Accessing the Public API through Postman

How to use Postman in order to query Delve's Public API and get a list of vulnerabilities matching a certain query criteria.

If you need to consume Delve's public OpenAPI-compatible API with Postman, this quick howto will guide you through the steps necessary to configure the Postman desktop application to access Delve's data through OAUTH2 authentication mechanism.

Step-by-step guide

Create a Public API Client in Delve

Follow the appropriate User Guide Section on Creating Public API Clients.

⚠️ For Postman, do use https://www.getpostman.com/oauth2/callback as a redirect URI.

Configure Postman and get a request token from the previously obtained authorization token

Start Postman and click on the "Import" button, Postman will ask for an API definition file. Direct it to your instance's API definition file, located at https://<INSTANCE>.wardenscanner.com/api/v2/spec/openapi-2.0.json

 

345702412

 

Once the API instance has been added to Postman, it will be present in the left panel under the name that was given at import time.

You can then right-click on the API instance and choose "edit" from the dropdown menu, to configure the API authentication mechanisms.

 

345669646

 

From the "Edit Collection" window that appears, navigate to the "Authorization" section.

 

345833474

 

From the "Type" dropdown in the left side of the window, choose "OAuth 2.0" to have the token value on the right.

 

345735200

 

In the right pane click on the "Get New Access Token" button, and use the following parameters to fill in the missing info:

Token Name: Choose a name for this token.

Grant Type: Authorization Code

Callback URL: https://www.getpostman.com/oauth2/callback

Auth URL: https://<YOUR_INSTANCE>.wardenscanner.com/auth/oauth2/authorize

Access TOken URL: https://<YOUR_INSTANCE>.wardenscanner.com/auth/oauth2/token

Client ID: The <CLIENT_ID> received previously.

Client Secret: The <CLIENT_SECRET> received previously.

Scope: read_only OR full_access (should match what you used in the Client ID creation interface)

State: Leave empty.

Client Authentication: leave untouched (Send as Basic Auth Bearer).

 

346095623

 

Once you click on the "Request Token" button you will be redirected to Delve's login page, where you can use the applicative user's login information to grant access to the API user.

 

345702423345702428

 

Once the authorization has been given, you will be redirected to a confirmation screen that shows the token characteristics.

 

345899021

 

After having clicked on the "Use Token", you will be taken back to the "Edit Collection" menu, where the token will now be visible on the right part of the screen.

 

346128397

 

After having clicked on "Update", the collection that was previously created can now run the requests through the API.

Navigate in the collection to the request of your choosing, and use the "Send" button to see Postman execute the API request and get the response.

 

346062858