...

This document describes the WhiteSource HTTP API v1.3. The API URL can be obtained by copying the WhiteSource Server URL, which can be retrieved from your Profile page on the Server URLs panel. Then, add the path /api/v1.3 to it. For example: https://saas.whitesourcesoftware.com/api/v1.3.

...

Generally, each level of the administrator (Organization, Product) can get/set the API attributes in the API calls that refer to their scope and/or under their scope. For example, Product administrators can execute API calls related to their Projects/Products that are defined in WhiteSource, but they cannot execute Organization-related API calls which are outside their scope. However, there are two API calls that are exceptions to this rule:

• getProjectVitals – Product administrators can use the Organization level call and get the product/project vitals related to their products/projects.

• getRequestState – Although an Organization token is required in the call, a product administrator can also execute it.

...

The base URL for all API endpoints can be obtained from the Integrate tab (calls to HTTP cannot be redirected to HTTPS).

...

Request payload should have: Content-Type =  application/json

API Format

All requests require a token available via the API Integration page in your WhiteSource account, according to the request's context (organization / product / project).

...

WhiteSource HTTP API v1.x supports Accept-Charset header.

If the value of the header is a supported character set (see supported values below) the response would be in that character set.
Otherwise, if the value is not supported or if the header isn't sent, the default response character set will be UTF-8.

...

The following characters are NOT supported as API input: <, >, % and &

Supported API Requests

Policies APIs

• Get Policies

• Add Policies

• Update Policy

• Remove Policies

• Update Policy Priorities

• Create Issue Action for a Policy (Legacy)

• Create Issue Action for a Policy (Issue Tracker Plugins)

Alerts APIs

• Get Security Alerts by Vulnerability Report

• Get Security Alerts by Library Report

• Get Alerts

• Get Alerts by Project Tag

• Get Ignored Alerts

• Get Alerts by Type

• Ignore Alerts

• Set Alerts Status for an Organization

Groups and Users APIs

• Get Groups

• Get Users

• Create a Group

• Create a User

• Invite Users to your Organization

• Adding Users to Groups

• Removing Users from Groups

• Removing a User from an Organization

• Get Organization Assignments

• Get Product Assignments

• Set Organization Assignments

• Set Product Assignments

• Create a Service User

• Regenerate User Token for a Service User

• Get Organization Service Users

• Get Product Service Users

• Invite User to WhiteSource Advise for Chrome

Reports APIs

• Get Inventory Report

• Get Source File Inventory Report

• Get Due Diligence Report

• Get Attribution Report

• Get Product Comparison Report

• Get Project Comparison Report

• Get Custom Attribute Values Report

• Get Library Location Report

• Get License Compatibility Report

• Get Effective Licenses Report

• Get In-House Report

• Get Risk Report

• Get Vulnerabilities Report

• Get Container Vulnerabilities Report

• Get Effective Usage Analysis Report

• Get Alerts Report

• Get Ignored Alerts Report

• Get Alert Resolution Duration Report

• Get Change Log History Report

• Get Request History Report

• Get Plugin Request History Report

• Get Members Report

• Get Security Alerts by Vulnerability Report

• Get Security Alerts by Library Report

• Get License and Compliance Alerts Report

Licenses and Library APIs

• Get Licenses

• Get Licenses Histogram

• Get Licenses Text Zip File

• Get Copyrights Text File

• Get Notices Text File

• Set Library Notices

• Get Library Locations

• Change Original Library

Global Org/Organization/Product/Project APIs

• Create Global Organization

• Assign Global Organization to an Organization

• Remove Global Organization from an Organization

• Get Organizations

• Get Organization Details

• Change Organization Policy Owner

• Get Products

• Get Organization Product Vitals

• Get Projects

• Get Organization Project Vitals

• Get Product Project Vitals

• Get Project Vitals

• Get In-House Libraries

• Unmark In-House Libraries

Product and Project-Level APIs

• Create Product

• Delete Product

• Get Product Tags

• Get Organization Product Tags

• Save a Product Tag

• Remove a Product Tag

• Create Project

• Delete Project

• Get Organization Project Tags

• Get Product Project Tags

• Get Project Tags

• Save a Project Tag

• Get Project Hierarchy

• Get Project Inventory

• Get Project State

• Get Project Library Source Files

• Get Project Library Dependencies

• Define Project Setup Notification Configuration

• Get Plugin Request State