Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.




  • API capability requires an additional WhiteSource license. Contact your CSM for more details.

  • For customers who have enabled vulnerability-based alerting, there are several changes to API version 1.3 -  refer here for details.

  • This page covers APIs for version 1.3. All version 1.3 APIs must include:


The WhiteSource HTTP API is available for WhiteSource customers who are licensed to use it. The APIs can be accessed by the organization's administrator(s). 


  • When performing API calls, the time recorded for the action is in GMT time zone, therefore, this is the time displayed in the relevant reports. 

  • Date format in all responses is "yyyy-MM-dd".

  • The API results are not sorted in any order.

API Execution Scope

Generally, each level of the administrator (Organization, Product) can get/set the API attributes in the API calls that refer to their scope and/or under their scope. For example, Product administrators can execute API calls related to their Projects/Products that are defined in WhiteSource, but they cannot execute Organization-related API calls which are outside their scope. However, there are two API calls that are exceptions to this rule:

  • getProjectVitals – Product administrators can use the Organization level call and get the product/project vitals related to their products/projects.

  • getRequestState – Although an Organization token is required in the call, a product administrator can also execute it.


The base URL for all API endpoints can be obtained from the Integrate tab (calls to HTTP cannot be redirected to HTTPS).


Request payload should have: Content-Type =  application/json

API Format

All requests require a token available via the API Integration page in your WhiteSource account, according to the request's context (organization / product / project).





For details, see Supported Requests.


Your organization API key.


A unique identifier for your product.


A unique identifier for your project.

Character Sets

WhiteSource HTTP API v1.x supports Accept-Charset header.


The following characters are NOT supported as API input: <, >, % and &

Supported Requests

WhiteSource HTTP API v1.3 supports the following requests: