Datenimport/-export Schnittstelle/en: Unterschied zwischen den Versionen

Aktuelle Version vom 13. März 2024, 14:54 Uhr

The data import/export interface of HITGuard is a REST API that complies with the OpenAPI 3.0 specification. It is therefore an API that can be used by applications.

This page describes how to enable the REST API, how to get permission to use the REST API (ApiKeys) and where to find the REST API documentation (SwaggerUI).

Successfully performed imports also generate an import log in the menu item Data import ("Administration → Data import | Import logs)!

Configuration

To enable the REST API, the following property must be set in the configuration file "appsettings.json":

"RestApi": { "Enabled": true }

If this property does not exist or it is set to "false", the REST API is completely disabled and Administrators will no longer see the ApiKey section under their profile nor the REST API settings under Global Settings.

Settings

If the REST API has been enabled in "appsettings.json", Administrators will find a new area in the Global Settings, where the REST API can be enabled and disabled at any time.

Activate REST API:

This option enables the endpoints of the REST API. If this option is disabled, the REST API does not accept any requests.

Activate SwaggerUI:

This option enables the SwaggerUI, which is an interactive documentation of the REST API. It can be accessed at "/swagger".

This option has no effect on the functionality of the REST API. If it is disabled, the REST API will still work if it is enabled.

This page is only relevant for developers who want to communicate with the REST API.

If the documentation is no longer needed, the SwaggerUI page should be disabled.

Swagger/OpenAPI documentation

As described before, the documentation of the REST API can be found under "/swagger" when the SwaggerUI is enabled.

On this page, developers will find all the information they need to communicate with the REST API.

On this page, you also find the JSON description of the REST API. This description can be used by tools (e.g. editor.swagger.io) to automatically generate clients for the REST API.

Overview
Structural analysis edges	PUT/api/asset-edges → Adds relationships in the structural analysis between resources, organizational units, processes, and data categories.
Tickets	PUT/api/tickets → Creates a new ticket in a management system or updates it. DELETE/api/tickets/{id} → Deletes a ticket by its external ID.
Management systems	GET/api/management-systems → Produces a list of the available management systems. This list contains the management system IDs.
Users	DELETE/api/users/deactivate/{userName} → Deactivates or deactivates and anonymizes a user by the username.
Data categories	PUT/api/data-categories → Creates new data categories or updates them. GET/api/data-categories → Produces a list of the available data categories. GET/api/data-categories/data-classes → Produces a list of the available data classes. DELETE/api/data-categories/{id} → Deletes a data category by the external key.
Measures	PUT/api/measures → Creates a new measure or updates it. PUT/api/measures/close/{id} → Puts a measure into the state "Completed" by the ID. PUT/api/measures/close/byKey/{id} → Puts a measure into the state "Completed" by the external ID. DELETE/api/measures/{id} → Löscht eine Maßnahme anhand der ID. GET/api/measures/{state} → Produces a list of all measures in a specific state.
Organizational units	PUT/api/org-units → Creates an organizational unit or updates it. GET/api/org-units → Produces a list of organizational units. DELETE/api/org-units/{id} → Deletes an organizational unit by the ID.
Processes	PUT/api/processes → Creates a process or updates it. GET/api/processes → Produces a list of processes. DELETE/api/processes/{id} → Deletes a process by the ID.
Resources	PUT/api/resources → Creates a resource or updates it. GET/api/resources → Produces a list of resources. GET/api/resources/{id} → Retrieves the information of a specific resource by the ID. DELETE/api/resources/{id} → Deletes a resource by the ID.
Risks	PUT/api/risks → Creates a risk in a management system or updates it. GET/api/risks/{managementSystemId} → Produces a list of all available risks of a management system. GET/api/risks/byKey/{riskExternalId} → Retrieves the information of a specific risk by the ID. DELETE/api/risks/{id} → Deletes a risk by the ID.

ApiKeys

All endpoints of the REST API are secured via ApiKeys!

In order for requests to the REST API to be accepted, a valid ApiKey must be sent in the authorization header of each request.

ApiKeys can only be created by Administrators on their profile (click on the profile picture). Each Administrator can have only one valid ApiKey at any time.

ApiKeys can be created with an expiration date. When the ApiKey expires, no more requests can be made with it.

The ApiKey is shown only once! If you do not copy it at that moment, you need to create a new ApiKey. By clicking on the button to the left of the ApiKey, the ApiKey will be copied to your clipboard. Make sure that you save the ApiKey in a safe location.

An Administrator can revoke their own ApiKey at any time, which means that no more requests can be made via that ApiKey afterwards.

To manage ApiKeys, it is recommended to create an Administrator for each application that controls the REST API and thus to obtain an ApiKey for each application. This way, access can be taken away from an application at any time.

@@ Zeile 3: / Zeile 3: @@
 This page describes how to enable the REST API, how to get permission to use the REST API (ApiKeys) and where to find the REST API documentation (SwaggerUI).
-== Konfiguration ==
+Successfully performed imports also generate an import log in the menu item Data import ([[Special:MyLanguage/Datenimport|"Administration → Data import | <u>Import logs</u>]])!
-Um die REST Schnittstelle zu aktivieren, muss in der Konfigurationsdatei "appsettings.json" folgendes Property gesetzt sein:
+[[Datei:REST API Importprotokoll.png|thumb|left|900px]]<br clear=all>
+<span id="Konfiguration"></span>
+== Configuration ==
+To enable the REST API, the following property must be set in the configuration file "appsettings.json":
 * <code>"RestApi": { "Enabled": true } </code>
-Existiert dieses Property nicht oder es ist auf "false" gesetzt, ist die REST Schnittstelle komplett deaktiviert und Administratoren sehen den Abschnitt "ApiKey" unter ihrem Profil nicht mehr.
+If this property does not exist or it is set to "false", the REST API is completely disabled and Administrators will no longer see the ApiKey section under their profile nor the REST API settings under Global Settings.
-== Einstellungen ==
+<span id="Einstellungen"></span>
+== Settings ==
-Wurde die REST Schnittstelle im "appsettings.json" aktiviert, finden <b>Administratoren</b> einen neuen Bereich in den Globalen Einstellungen über den die REST Schnittstelle jederzeit aktiviert und deaktiviert werden kann.
+If the REST API has been enabled in "appsettings.json", <b>Administrators</b> will find a new area in the Global Settings, where the REST API can be enabled and disabled at any time.
-[[Datei:REST API Einstellungen.png|thumb|left|900px]]<br clear=all>
+[[Datei:REST API Einstellungen.png|thumb|left|902px]]<br clear=all>
-* REST Schnittstelle aktivieren:
+* Activate REST API:
-:: Diese Option aktiviert die Endpunkte der REST Schnittstelle. Ist diese Option deaktiviert, dann nimmt die REST Schnittstelle keine Request entgegen.
+:: This option enables the endpoints of the REST API. If this option is disabled, the REST API does not accept any requests.
-* SwaggerUI aktivieren:
+* Activate SwaggerUI:
-:: Diese Option aktiviert die SwaggerUI, dabei handelt es sich um eine interaktive Dokumentation der REST Schnittstelle. Sie kann unter "/swagger" erreicht werden.
+:: This option enables the SwaggerUI, which is an interactive documentation of the REST API. It can be accessed at "/swagger".
-::Diese Option hat keine Auswirkung auf die Funktionalität der REST Schnittstelle. Wird sie deaktiviert, funktioniert die REST Schnittstelle, sofern sie aktiviert ist, trotzdem.
+::This option has no effect on the functionality of the REST API. If it is disabled, the REST API will still work if it is enabled.
-:: Diese Seite ist nur für Entwickler relevant die mit der REST Schnittstelle kommunizieren möchten.
+:: This page is only relevant for developers who want to communicate with the REST API.
-:: Wird die Dokumentation nicht mehr benötigt, sollte die SwaggerUI Seite deaktiviert werden.
+:: If the documentation is no longer needed, the SwaggerUI page should be disabled.
-== Swagger / OpenAPI Dokumentation ==
+<span id="Swagger/OpenAPI_Dokumentation"></span>
+== Swagger/OpenAPI documentation ==
-Wie vorher beschrieben, findet man die Dokumentation der REST Schnittstelle unter "/swagger" wenn die SwaggerUI aktiviert ist.
+As described before, the documentation of the REST API can be found under "/swagger" when the SwaggerUI is enabled.
-Auf dieser Seite finden Entwickler alle Informationen die Sie benötigen um die REST Schnittstelle anzusprechen.
+On this page, developers will find all the information they need to communicate with the REST API.
-Auf dieser Seite ist auch die JSON Beschreibung der REST Schnittstelle zu finden. Diese Beschreibung kann von Tools (z.b [https://editor.swagger.io/| editor.swagger.io]) verwendet werden um automatisch Clients für die REST Schnittstelle zu generieren.
+On this page, you also find the JSON description of the REST API. This description can be used by tools (e.g. [https://editor.swagger.io/| editor.swagger.io]) to automatically generate clients for the REST API.
 [[Datei:REST API Swagger.png|thumb|left|900px|SwaggerUI]]<br clear=all>
+{| class="wikitable"
+! colspan="2" | <b>Overview</b>
+|-
+!Structural analysis edges
+|PUT/api/asset-edges → Adds relationships in the structural analysis between resources, organizational units, processes, and data categories.
+|-
+!Tickets
+|PUT/api/tickets → Creates a new ticket in a management system or updates it.<br>DELETE/api/tickets/{id} → Deletes a ticket by its external ID.
+|-
+!Management systems
+|GET/api/management-systems → Produces a list of the available management systems. This list contains the management system IDs.
+|-
+!Users
+|DELETE/api/users/deactivate/{userName} → Deactivates or deactivates and anonymizes a user by the username.
+|-
+!Data categories
+|PUT/api/data-categories → Creates new data categories or updates them.<br>GET/api/data-categories → Produces a list of the available data categories.<br>GET/api/data-categories/data-classes → Produces a list of the available data classes.<br>DELETE/api/data-categories/{id} → Deletes a data category by the external key.
+|-
+!Measures
+|PUT/api/measures → Creates a new measure or updates it.<br>PUT/api/measures/close/{id} → Puts a measure into the state "Completed" by the ID.<br>PUT/api/measures/close/byKey/{id} → Puts a measure into the state "Completed" by the external ID.<br>DELETE/api/measures/{id} → Löscht eine Maßnahme anhand der ID.<br>GET/api/measures/{state} → Produces a list of all measures in a specific state.
+|-
+!Organizational units
+|PUT/api/org-units → Creates an organizational unit or updates it.<br>GET/api/org-units → Produces a list of organizational units.<br>DELETE/api/org-units/{id} → Deletes an organizational unit by the ID.
+|-
+!Processes
+|PUT/api/processes → Creates a process or updates it.<br>GET/api/processes → Produces a list of processes.<br>DELETE/api/processes/{id} → Deletes a process by the ID.
+|-
+!Resources
+|PUT/api/resources → Creates a resource or updates it.<br>GET/api/resources → Produces a list of resources.<br>GET/api/resources/{id} → Retrieves the information of a specific resource by the ID.<br>DELETE/api/resources/{id} → Deletes a resource by the ID.
+|-
+!Risks
+|PUT/api/risks → Creates a risk in a management system or updates it.<br>GET/api/risks/{managementSystemId} → Produces a list of all available risks of a management system.<br>GET/api/risks/byKey/{riskExternalId} → Retrieves the information of a specific risk by the ID.<br>DELETE/api/risks/{id} → Deletes a risk by the ID.
+|-
+|}
 == ApiKeys ==
-<b>Alle</b> Endpunkte der REST Schnittstelle sind über ApiKeys gesichert!
+<b>All</b> endpoints of the REST API are secured via ApiKeys!
-Damit Requests an die REST Schnittstelle erfolgreich durchgeführt werden können, muss in jedem Request ein gültiger ApiKey im "Authorization" Header mit gesendet werden.
+In order for requests to the REST API to be accepted, a valid ApiKey must be sent in the <b>authorization header</b> of each request.
-ApiKeys können dabei nur von Administratoren unter ihrem Profil (klicken auf das Profilbild) erstellt werden. Jeder Administrator kann zu jedem Zeitpunkt nur einen gültigen ApiKey haben.
+ApiKeys can only be created by Administrators on their profile (click on the profile picture). Each Administrator can have only one valid ApiKey at any time.
-[[Datei:REST API ApiKey Abschnitt.png|thumb|left|900px| Abschnitt zum Verwalten des ApiKeys]]<br clear=all>
+[[Datei:REST API ApiKey Abschnitt.png|thumb|left|900px| Section to manage ApiKey]]<br clear=all>
-ApiKeys können mit einem Ablaufdatum erstellt werden. Wenn der ApiKey abläuft, können mit ihm keine Requests mehr durchgeführt werden.
+ApiKeys can be created with an expiration date. When the ApiKey expires, no more requests can be made with it.
-[[Datei:REST API ApiKey generieren.png|thumb|left|900px| ApiKey generieren]]<br clear=all>
+[[Datei:REST API ApiKey generieren.png|thumb|left|900px| Generate ApiKey ]]<br clear=all>
-Der ApiKey wird nur ein einziges mal angezeigt! Wenn Sie ihn hier nicht kopieren, müssen Sie einen neuen ApiKey erzeugen. Durch klicken auf den Button links neben dem ApiKey, wird der ApiKey in Ihre Zwischenablage kopiert. Stellen Sie sicher, dass sie den ApiKey an einem sicheren Ort ablegen.
+The ApiKey is shown only once! If you do not copy it at that moment, you need to create a new ApiKey. By clicking on the button to the left of the ApiKey, the ApiKey will be copied to your clipboard. Make sure that you save the ApiKey in a safe location.
-[[Datei:REST API ApiKey kopieren.png|thumb|left|900px| ApiKey kopieren]]<br clear=all>
+[[Datei:REST API ApiKey kopieren.png|thumb|left|900px| Copy ApiKey ]]<br clear=all>
-Ein Administrator kann aber seinen eigenen ApiKey jederzeit widerrufen, wodurch über den ApiKey anschließend keine Requests mehr durchgeführt werden können.
+An Administrator can revoke their own ApiKey at any time, which means that no more requests can be made via that ApiKey afterwards.
-[[Datei:REST API ApiKey widerrufen.png|thumb|left|900px| ApiKey Widerrufen]]<br clear=all>
+[[Datei:REST API ApiKey widerrufen.png|thumb|left|900px| Revoke ApiKey]]<br clear=all>
-Um ApiKeys zu verwalten empfiehlt es sich pro Applikation, die die REST Schnittstelle ansteuert, einen Administrator anzulegen um einen ApiKey pro Applikation zu bekommen. Dadurch kann einer Applikation jederzeit der Zugriff genommen werden.
+To manage ApiKeys, it is recommended to create an Administrator for each application that controls the REST API and thus to obtain an ApiKey for each application. This way, access can be taken away from an application at any time.