GuardRails

GuardRails

  • Languages iconEnglish
    • 中文

›API

Overview

  • Introduction
  • What is GuardRails
  • Getting started
  • Findings
  • Vulnerabilities
  • Configuration
  • Custom Engines
  • False Positives
  • Enforce Passing Checks
  • Build Status on Pull Requests
  • FAQ
  • Pricing
  • Glossary
  • Tools & Licenses

API

  • Usage Guide
  • Endpoints

Vulnerabilities

  • Introduction
  • General

    • Overview
    • Hard-Coded Secrets

    Apex

    • Overview
    • Insecure Access Control
    • Insecure Network Communication
    • Insecure Processing of Data
    • Insecure Use of Cryptography
    • Insecure Use of Language/Framework API
    • Insecure Use of SQL Queries

    C/C++

    • Overview
    • Insecure Access Control
    • Insecure File Management
    • Insecure Processing of Data
    • Insecure Use of Cryptography
    • Insecure Use of Dangerous Function

    Dotnet

    • Overview
    • Insecure Access Control
    • Insecure Configuration
    • Insecure File Management
    • Insecure Processing of Data
    • Insecure Use of Cryptography
    • Insecure Use of Dangerous Function
    • Insecure Use of SQL Queries
    • Using Vulnerable Libraries

    Elixir

    • Overview
    • Insecure Configuration
    • Insecure File Management
    • Insecure Processing of Data
    • Insecure Network Communication
    • Insecure Use of Dangerous Function
    • Insecure Use of Language/Framework API
    • Insecure Use of SQL Queries
    • Using Vulnerable Libraries

    Go

    • Overview
    • Insecure File Management
    • Insecure Network Communication
    • Insecure Processing of Data
    • Insecure Use of Cryptography
    • Insecure Use of Dangerous Function
    • Insecure Use of SQL Queries
    • Using Vulnerable Libraries

    Java

    • Overview
    • Using Vulnerable Libraries
    • Insecure Use of SQL Queries
    • Insecure Use of Dangerous Function
    • Insecure Use of Regular Expressions
    • Insecure Authentication
    • Insecure Configuration
    • Insecure File Management
    • Insecure Use of Cryptography
    • Insecure Use of Language/Framework API
    • Insecure Processing of Data
    • Insecure Network Communication

    Javascript/TypeScript

    • Overview
    • Insecure Authentication
    • Insecure Processing of Data
    • Insecure Use of SQL Queries
    • Insecure Use of Regular Expressions
    • Insecure Use of Language/Framework API
    • Insecure Use of Dangerous Function
    • Using Vulnerable Libraries

    Kubernetes

    • Overview
    • Insecure Access Control
    • Insecure Configuration
    • Insecure Network Communication

    PHP

    • Overview
    • Insecure Configuration
    • Insecure File Management
    • Insecure Network Communication
    • Insecure Processing of Data
    • Insecure Use of Dangerous Function
    • Insecure Use of Language/Framework API
    • Insecure Use of Regular Expressions
    • Insecure Use of SQL Queries
    • Using Vulnerable Libraries

    Python

    • Overview
    • Insecure Configuration
    • Insecure Use of Cryptography
    • Insecure Network Communication
    • Insecure Processing of Data
    • Insecure Use of Dangerous Function
    • Insecure Use of SQL Queries
    • Using Vulnerable Libraries

    Ruby

    • Overview
    • Insecure Access Control
    • Insecure Configuration
    • Insecure File Management
    • Insecure Network Communication
    • Insecure Processing of Data
    • Insecure Use of Dangerous Function
    • Insecure Use of Language/Framework API
    • Insecure Use of Regular Expressions
    • Insecure Use of SQL Queries
    • Using Vulnerable Libraries

    Rust

    • Overview
    • Using Vulnerable Libraries

    Solidity

    • Overview
    • Insecure Integer Arithmetic
    • Insecure Use of Low-Level Call
    • Reliance on Insecure Random Numbers
    • State Change After External Call
    • Transaction Order Dependence
    • Unprotected Critical Function
    • Use of Insecure Function
    • Dependence on Predictable Environment Variables
    • Write to Arbitrary Storage Location
    • Call to Untrusted Contract

    Terraform

    • Overview
    • Hard-Coded Secrets
    • Insecure Access Control
    • Insecure Configuration
    • Insecure Network Communication
    • Insecure Use of Cryptography

GuardRails API Usage Guide

Table of Contents

  • Pre-Requisites
  • Exchange API key for JWT
  • How to use the API

Pre-Requisites

To use the GuardRails API, you need to have a GuardRails account and obtained an API key. Note: For on-premise deployments, the GuardRails API is hosted on port 1444, e.g. https://guardrails.your-company.com:1444/swagger.

More information on how to get started can be found here.

Once you setup your GuardRails account you can generate your api key in the user's setting page in the dashboard.

API Key Generation

Exchange API Key for JWT

To access the GuardRails api, you must first get a valid GuardRails JWT. In the example below we are assuming that you are using bash and have curl and jq installed on your computer.

Start by adding your API key to a variable (this will be used in the subsequent command).

export API_KEY="" # The api key can be generated on the user account in the GuardRails dashboard.

Next, make a request (using curl) to get a valid JWT from the api key.

JWT_TOKEN=$(curl \
  --request POST \
  --header "Content-Type: application/json" \
  --data "{ \"apiKey\": \"$API_KEY\" }" \
  https://api.guardrails.io/v2/auth | jq -r '.jwtToken')

echo $JWT_TOKEN

Note: The JWT will expire after 6 hours, after that you will have to make a new request to get a new JWT token.

How to use the API

Now that you have a valid JWT you can start calling the GuardRails API. Here's an example of fetching all accounts (user and organizations) associated with the api key.

curl \
  --request GET \
  --header "Authorization: bearer $JWT_TOKEN" \
  "https://api.guardrails.io/v2/accounts"

Now you should see a list of all the accounts associated with the api key.

Click here to get a list of all available API endpoints.

← Tools & LicensesEndpoints →
  • Table of Contents
  • Pre-Requisites
  • Exchange API Key for JWT
  • How to use the API
  • Status
  • Help
  • Security
  • Terms
  • Privacy

© 2021 GuardRails