_progress": 100,
      "levels": [
        {
          "name": "Most Critical Weaknesses",
          "level_progress": 100,
          "quests": [
            {
              "name": "SQL Injection",
              "quest_progress": 100
            }
          ]
        }
      ]
    }
  ]
}

DevelopersActivitySearch: object

Developer activity search filters

report_period_in_days: integer

The number of days into the past to report on (valid values - 1, 7 and 30 days)

startdate: string

developer challenge logs completed on or after the given time. Format: YYYY-MM-DDTHH:mm:ss.SSSZ

enddate: string

developer challenge logs completed on or before the given time. Format: YYYY-MM-DDTHH:mm:ss.SSSZ

users: string

Users to include in challenge logs (one or more user emails, separated by comma)

team_names: string

Team names (one or more team names, separated by comma)

tags: string

User tags (one or more user tags, separated by comma)

page: integer

The page number of results

Example
{
  "report_period_in_days": 1,
  "startdate": "2017-01-01T00:00:00.000Z",
  "enddate": "2019-01-01T00:00:00.000Z",
  "users": "dev1@securecodewarrior.com, dev2@securecodewarrior.com",
  "team_names": "Company 1 Team 1, Company 1 Team 2",
  "tags": "tag-11, tag-12",
  "page": 1
}

DevelopersActivity: object

Detailed log of challenges for a given time period

activities: ActivityEntry

List of developers containing with list of languages containing challenge attempts

ActivityEntry
links: Links
Example
{
  "activities": [
    {
      "developer": {
        "name": "Code Warrior",
        "email": "user@securecodewarrior.com",
        "member_since": "2018-01-01T04:57:47.715Z",
        "last_logged_in": "2018-01-01T04:57:47.715Z",
        "status": "enabled",
        "company": "Secure Code Warrior",
        "team": "Team Awesome",
        "tags": [
          "Syd branch"
        ],
        "roles": [
          "developer"
        ]
      },
      "challenge": {
        "language": "Java Spring",
        "realm": "Defend Your Code",
        "level": "Most Critical Weaknesses",
        "quest": "SQL Injection",
        "category": "Injection Flaws",
        "subcategory": "SQL Injection",
        "difficulty": "Hard",
        "started": "2018-01-17T04:57:47.715Z",
        "completed": "2018-01-18T04:57:47.715Z",
        "duration": 120,
        "status": "correct",
        "hints_used": 0,
        "score": 300,
        "max_score": 300,
        "select_vulnerability": {
          "attempt_index": 1,
          "status": "correct",
          "max_score": 100,
          "score": 100,
          "skipped": false
        },
        "locate_vulnerability": {
          "attempt_index": 1,
          "status": "correct",
          "max_score": 100,
          "score": 100
        },
        "identify_solution": {
          "attempt_index": 1,
          "status": "correct",
          "max_score": 100,
          "score": 100
        }
      }
    }
  ],
  "links": {
    "total_pages": 10,
    "results_per_page": 100,
    "next_page": 3,
    "prev_page": 1
  }
}

ActivityEntry: object

This object represents the developer and their challenge attempts

developer: Developer
challenge: ChallengeAttempt
Example
{
  "developer": {
    "name": "Code Warrior",
    "email": "user@securecodewarrior.com",
    "member_since": "2018-01-01T04:57:47.715Z",
    "last_logged_in": "2018-01-01T04:57:47.715Z",
    "status": "enabled",
    "company": "Secure Code Warrior",
    "team": "Team Awesome",
    "tags": [
      "Syd branch"
    ],
    "roles": [
      "developer"
    ]
  },
  "challenge": {
    "language": "Java Spring",
    "realm": "Defend Your Code",
    "level": "Most Critical Weaknesses",
    "quest": "SQL Injection",
    "category": "Injection Flaws",
    "subcategory": "SQL Injection",
    "difficulty": "Hard",
    "started": "2018-01-17T04:57:47.715Z",
    "completed": "2018-01-18T04:57:47.715Z",
    "duration": 120,
    "status": "correct",
    "hints_used": 0,
    "score": 300,
    "max_score": 300,
    "select_vulnerability": {
      "attempt_index": 1,
      "status": "correct",
      "max_score": 100,
      "score": 100,
      "skipped": false
    },
    "locate_vulnerability": {
      "attempt_index": 1,
      "status": "correct",
      "max_score": 100,
      "score": 100
    },
    "identify_solution": {
      "attempt_index": 1,
      "status": "correct",
      "max_score": 100,
      "score": 100
    }
  }
}

ChallengeAttempt: object

Attempt made by deverloper in training mode

language: string

Name of language framework

realm: string

Name of realm

level: string

Name of level

quest: string

Name of quest

category: string

Category name of the challenge

subcategory: string

Subcategory name of the challenge

difficulty: string Easy, Medium, Hard

Level of difficulty for the challenge

started: string (dateTime)

Time challenge was started

completed: string (dateTime)

Time challenges was completed

duration: integer

Time in seconds it took for the challenge to complete

status: string correct, incorrect

Status of challenge, with incorrect status on challenge with 1 or more incorrect stages

hints_used: integer

Total number of hints from the challenge stages used by the developer

score: integer

Points acquired

max_score: string

Max points attainable for the challenge

select_vulnerability: SelectVulnerability
locate_vulnerability: LocateVulnerability
identify_solution: IdentifySolution
Example
{
  "language": "Java Spring",
  "realm": "Defend Your Code",
  "level": "Most Critical Weaknesses",
  "quest": "SQL Injection",
  "category": "Injection Flaws",
  "subcategory": "SQL Injection",
  "difficulty": "Hard",
  "started": "2018-01-17T04:57:47.715Z",
  "completed": "2018-01-18T04:57:47.715Z",
  "duration": 120,
  "status": "correct",
  "hints_used": 0,
  "score": 300,
  "max_score": 300,
  "select_vulnerability": {
    "attempt_index": 1,
    "status": "correct",
    "max_score": 100,
    "score": 100,
    "skipped": false
  },
  "locate_vulnerability": {
    "attempt_index": 1,
    "status": "correct",
    "max_score": 100,
    "score": 100
  },
  "identify_solution": {
    "attempt_index": 1,
    "status": "correct",
    "max_score": 100,
    "score": 100
  }
}

SelectVulnerability: object

Nature of challenge challenge

attempt_index: integer

Number of times the developer has attempted the stage

status: string correct, incorrect, out_of_reach

Outcome of the challenge, out_of_reach status describes a stage not yet attempted by the developer

max_score: integer

Max points attainable for selecting the vulnerability

score: integer

Points acquired for selecting the vulnerability

skipped: boolean

When set to true, stage has been skipped. If status is false, stage was completed or has yet to be attempted

Example
{
  "attempt_index": 1,
  "status": "correct",
  "max_score": 100,
  "score": 100,
  "skipped": false
}

LocateVulnerability: object

Nature of challenge challenge

attempt_index: integer

Number of times the developer has attempted the stage

status: string correct, incorrect, out_of_reach

Outcome of the challenge

max_score: integer

Max points attainable for locating the vulnerability

score: integer

Points acquired for locating the vulnerability

Example
{
  "attempt_index": 1,
  "status": "correct",
  "max_score": 100,
  "score": 100
}

IdentifySolution: object

Nature of challenge challenge

attempt_index: integer

Number of times the developer has attempted the stage

status: string correct, incorrect, out_of_reach

Outcome of the challenge

max_score: integer

Max points attainable for identifying the solution

score: integer

Points acquired for identifying the solution

Example
{
  "attempt_index": 1,
  "status": "correct",
  "max_score": 100,
  "score": 100
}

ResourceItem: object

Resource item details

id: string
name: string
Example
{
  "id": "application_security_concepts",
  "name": "Application Security Concepts"
}

Resource: object

Resource details

id: string
name: string
items: ResourceItem
ResourceItem
Example
{
  "id": "security_fundamentals",
  "name": "Security Fundamentals",
  "items": [
    {
      "id": "application_security_concepts",
      "name": "Application Security Concepts"
    }
  ]
}

CompletedResource: object

Details of a completed learning resource

resource: string[]

An ordered list of the categorisation and name of the completed resource

string
time_completed: string (dateTime)

When the learning resource was completed

Example
{
  "resource": [
    "Application Security Weaknesses",
    "Web",
    "Data Handling",
    "Injection Flaws",
    "SQL Injection"
  ],
  "time_completed": "2018-01-01T04:57:47.715Z"
}

ResourceRecord: object

A record of a developer's completed learning resources

profile: Developer
completed: CompletedResource

All learning resources completed by the user

CompletedResource
Example
{
  "profile": {
    "name": "Code Warrior",
    "email": "user@securecodewarrior.com",
    "member_since": "2018-01-01T04:57:47.715Z",
    "last_logged_in": "2018-01-01T04:57:47.715Z",
    "status": "enabled",
    "company": "Secure Code Warrior",
    "team": "Team Awesome",
    "tags": [
      "Syd branch"
    ],
    "roles": [
      "developer"
    ]
  },
  "completed": [
    {
      "resource": [
        "Application Security Weaknesses",
        "Web",
        "Data Handling",
        "Injection Flaws",
        "SQL Injection"
      ],
      "time_completed": "2018-01-01T04:57:47.715Z"
    }
  ]
}

CourseURL: object

URL to training courses

url: string

URL to course

Example
{
  "url": "https://portal.securecodewarrior.com/#/game/013/play/java/spring/realm/training_ground/level/common_weaknesses"
}

UserCreate: object

enabled: boolean

Users status on the platform

email: string

The email of the user

role: string developer, team manager, company admin

The role assigned to the user which is one of developer, team manager or company administrator

team: string

The team the user is associated with

tags: string[]

Any identifying information about the user. Example, Head Quarters, Asia-Pacific

string
preferredDevLanguages: preferredDevLanguage

Dev languages preference

preferredDevLanguage
Example
{
  "enabled": true,
  "email": "user@securecodewarrior.com",
  "role": "developer",
  "team": "Team Awesome",
  "tags": [
    "Syd branch"
  ],
  "preferredDevLanguages": [
    {
      "_id": "java",
      "_framework": "spring"
    }
  ]
}

UserSearchParamBody: object

id: string

User resource ID

email: string

The email of the user

role: string developer, team manager, company admin

The role assigned to the user which is one of developer, team manager or company administrator

team: string

The team the user is associated with

tags: string[]

Any identifying information about the user. Example, Head Quarters, Asia-Pacific

string
Example
{
  "id": "c0f1d2b3-ae71-440a-82fc-95d5fec4d91e",
  "email": "user@securecodewarrior.com",
  "role": "developer",
  "team": "Team Awesome",
  "tags": [
    "Syd branch"
  ]
}

TeamData: object

name: string

Team name

Example
{
  "name": "Team Awesome"
}

UserData: object

id: string

The resource Id of the user

email: string

The email of the user

role: string developer, team manager, company admin

The role assigned to the user which is one of developer, team manager or company administrator

name: object
first: object

First name

middle: object

Middle name

last: object

Last name

status: string enabled, disabled, invited, registered

User status

invite-date: string (dateTime)

Time of when the user was last invited

team: TeamData
tags: string[]

Any identifying information about the user. Example, Head Quarters, Asia-Pacific

string
preferredDevLanguages: preferredDevLanguage

Dev languages preference

preferredDevLanguage
Example
{
  "id": "c0f1d2b3-ae71-440a-82fc-95d5fec4d91e",
  "email": "user@securecodewarrior.com",
  "role": "developer",
  "name": {
    "first": "Secure",
    "middle": "Code",
    "last": "Warrior"
  },
  "status": "enabled",
  "invite-date": "2020-01-01T00:00:00.000Z",
  "team": {
    "name": "Team Awesome"
  },
  "tags": [
    "Syd branch"
  ],
  "preferredDevLanguages": [
    {
      "_id": "java",
      "_framework": "spring"
    }
  ]
}

UserUpdate: object

enabled: boolean

Users status on the platform

role: string developer, team manager, company admin

The role assigned to the user which is one of developer, team manager or company administrator

team: string

The team the user is associated with

tags: string[]

Any identifying information about the user. Example, Head Quarters, Asia-Pacific

string
preferredDevLanguages: preferredDevLanguage

Dev languages preference

preferredDevLanguage
Example
{
  "enabled": false,
  "role": "developer",
  "team": "Team Awesome",
  "tags": [
    "Syd branch"
  ],
  "preferredDevLanguages": [
    {
      "_id": "java",
      "_framework": "spring"
    }
  ]
}

UserUpdated: object

statusCode: integer

Success response message status code

message: string

Success response message description

code: string

Secure Code Warrior Code

request-id: string

Secure Code Warrior request identifier

Example
{
  "statusCode": 200,
  "message": "User Updated",
  "code": "103",
  "request-id": "54d8a210-c27b-11e9-9e7e-c9a96cdbf4cb"
}

UserCreated: object

id: string

Secure Code Warrior resource identifier

statusCode: integer

Success response message status code

message: string

Success response message description

code: string

Secure Code Warrior Code

request-id: string

Secure Code Warrior request identifier

Example
{
  "id": "c0f1d2b3-ae71-440a-82fc-95d5fec4d91e",
  "statusCode": 201,
  "message": "User Created",
  "code": "100",
  "request-id": "54d8a210-c27b-11e9-9e7e-c9a96cdbf4cb"
}

UserDeleted: object

statusCode: integer

Success response message status code

message: string

Success response message description

code: string

Secure Code Warrior Code

request-id: string

Secure Code Warrior request identifier

Example
{
  "statusCode": 200,
  "message": "User Deleted",
  "code": "102",
  "request-id": "54d8a210-c27b-11e9-9e7e-c9a96cdbf4cb"
}

UsersList: object

List of UserData

users: UserData
UserData
Example
{
  "users": [
    {
      "id": "c0f1d2b3-ae71-440a-82fc-95d5fec4d91e",
      "email": "user@securecodewarrior.com",
      "role": "developer",
      "name": {
        "first": "Secure",
        "middle": "Code",
        "last": "Warrior"
      },
      "status": "enabled",
      "invite-date": "2020-01-01T00:00:00.000Z",
      "team": {
        "name": "Team Awesome"
      },
      "tags": [
        "Syd branch"
      ],
      "preferredDevLanguages": [
        {
          "_id": "java",
          "_framework": "spring"
        }
      ]
    }
  ]
}

Error: object

statusCode: integer

Error response message status code

error: string

Error message category

message: string

Error message

code: string

Secure Code Warrior request identifier

request-id: string
Example
{
  "statusCode": 422,
  "error": "Unprocessable Entity",
  "message": "Team license limit reached. Contact your company admin for an upgrade",
  "code": "902",
  "request-id": "54d8a210-c27b-11e9-9e7e-c9a96cdbf4cb"
}

LearningProgressSearch: object

Learning progress search filters

users: string

Users to include in learning progress (one or more user emails, separated by comma)

team_names: string

Team names (one or more team names, separated by comma)

tags: string

User tags (one or more user tags, separated by comma)

page: integer

The page number of results

Example
{
  "users": "dev1@securecodewarrior.com, dev2@securecodewarrior.com",
  "team_names": "Company 1 Team 1, Company 1 Team 2",
  "tags": "tag-11, tag-12",
  "page": 1
}

TopPerformers: object

List of top performers

report_period_in_days: integer

The number of days in the past to report on

top_performers: TopPerformer
TopPerformer
links: Links
Example
{
  "report_period_in_days": 7,
  "top_performers": [
    {
      "points": 90000,
      "id": "c0f1d2b3-ae71-440a-82fc-95d5fec4d91e",
      "email": "user@securecodewarrior.com",
      "name": {
        "first": "Secure",
        "middle": "Code",
        "last": "Warrior"
      },
      "tags": [
        "Syd branch"
      ],
      "status": "enabled",
      "team": {
        "name": "Team Awesome"
      }
    }
  ],
  "links": {
    "total_pages": 10,
    "results_per_page": 100,
    "next_page": 3,
    "prev_page": 1
  }
}

TopPerformer: object

Top performing user

points: integer

Total points earned within a period of time

id: string

User Id in UUID format

email: string

User email

name: object

Users name

first: string

User first name

middle: string

User middle name

last: string

User last name

tags: string[]

User tags

string
status: string enabled, disabled, invited, registered

User status

team: TeamData
Example
{
  "points": 90000,
  "id": "c0f1d2b3-ae71-440a-82fc-95d5fec4d91e",
  "email": "user@securecodewarrior.com",
  "name": {
    "first": "Secure",
    "middle": "Code",
    "last": "Warrior"
  },
  "tags": [
    "Syd branch"
  ],
  "status": "enabled",
  "team": {
    "name": "Team Awesome"
  }
}

UsersTimeSpent: object

Entry showing users activity.

id: string

User Id in UUID format

email: string

User email

name: object

Users name

first: string

User first name

middle: string

User middle name

last: string

User last name

tags: string[]

User tags

string
status: string enabled, disabled, invited, registered

User status

team: TeamData
time-spent: object[]

Array of dates with the breakdown of time-spent/activity in a day

object
date: string (date)

Date in UTC

activity: object

Breakdown of time-spent per activity

Assessments: integer

Time-spent on Assessments

Learning: integer

Time-spent on Learning

Tournaments: integer

Time-spent on Tournaments

Training: integer

Time-spent on Training

Example
{
  "id": "c0f1d2b3-ae71-440a-82fc-95d5fec4d91e",
  "email": "user@securecodewarrior.com",
  "name": {
    "first": "Secure",
    "middle": "Code",
    "last": "Warrior"
  },
  "tags": [
    "Syd branch"
  ],
  "status": "enabled",
  "team": {
    "name": "Team Awesome"
  },
  "time-spent": [
    {
      "date": "2020-01-01",
      "activity": {
        "Assessments": 30,
        "Learning": 60,
        "Tournaments": 129,
        "Training": 300
      }
    }
  ]
}

StrengthsAndWeaknesses: object

Example
{
  "auth": {
    "challenges": {
      "attempted": 727,
      "correct": 276,
      "incorrect": 451,
      "percentageCorrect": 38,
      "ratioCorrect": 0.3796423658872077
    },
    "hints": {
      "confidenceLevel": 94,
      "total": 4030,
      "used": 260
    },
    "points": 65686,
    "timeSpent": 99442723
  },
  "data_handling": {
    "challenges": {
      "attempted": 727,
      "correct": 276,
      "incorrect": 451,
      "percentageCorrect": 38,
      "ratioCorrect": 0.3796423658872077
    },
    "hints": {
      "confidenceLevel": 94,
      "total": 4030,
      "used": 260
    },
    "points": 65686,
    "timeSpent": 99442723
  },
  "misconfig": {
    "challenges": {
      "attempted": 727,
      "correct": 276,
      "incorrect": 451,
      "percentageCorrect": 38,
      "ratioCorrect": 0.3796423658872077
    },
    "hints": {
      "confidenceLevel": 94,
      "total": 4030,
      "used": 260
    },
    "points": 65686,
    "timeSpent": 99442723
  },
  "practices": {
    "challenges": {
      "attempted": 727,
      "correct": 276,
      "incorrect": 451,
      "percentageCorrect": 38,
      "ratioCorrect": 0.3796423658872077
    },
    "hints": {
      "confidenceLevel": 94,
      "total": 4030,
      "used": 260
    },
    "points": 65686,
    "timeSpent": 99442723
  },
  "sensitive_data": {
    "challenges": {
      "attempted": 727,
      "correct": 276,
      "incorrect": 451,
      "percentageCorrect": 38,
      "ratioCorrect": 0.3796423658872077
    },
    "hints": {
      "confidenceLevel": 94,
      "total": 4030,
      "used": 260
    },
    "points": 65686,
    "timeSpent": 99442723
  },
  "other": {
    "challenges": {
      "attempted": 727,
      "correct": 276,
      "incorrect": 451,
      "percentageCorrect": 38,
      "ratioCorrect": 0.3796423658872077
    },
    "hints": {
      "confidenceLevel": 94,
      "total": 4030,
      "used": 260
    },
    "points": 65686,
    "timeSpent": 99442723
  }
}

AverageStrengthsAndWeaknessesEntry: object

This object represents each individual management category

challenges: ChallengesEntry
hints: HintsEntry
points: integer

Points

timeSpent: integer

Time spent

Example
{
  "challenges": {
    "attempted": 727,
    "correct": 276,
    "incorrect": 451,
    "percentageCorrect": 38,
    "ratioCorrect": 0.3796423658872077
  },
  "hints": {
    "confidenceLevel": 94,
    "total": 4030,
    "used": 260
  },
  "points": 65686,
  "timeSpent": 99442723
}

ChallengesEntry: object

Challenges Data

attempted: integer

Attempted challenges

correct: integer

Correct of attempted

incorrect: integer

Incorrect of attempted

percentageCorrect: integer

Percentage correct

ratioCorrect: number

Ratio correct

Example
{
  "attempted": 727,
  "correct": 276,
  "incorrect": 451,
  "percentageCorrect": 38,
  "ratioCorrect": 0.3796423658872077
}

HintsEntry: object

Hints Data

confidenceLevel: integer

Confidence Level

total: integer

Total

used: integer

Used

Example
{
  "confidenceLevel": 94,
  "total": 4030,
  "used": 260
}

TeamDetails: object

Team Details

id: string

Team Id

name: string

Name of the team

onboardingMessage: string

On boarding message for the team

status: string

Team status

memberJoinToken: string

Member Join Token

companyName: string

Name of the company

languages: string[]

Team languages

string
Example
{
  "id": "123fdab9ea7834e11e84a5bb",
  "name": "Demo Team",
  "onboardingMessage": "Sample on boarding message",
  "status": "enabled",
  "memberJoinToken": "544219613",
  "companyName": "Demo Company",
  "languages": [
    "Java Spring",
    "Java Enterprise Edition (JSP)",
    "JavaScript Node.js (Express)"
  ]
}

TeamDeleteResponse: object

Team Delete Response

deleteStatus: string

Status of delete operation

Example
{
  "deleteStatus": "success"
}

LicensingEntry: object

Licensing Entry

type: string usage, unlimited, disabled

License type

granted: integer

Licenses granted (valid only if license type set to usage)

Example
{
  "type": "usage",
  "granted": 50
}

TeamLicensing: object

Team licensing properties

training: LicensingEntry
assessments: LicensingEntry
tournaments: LicensingEntry
Example
{
  "training": {
    "type": "usage",
    "granted": 50
  },
  "assessments": {
    "type": "usage",
    "granted": 50
  },
  "tournaments": {
    "type": "usage",
    "granted": 50
  }
}

TeamCreate: object

Team create properties

name: string

Team Name

activeFrom: string

Team Active From. Format: YYYY-MM-DDTHH:mm:ss.SSSZ

activeUntil: string

Team Active Until. Format: YYYY-MM-DDTHH:mm:ss.SSSZ

languages: string[]

Team languages list, _id and _framework separated by double colons (::) and separated by commas (,)

string
onboardingmessage: string

Team On Boarding Message

licensing: TeamLicensing
Example
{
  "name": "New Sample Team",
  "activeFrom": "2017-01-01T00:00:00.000Z",
  "activeUntil": "2019-01-01T00:00:00.000Z",
  "languages": [
    "java::spring",
    "java::ee",
    "nodejs::express"
  ],
  "onboardingmessage": "Sample on boarding message",
  "licensing": {
    "training": {
      "type": "usage",
      "granted": 50
    },
    "assessments": {
      "type": "usage",
      "granted": 50
    },
    "tournaments": {
      "type": "usage",
      "granted": 50
    }
  }
}

TeamUpdate: object

Team update properties

name: string

Team Name

status: string

Team Status

onboardingmessage: string

Team On Boarding Message

languages: string[]

Team languages list, _id and _framework separated by double colons (::) and separated by commas (,)

string
Example
{
  "name": "New Updated Team",
  "status": "enabled",
  "onboardingmessage": "Sample on boarding message",
  "languages": [
    "java::spring",
    "java::ee",
    "nodejs::express"
  ]
}