If there are no errors the requested resource is returned in JSON format. For a GET request this can either be an object or a collection of objects. Both POST and PATCH requests return a single object that was created or modified by the request, representing its state after the action.

For convenience and to save API requests most objects contain sub objects. Sub objects are included or excluded based on their depth. For example, if you directly read out an application it also contains the user object of its creator. If you directly read out a scan it contains the application object but this application object does not contain the user object anymore.


Input always consists of a JSON object containing one or more additional objects. For a list of all possible parameters please refer to our detailed API specification.

For example, to create or update an application the following JSON message can be used:

Create New Application
  "application": {
    "name": "Project 1"

To create a new scan the following JSON message can be used. Besides the main object scan it also contains the object php that defines additional settings for the scan, in this case the PHP environment that should be simulated by the RIPS engine.

Create New Scan
  "scan": {
    "version": "1.2.3",
    "upload": 1
  "php": {
    "majorVersion": 7,
    "minorVersion": 0,
    "releaseVersion": 0