App Inspections API¶
Use the App Inspections API to request an application inspection or get an inspection report that was previously generated for the latest version of the application. Use an Inspection Report to evaluate an app against your organization’s unique set of criteria so that you can make an informed decision about whether an app is safe and reliable. This data can also help you determine the most appropriate set of application policies to apply to the application. While an inspection is pending, or if unacceptable risk is detected, you can disable the app within the App Catalog to prohibit users from installing it.
Apperian integrates with Kryptowire to perform application inspections. Kryptowire employs static, dynamic, and behavioral analysis to immediately discover the hidden actions of apps and generate an inspection report that qualifies and quantifies an app’s reputation. For more information on app inspections, see Inspect an Application.
Note
Inspecting applications is a premium feature that is disabled by default. If you are interested in using this feature and it is not enabled for your organization, contact your Apperian Sales representative. You will need to enter your Kryptowire API key on the Settings page in the Admin Portal before you can perform any inspections. For instructions, see Set the Kryptowire API Key for Application Inspections
Resources¶
-
GET/v2/applications/(application)/inspections/¶ Get Inspection Report for Latest Version of Application
Requires administrator privileges. Authenticate as an Apperian administrator.
Gets the inspection report for the latest version of the application, if one is available. If a report has not yet been generated for the application, this resource returns an error. Use the POST /applications/<application>/inspections/ resource to request an inspection report for the application.
URLs
Environment URL North America https://na01ws.apperian.com/v2/applications/<application>/inspections/?provider=kryptowire Europe https://eu01ws.apperian.eu/v2/applications/<application>/inspections/?provider=kryptowire URL Parameters
- application
- (Required) Unique ID of the application for which you want to retrieve the inspection report. DATA TYPE: string
- provider
- (Required) Specifies the service provider for the application inspection:
kryptowire.
Header Parameter
- X-TOKEN
- (Required) API token or User token (POST /users/authenticate). For more information, see Authentication.
Data Parameters
None
Example Request
curl -X GET "https://na01ws.apperian.com/v2/applications/Da7X7EENA0D82j5vA9T5KQ/inspections/? provider=kryptowire" --header "X-TOKEN: eTg8ktZXRqKIBJTHunwP6A"
Example Response
The following response shows a portion of a report. To view a response showing a complete report, see inspectionreport.
. . . }, "format_type": "json", "inspection_status": 3, "report": { "provider": 3, "psk": 55, "report_json": { "analysis": { "Ad Networks": [], "Cloud Storage Services": [], "Constants": { "URLs": [ "http://analytics.localytics.com/api/v2/applications/%@/uploads", "http://www.apple.com/DTDs/PropertyList-1.0.dtd", "http://www.apple.com/appleca/root.crl0", "https://www.apple.com/appleca/0", "http://ocsp.apple.com/ocsp-wwdr010", "http://www.apple.com/appleca/0" ] }, "Cryptographic Operations": [], "File Access": [ { "filepath": "/private/var/mobile/Containers/Bundle/Application/ E93CA3DE-7DD5-458A-8CFE-41F0FF3469AD/Actions.app/en.lproj/MainWindow.nib", "mode": "Read Only" }, { "filepath": "/private/var/mobile/Containers/Bundle/Application/ E93CA3DE-7DD5-458A-8CFE-41F0FF3469AD/Actions.app/en.lproj/GetLocationView.nib", "mode": "Read Only" }, { "filepath": "/var/mobile/Library/Caches/com.apple.MobileGestalt.plist", "mode": "Read Only" }, { "filepath": "/private/var/mobile/Containers/Bundle/Application/ E93CA3DE-7DD5-458A-8CFE-41F0FF3469AD/Actions.app/pin.png", "mode": "Read Only" }, { "filepath": "/var/mobile/Library/Caches/com.apple.UIStatusBar/version", "mode": "Read Only" }, { "filepath": "/private/var/mobile/Containers/Bundle/Application/ E93CA3DE-7DD5-458A-8CFE-41F0FF3469AD/Actions.app/en.lproj/TrackLocationView.nib", "mode": "Read Only" }, { "filepath": "/private/var/mobile/Containers/Bundle/Application/ E93CA3DE-7DD5-458A-8CFE-41F0FF3469AD/Actions.app/en.lproj/GetLocationSetupView.nib", "mode": "Read Only" }, { "filepath": "/private/var/mobile/Containers/Data/Application/ 100E3965-8852-4123-A572-4FC8CFE1B195/Library/Cookies/Cookies.binarycookies", "mode": "Read Only" }, { "filepath": "/private/var/mobile/Library/Preferences/com.kryptowire.kwiretracer.plist", "mode": "Read Only" }, { "filepath": "/private/var/mobile/Containers/Bundle/Application/ E93CA3DE-7DD5-458A-8CFE-41F0FF3469AD/Actions.app/bullseye.png", "mode": "Read Only" }, { "filepath": "/private/var/mobile/Containers/Bundle/Application/ E93CA3DE-7DD5-458A-8CFE-41F0FF3469AD/Actions.app/en.lproj/Localizable.strings", "mode": "Read Only" }, { "filepath": "/private/var/mobile/Containers/Bundle/Application/ E93CA3DE-7DD5-458A-8CFE-41F0FF3469AD/Actions.app/en.lproj/TrackLocationSetupView.nib", "mode": "Read Only" }, { "filepath": "/private/var/mobile/Containers/Bundle/Application/ E93CA3DE-7DD5-458A-8CFE-41F0FF3469AD/Actions.app/en.lproj/Localizable.stringsdict", "mode": "Read Only" } ], "Foreign Connections": [], "Hardcoded IVs": [], "Hardcoded Keys": [], "Hash Operations": [ { "Algorithm": "SHA1", "Method": "CC_SHA1", "dataIn": "RkZGRkZGRkZDQjZEOEVCQkQ2QTk0QzZBOUZDMzhENjk1QjQzNzc2OQ==", "dataOut": "R4jw5jOBskSz21BAhSdcB3gAW38=", "data_hash": "4788f0e63381b244b3db504085275c0778005b7f", "data_input": "FFFFFFFFCB6D8EBBD6A94C6A9FC38D695B437769" } ], "Libraries Used": { "Dynamic Libraries": [], "System Frameworks": { "CoreFoundation.framework": { "description": "Provides fundamental software services, including abstractions for common data types, string utilities, date and time management, collection utilities, resource management, and preferences.", "framework": "CoreFoundation.framework", "path": "/System/Library/Frameworks/CoreFoundation.framework/CoreFoundation", "requires_permission": 0, "version": "compatibility version 150.0.0, current version 847.24.0" }, "CoreGraphics.framework": { "description": "Contains the interfaces for Quartz 2D Graphics.", "framework": "CoreGraphics.framework", "path": "/System/Library/Frameworks/CoreGraphics.framework/CoreGraphics", "requires_permission": 0, "version": "compatibility version 64.0.0, current version 600.0.0" }, "CoreLocation.framework": { "description": "Contains the interfaces for determining a user's location and provides location and heading information to apps. For location information, the framework uses the onboard GPS, cell, or Wi-Fi radios to find the user's current longitude and latitude. Core Location also provides the following capabilities: <br />Access to compass-based heading information on iOS devices that include a magnetometer<br /> Support for region monitoring based on a geographic location or Bluetooth beacon<br />Support for low-power location-monitoring using cell towers", "framework": "CoreLocation.framework", "path": "/System/Library/Frameworks/CoreLocation.framework/CoreLocation", "requires_permission": 1, "version": "compatibility version 1.0.0, current version 1613.35.0" }, "Foundation.framework": { "description": "Contains interfaces for managing strings, collections, and other low-level data types.", "framework": "Foundation.framework", "path": "/System/Library/Frameworks/Foundation.framework/Foundation", "requires_permission": 0, "version": "compatibility version 300.0.0, current version 1047.25.0" }, "UIKit.framework": { "description": "Contains classes and methods for the iOS application user interface layer (included automatically in all applications).", "framework": "UIKit.framework", "path": "/System/Library/Frameworks/UIKit.framework/UIKit", "requires_permission": 0, "version": "compatibility version 1.0.0, current version 2935.137.0" } }, . . . }
-
POST/v1/applications/(application)/inspections/¶ Request Inspection Report
Requires administrator privileges. Authenticate as an Apperian administrator.
Requests an inspection report for the application.
URLs
Environment URL North America https://na01ws.apperian.com/v1/applications/<application>/inspections/?provider=kryptowire Europe https://eu01ws.apperian.eu/v1/applications/<application>/inspections/?provider=kryptowire URL Parameters
- application
- (Required) Unique ID of the application you want to inspect. DATA TYPE: string
- provider
- (Required) Specifies the service provider for the application inspection:
kryptowire.
Header Parameter
- X-TOKEN
- (Required) API token or User token (POST /users/authenticate). For more information, see Authentication.
Data Parameters
None
Example Request
curl -X POST "https://na01ws.apperian.com/v1/applications/123/inspections/?provider=kryptowire" --header "X-TOKEN: eTg8ktZXRqKIBJTHunwP6A"
Example Response
In the response, inspection_status indicates the status of the request:
- -1 (Error) An error occured during the inspection.
- 1 (Uploading) The report is uploading to the App Inspection Provider.
- 2 (Pending) Apperian is waiting for a response from App Inspection Provider; the report should be available
- shortly.
- 3 (Verified) The report is ready and available.
{ "inspection_status": 3 }
-
PUT/v1/applications/(application)/inspections/cancel/¶ Cancel Application Inspection
Requires administrator privileges. Authenticate as an Apperian administrator.
Cancels an in-progress application inspection.
URLs
Environment URL North America https://na01ws.apperian.com/v1/applications/<application>/inspections/cancel?provider=kryptowire Europe https://eu01ws.apperian.eu/v1/applications/<application>/inspections/cancel?provider=kryptowire URL Parameters
- application
- (Required) Unique ID of the application for which you want to cancel the in-progress inspection. DATA TYPE: string
- provider
- (Required) Specifies the service provider for the application inspection:
kryptowire.
Header Parameters
- X-TOKEN
- (Required) API token or User token (POST /users/authenticate). For more information, see Authentication.
Data Parameters
None
Example Request
curl -X PUT https://na01ws.apperian.com/v1/applications/6413/inspections/cancel?provider=kryptowire --header "X-TOKEN: hShU5OD-SiadD8gyC_K4HA"Example Response
{ "canceled": True }