App Inspections API

Use the App Inspections API to request an application inspection or get an inspection report that was previously generated for the latest version of the application. Use an Inspection Report to evaluate an app against your organization’s unique set of criteria so that you can make an informed decision about whether an app is safe and reliable. This data can also help you determine the most appropriate set of application policies to apply to the application. While an inspection is pending, or if unacceptable risk is detected, you can disable the app within the App Catalog to prohibit users from installing it.

EASE integrates with two different services to perform inspections: Appthority™ and Kryptowire. Both of these providers employ static, dynamic, and behavioral analysis to immediately discover the hidden actions of apps and generate an inspection report that qualifies and quantifies an app’s reputation. For more information on app inspections, see Inspect an Application.

Note

Inspecting applications is a premium feature that is disabled by default. If you are interested in using this feature and it is not enabled for your organization, contact your Apperian Sales representative. Note that if you are enabled to use Kryptowire, you need to enter your Kryptowire API key on the Settings page in the EASE Portal before you can perform any inspections. For instructions, see Set the Kryptowire API Key for Application Inspections

Resources

GET /v1/applications/(app_psk)/inspections/

Get Inspection Report for Latest Version of Application

Requires administrator privileges. Authenticate as an EASE administrator.

Gets the inspection report for the latest version of the application, if one is available. If a report has not yet been generated for the application, this resource returns an error. Use the POST /applications/(app_psk)/inspections/ resource to request an inspection report for the application.

URLs

Environment URL
North America https://na01ws.apperian.com/v1/applications/<int:app_psk>/inspections/?provider=kryptowire
Europe https://eu01ws.apperian.eu/v1/applications/<int:app_psk>/inspections/?provider=kryptowire

URL Parameters

app_psk
(Required) Unique ID of the application for which you want to retrieve the inspection report. DATA TYPE: integer
provider
(Optional) Specifies the service provider for the application inspection: appthority or kryptowire. If this parameter is not included, it defaults to appthority.

Header Parameter

X-TOKEN
(Required) Session token returned by POST /users/authenticate.

Data Parameters

None

Example Request

curl -X GET "https://na01ws.apperian.com/v1/applications/123/inspections/?provider=kryptowire" --header "X-TOKEN: eTg8ktZXRqKIBJTHunwP6A"

Example Response

The following response shows a portion of a report. To view a response showing a complete report, see Sample Application Inspection Report.

{
   "report": {
         "psk": 540,
         "verified_date": "2014-02-23T18:51:56.676763+00:00",
         "version": {
           "psk": 24664
         },
         "report_json": {
           "short": {
                 "reports_stores_creds_no_encypt": "false",
                 "receive_encrypted": true,
                 "ad_networks": false,
                 "reports_sends_address_book": "false",
                 "reports_sends_email_arch": "false",
                 "twitter": false,
                 "reports_buy_apps": "false",
                 "receive_mms": false,
                 "app_id": 2408962,
                 "buy_apps": false,
                 "reports_sends_udid": "false",
                 "reports_identify_user": "true",
                 "reports_attempts_root_device": "false",
                 "reports_mic": "false",
                 "reports_sends_sms_archive": "false",
                 "receive_sms": false,
                 "reports_camera": "false",
                 "malware": false,
                 "identify_user": true,
                 "reports_cloud_storage_required": "false",
                 "reports_sends_imei": "false",
                 "send_encrypted": true,
                 "send_mms": false,
                 "reports_crash": "false",
                 "platform": 20,
                 "version": "0",
                 "reports_ad_networks": "false",
                 "application_name": null,
                 "reports_agad_detected": "false",
                 "permission": [],
                 "reports_sends_calendar": "false",
                 "publisher": "Unknown",
                 "reports_bluetooth": "false",
                 "reports_read_calendar": "false",
                 "location_tracking": true,
                 "social_networking": false,
                 "facebook": false,
                 "read_address_book": false,
                 "vpn": false,
                 "reports_cloud_storage": "false",
                 "voip": false,
                 "reports_sms_activity": "false",
                 "reports_read_address_book": "false",
                 "reports_internet": "true",
                 "read_calendar": false,
                 "reports_malware_detected": "false",
                 "reports_cloud_storage_default": "false",
                 "reports_social_networking": "false",
                 "read_emails": false,
                 "send_sms": false,
                 "reports_spyware_detected": "false",
                 "reports_location_tracking": "true",
                 "source": "User",
                 "urls": [
                   "analytics.localytics.com",
                   "subject.CN",
                   "www.apple.com",
                   "developer.apple.com"
 .
 .
 .

}
POST /v1/applications/(app_psk)/inspections/

Request Inspection Report

Requires administrator privileges. Authenticate as an EASE administrator.

Requests an inspection report for the application.

URLs

Environment URL
North America https://na01ws.apperian.com/v1/applications/<int:app_psk>/inspections/?provider=kryptowire
Europe https://eu01ws.apperian.eu/v1/applications/<int:app_psk>/inspections/?provider=kryptowire

URL Parameters

app_psk
(Required) Unique ID of the application you want to inspect. DATA TYPE: integer
provider
(Optional) Specifies the service provider for the application inspection: appthority or kryptowire. If this parameter is not included, it defaults to appthority.

Header Parameter

X-TOKEN
(Required) Session token returned by POST /users/authenticate.

Data Parameters

None

Example Request

curl -X POST "https://na01ws.apperian.com/v1/applications/123/inspections/?provider=kryptowire" --header "X-TOKEN: eTg8ktZXRqKIBJTHunwP6A"

Example Response

In the response, inspection_status indicates the status of the request:

  • -1 (Error) An error occured during the inspection.
  • 1 (Uploading) The report is uploading to the App Inspection Provider.
  • 2 (Pending) EASE is waiting for a response from App Inspection Provider; the report should be available shortly.
  • 3 (Verified) The report is ready and available.
{
  "inspection_status": 3
}
PUT /v1/applications/(app_psk)/inspections/cancel/

Cancel Application Inspection

Requires administrator privileges. Authenticate as an EASE administrator.

Cancels an in-progress application inspection.

URLs

Environment URL
North America https://na01ws.apperian.com/v1/applications/<int:app_psk>/inspections/cancel?provider=kryptowire
Europe https://eu01ws.apperian.eu/v1/applications/<int:app_psk>/inspections/cancel?provider=kryptowire

URL Parameters

app_psk
(Required) Unique ID of the application for which you want to cancel the in-progress inspection. DATA TYPE: integer
provider
(Optional) Specifies the service provider for the application inspection: appthority or kryptowire. If this parameter is not included, it defaults to appthority.

Header Parameters

X-TOKEN
(Required) Session token returned by POST /users/authenticate.

Data Parameters

None

Example Request

curl -X PUT https://na01ws.apperian.com/v1/applications/6413/inspections/cancel?provider=kryptowire --header "X-TOKEN: hShU5OD-SiadD8gyC_K4HA"

Example Response

{
     "canceled": True
}