Data Theorem Portal API Programmatic access to Mobile Apps information and scan results

Data Theorem Portal API

Inroduction

There currently are two APIs available:

  • The Results API, which provides access to the list of all mobile Apps registered within your Data Theorem account and the list of scans and security issues found during the scans.
  • The Upload API, which can be used to upload PreProd mobile binaries directly to Data Theorem for scanning. For better integration with your developer teams’ workflow, it is usually better to use existing mobile beta-testing tools such as HockeyApp for sending builds, instead of the Upload API.

General Consideration

Schema

You should always access the API over HTTPS from https://api.securetheorem.com.

All data is sent as JSON.

Authentication

All requests must be authenticated using the corresponding API key; the Results API and the Upload API use a different API key. You must send the API key in the Authorization header as a “Bearer” token: Authorization: Bearer API_KEY.

curl -H "Authorization: Bearer API_KEY" https://api.securetheorem.com/resultsapi/v1/apps

Unauthenticated responses will return a 401 Unauthorized.

Timezone

All dates are formatted in UTC.

Rate Limiting

There is no rate limiting enforced at the moment, but we might add a per-day limit later if needed.

Reference Client

A Python client/library for accessing the API is available on GitHub at https://github.com/datatheorem/PortalApi.