REST API Docs

REST API Key: b76ac0ea071e987b9519ca6da8bf671561b0979e6a4f0717eb4f703099bc086c

api/v1/upload - Upload a File
api/v1/scan - Scan a File
api/v1/scans - Display Recent Scans
api/v1/delete_scan - Delete a Scan
api/v1/download_pdf - Download PDF Report
api/v1/report_json - Generate JSON Report
api/v1/view_source - View Source Files

Upload File API

API to upload a file. Supported file types are apk, zip, ipa and appx.

URL: /api/v1/upload
Method: POST
Header: Authorization:<api_key>
Data Params

Param Name	Param Value	Required
file	`multipart/form-data`	Yes

Success Response:
- Code: 200
  Content-Type: application/json; charset=utf-8
  Content: {"file_name": "diva-beta.apk", "hash": "82ab8b2193b3cfb1c737e3a786be363a", "scan_type": "apk"}
Error Response:
- Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
  Content-Type: application/json; charset=utf-8
  Content: {"error": <error message> }
OR
- Code: 401 Unauthorized
  Content-Type: application/json; charset=utf-8
  Content: {"error": "You are unauthorized to make this request." }

Sample Call:

curl -F 'file=@/Users/ajin/Desktop/diva-beta.apk' http://localhost:8000/api/v1/upload -H "Authorization:563d64fc5054d3b239ac0419f1d6b2378465f5c80e1778c283eb1e3265bdd7ae"

Scan File API

API to scan a file that is already uploaded.

URL: /api/v1/scan
Method: POST
Header: Authorization:<api_key>
Data Params

Param Name	Param Value	Required
scan_type	apk, zip, ipa, or appx	Yes
file_name	Name of the app with extension	Yes
hash	hash of the scan	Yes
re_scan	0 or 1, default is 0	No

Success Response:

Code: 200
Content-Type: application/json; charset=utf-8
Content:

{"act_count": "17", "api": {"Loading Native Code (Shared Library) ": {"path": 
["jakhar/aseem/diva/DivaJni.java"]}, "Local File I/O Operations": {"path": 
["jakhar/aseem/diva/InsecureDataStorage2Activity.java", "jakhar/aseem/diva/SQLInjectionActivity.java"]}, 
"Starting Activity": {"path": ["jakhar/aseem/diva/AccessControl1Activity.java", 
"jakhar/aseem/diva/AccessControl2Activity.java", "jakhar/aseem/diva/AccessControl3Activity.java", 
"jakhar/aseem/diva/MainActivity.java"]}, "Query Database of SMS, Contacts etc.": {"path": 
["jakhar/aseem/diva/AccessControl3NotesActivity.java", "jakhar/aseem/diva/NotesProvider.java"]}
SNIPPED

Error Response:
- Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
  Content-Type: application/json; charset=utf-8
  Content: {"error": <error message> }
OR
- Code: 401 Unauthorized
  Content-Type: application/json; charset=utf-8
  Content: {"error": "You are unauthorized to make this request." }

Sample Call:

curl -X POST --url http://localhost:8000/api/v1/scan --data "scan_type=apk&file_name=diva-beta.apk&hash=82ab8b2193b3cfb1c737e3a786be363a" -H "Authorization:563d64fc5054d3b239ac0419f1d6b2378465f5c80e1778c283eb1e3265bdd7ae"

Delete Scan API

API to delete scan results.

URL: /api/v1/delete_scan
Method: POST
Header: Authorization:<api_key>
Data Params

Param Name	Param Value	Required
hash	hash of the scan	Yes

Success Response:
- Code: 200
  Content-Type: application/json; charset=utf-8
  Content: {"deleted": "yes"} or {"deleted": "scan hash not found"}
Error Response:
- Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
  Content-Type: application/json; charset=utf-8
  Content: {"error": <error message> }
OR
- Code: 401 Unauthorized
  Content-Type: application/json; charset=utf-8
  Content: {"error": "You are unauthorized to make this request." }

Sample Call:

curl -X POST --url http://localhost:8000/api/v1/delete_scan --data "hash=82ab8b2193b3cfb1c737e3a786be363a" -H "Authorization:563d64fc5054d3b239ac0419f1d6b2378465f5c80e1778c283eb1e3265bdd7ae"

Generate PDF Report API

API to generate PDF Report

URL: /api/v1/download_pdf
Method: POST
Header: Authorization:<api_key>
Data Params

Param Name	Param Value	Required
hash	hash of the scan	Yes
scan_type	apk, andzip, ioszip, ipa, or appx	Yes

Success Response:
- Code: 200
  Content-Type: application/pdf
  Content: PDF Contents
Error Response:
- Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
  Content-Type: application/json; charset=utf-8
  Content: {"error": <error message> }
OR
- Code: 401 Unauthorized
  Content-Type: application/json; charset=utf-8
  Content: {"error": "You are unauthorized to make this request." }

Sample Call:

curl -X POST --url http://localhost:8000/api/v1/download_pdf --data "hash=82ab8b2193b3cfb1c737e3a786be363a&scan_type=apk" -H "Authorization:563d64fc5054d3b239ac0419f1d6b2378465f5c80e1778c283eb1e3265bdd7ae"

Generate JSON Report API

API to generate JSON Report

URL: /api/v1/report_json
Method: POST
Header: Authorization:<api_key>
Data Params

Param Name	Param Value	Required
hash	hash of the scan	Yes
scan_type	apk, andzip, ioszip, ipa, or appx	Yes

Success Response:
- Code: 200
  Content-Type: application/json; charset=utf-8
  Content: JSON Contents
Error Response:
- Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
  Content-Type: application/json; charset=utf-8
  Content: {"error": <error message> }
OR
- Code: 401 Unauthorized
  Content-Type: application/json; charset=utf-8
  Content: {"error": "You are unauthorized to make this request." }

Sample Call:

curl -X POST --url http://localhost:8000/api/v1/report_json --data "hash=82ab8b2193b3cfb1c737e3a786be363a&scan_type=apk" -H "Authorization:563d64fc5054d3b239ac0419f1d6b2378465f5c80e1778c283eb1e3265bdd7ae"

View Source Files API

API to view source files

URL: /api/v1/view_source
Method: POST
Header: Authorization:<api_key>
Data Params

Param Name	Param Value	Required
hash	hash of the scan	Yes
file	relative file path	Yes
type	`apk/ipa/studio/eclipse/ios`	Yes

Success Response:
- Code: 200
  Content-Type: application/json; charset=utf-8
  Content: JSON Contents
Error Response:
- Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
  Content-Type: application/json; charset=utf-8
  Content: {"error": <error message> }
OR
- Code: 401 Unauthorized
  Content-Type: application/json; charset=utf-8
  Content: {"error": "You are unauthorized to make this request." }

Sample Call:

curl -X POST --url http://localhost:8000/api/v1/view_source --data "hash=18e244926da1e49c5b8ffc1c30de8abc&type=apk&file=b/a/a/a/a/a.java" -H "Authorization:7e2ddf418b291d2e070496524d1b8599c31637f84055c5db632f49f1a613f5f5"

curl -X POST --url http://localhost:8000/api/v1/view_source --data "hash=6c23c2970551be15f32bbab0b5db0c71&type=ipa&file=classdump.txt" -H "Authorization:87e2ddf418b291d2e070496524d1b8599c31637f84055c5db632f49f1a613f5f5"

Display Recent Scans

API to Display Recent Scans

URL: /api/v1/scans
Method: GET
Header: Authorization:<api_key>
Data Params

Param Name	Param Value	Required
page	the number of page	1
page_size	per page size	10

Success Response:
- Code: 200
  Content-Type: application/json; charset=utf-8
  Content: { "content": [ { "id": 1, "NAME": "xxxxx.ipa", "MD5": "xxxxxxxxxxxxxxxxxxxxxxxxxxx", "URL": "StaticAnalyzer_iOS/?name=xxxxx.ipa&type=ipa&checksum=xxxxxxxxxxxxxxx", "TS": "2019-03-09T08:08:51.813Z" } ], "count": 1, "num_pages": 1 }
Error Response:
- Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
  Content-Type: application/json; charset=utf-8
  Content: {"error": <error message> }
OR
- Code: 401 Unauthorized
  Content-Type: application/json; charset=utf-8
  Content: {"error": "You are unauthorized to make this request." }

Sample Call:

curl --url "http://localhost:8000/api/v1/scans" -H "Authorization:87e2ddf418b291d2e070496524d1b8599c31637f84055c5db632f49f1a613f5f5"

curl --url "http://localhost:8000/api/v1/scans?page=1&page_size=10" -H "Authorization:87e2ddf418b291d2e070496524d1b8599c31637f84055c5db632f49f1a613f5f5"