# API documentation

# Introduction

All users with the role admin have access to our open API, which lets you upload dependency files. This is also the API used by Debricked CLI.

Additionally, if your account has the API feature enabled you can also access our extended API for interacting with Debricked in more ways. It for example provides several endpoints for managing your products and releases, a list of vulnerabilities of a given component and more.

Base URL for API: https://app.debricked.com/api

Current version URL: https://app.debricked.com/api/1.0

Open API reference/Sandbox (opens new window)

Extended API reference/Sandbox (opens new window)

# Authenticate

The API uses JWT-tokens (opens new window) for authentication.

# Getting your token

In order to get a JWT-token you need to provide your username and password to the https://app.debricked.com/api/login_check page.

Using curl the call would look like this:

curl -X POST https://app.debricked.com/api/login_check -d _username=YOUR_USERNAME -d _password=YOUR_PASSWORD

If successful, the response will contain your token:


The token has a lifetime of about an hour. If the JWT-token is invalid, such as if the token has expired, a 401 status code will be returned. You should therefore implement a way of automatically getting a new token every time you receive a 401 status code from any API call.


The JWT-token has a lifetime of about an hour.

# Using your token

When you have your token you need to pass it to the Authorization HTTP header with the value Bearer YOUR_VERY_LONG_TOKEN on each API call.

# Need assistance?

Contact our technical support at support@debricked.com