# getApiSecurityItems
Retrieves a list of discovered API endpoints with their security information.
### Examples
{% tabs %}
{% tab title="GraphQL" %}
```graphql
query GetApiSecurityItems($getApiSecurityInput: GetApiSecurityInput) {
getApiSecurityItems(getApiSecurityInput: $getApiSecurityInput) {
apiSecurityItems {
id
scanId
title
description
version
methodDescription
methodOperationId
methodSummary
openapi
servers
epName
methodName
methodResponses {
description
code
}
methodTags
methodParameters {
description
in
name
required
}
appId
appType
appName
fileName
definitions {
source
fileName
link
llmTitle
llmDescription
functions {
function
line
snippet
filepath
link
}
}
framework
language
firstSeen
uuid
issuesBySeverity {
info
low
medium
high
critical
appox
}
codeLocations {
link
callBranch
}
commits {
commitInfo {
authorName
authorEmail
committerName
committerEmail
commitId
message
authorDate
commitDate
}
match
snippet
snippetLineNumber
startLineNumber
fileName
link
}
}
total
totalFiltered
}
}
```
**Variables**
This is an example input showing all available input fields. Only fields marked as required in the schema are mandatory.
```json
{
"getApiSecurityInput": {
"scanId": "c9da693d-8906-4a32-93c9-2ffdb1cebb99",
"offset": 0,
"limit": 100,
"owners": ["example"],
"tagIds": ["example"],
"search": "/api/v2/",
"filters": {
"apps": ["repo-name"],
"appIds": ["1234567890"],
"titles": ["Kubernetes"],
"endpoints": ["/api/v1/some/endpoint"],
"methods": ["GET"],
"framework": ["OpenAPI"],
"languages": ["OpenAPI"],
"issueIds": ["30966426-oxPolicy_securityCloudScan_100-example"],
"apiId": ["ceb76dd8-7c11-448c-9056-17c5b5bfa361"],
"source": ["OpenAPI"],
"severities": ["2"],
"reachability": ["Code"],
"appTags": ["Private repo"]
},
"filterSearch": [
{
"fieldName": "example",
"value": ["example"]
}
],
"openItems": ["digest"],
"orderBy": {
"field": "title",
"direction": "ASC"
}
}
}
```
{% endtab %}
{% tab title="cURL" %}
```shell
curl -X POST \
https://api.cloud.ox.security/api/apollo-gateway \
-H 'Content-Type: application/json' \
-H 'Authorization: YOUR_API_TOKEN' \
-d '{
"query": "query GetApiSecurityItems($getApiSecurityInput: GetApiSecurityInput) { getApiSecurityItems(getApiSecurityInput: $getApiSecurityInput) { apiSecurityItems { id scanId title description version methodDescription methodOperationId methodSummary openapi servers epName methodName methodResponses { description code } methodTags methodParameters { description in name required } appId appType appName fileName definitions { source fileName link llmTitle llmDescription functions { function line snippet filepath link } } framework language firstSeen uuid issuesBySeverity { info low medium high critical appox } codeLocations { link callBranch } commits { commitInfo { authorName authorEmail committerName committerEmail commitId message authorDate commitDate } match snippet snippetLineNumber startLineNumber fileName link } } total totalFiltered } }",
"variables": {
"getApiSecurityInput": {
"scanId": "c9da693d-8906-4a32-93c9-2ffdb1cebb99",
"offset": 0,
"limit": 100,
"owners": ["example"],
"tagIds": ["example"],
"search": "/api/v2/",
"filters": {
"apps": ["repo-name"],
"appIds": ["1234567890"],
"titles": ["Kubernetes"],
"endpoints": ["/api/v1/some/endpoint"],
"methods": ["GET"],
"framework": ["OpenAPI"],
"languages": ["OpenAPI"],
"issueIds": ["30966426-oxPolicy_securityCloudScan_100-example"],
"apiId": ["ceb76dd8-7c11-448c-9056-17c5b5bfa361"],
"source": ["OpenAPI"],
"severities": ["2"],
"reachability": ["Code"],
"appTags": ["Private repo"]
},
"filterSearch": [
{
"fieldName": "example",
"value": ["example"]
}
],
"openItems": ["digest"],
"orderBy": {
"field": "title",
"direction": "ASC"
}
}
}
}'
```
{% endtab %}
{% tab title="Node.js" %}
```javascript
const query = 'query GetApiSecurityItems($getApiSecurityInput: GetApiSecurityInput) { getApiSecurityItems(getApiSecurityInput: $getApiSecurityInput) { apiSecurityItems { id scanId title description version methodDescription methodOperationId methodSummary openapi servers epName methodName methodResponses { description code } methodTags methodParameters { description in name required } appId appType appName fileName definitions { source fileName link llmTitle llmDescription functions { function line snippet filepath link } } framework language firstSeen uuid issuesBySeverity { info low medium high critical appox } codeLocations { link callBranch } commits { commitInfo { authorName authorEmail committerName committerEmail commitId message authorDate commitDate } match snippet snippetLineNumber startLineNumber fileName link } } total totalFiltered } }';
fetch("https://api.cloud.ox.security/api/apollo-gateway", {
method: "POST",
headers: {
"Content-Type": "application/json",
"Authorization": "YOUR_API_TOKEN"
},
body: JSON.stringify({
query: query,
// This is an example input showing all available input fields. Only fields marked as required in the schema are mandatory.
variables: {
getApiSecurityInput: {
scanId: "c9da693d-8906-4a32-93c9-2ffdb1cebb99",
offset: 0,
limit: 100,
owners: ["example"],
tagIds: ["example"],
search: "/api/v2/",
filters: {
apps: ["repo-name"],
appIds: ["1234567890"],
titles: ["Kubernetes"],
endpoints: ["/api/v1/some/endpoint"],
methods: ["GET"],
framework: ["OpenAPI"],
languages: ["OpenAPI"],
issueIds: ["30966426-oxPolicy_securityCloudScan_100-example"],
apiId: ["ceb76dd8-7c11-448c-9056-17c5b5bfa361"],
source: ["OpenAPI"],
severities: ["2"],
reachability: ["Code"],
appTags: ["Private repo"]
},
filterSearch: [
{
fieldName: "example",
value: ["example"]
}
],
openItems: ["digest"],
orderBy: {
field: "title",
direction: "ASC"
}
}
}
})
})
.then(response => response.json())
.then(result => console.log(JSON.stringify(result, null, 2)))
.catch(error => console.error('Error:', error));
```
{% endtab %}
{% tab title="Python" %}
```python
import requests
query = 'query GetApiSecurityItems($getApiSecurityInput: GetApiSecurityInput) { getApiSecurityItems(getApiSecurityInput: $getApiSecurityInput) { apiSecurityItems { id scanId title description version methodDescription methodOperationId methodSummary openapi servers epName methodName methodResponses { description code } methodTags methodParameters { description in name required } appId appType appName fileName definitions { source fileName link llmTitle llmDescription functions { function line snippet filepath link } } framework language firstSeen uuid issuesBySeverity { info low medium high critical appox } codeLocations { link callBranch } commits { commitInfo { authorName authorEmail committerName committerEmail commitId message authorDate commitDate } match snippet snippetLineNumber startLineNumber fileName link } } total totalFiltered } }'
response = requests.post(
"https://api.cloud.ox.security/api/apollo-gateway",
headers={
"Content-Type": "application/json",
"Authorization": "YOUR_API_TOKEN"
},
json={
"query": query,
# This is an example input showing all available input fields. Only fields marked as required in the schema are mandatory.
"variables": {
"getApiSecurityInput": {
"scanId": "c9da693d-8906-4a32-93c9-2ffdb1cebb99",
"offset": 0,
"limit": 100,
"owners": ["example"],
"tagIds": ["example"],
"search": "/api/v2/",
"filters": {
"apps": ["repo-name"],
"appIds": ["1234567890"],
"titles": ["Kubernetes"],
"endpoints": ["/api/v1/some/endpoint"],
"methods": ["GET"],
"framework": ["OpenAPI"],
"languages": ["OpenAPI"],
"issueIds": ["30966426-oxPolicy_securityCloudScan_100-example"],
"apiId": ["ceb76dd8-7c11-448c-9056-17c5b5bfa361"],
"source": ["OpenAPI"],
"severities": ["2"],
"reachability": ["Code"],
"appTags": ["Private repo"]
},
"filterSearch": [
{
"fieldName": "example",
"value": ["example"]
}
],
"openItems": ["digest"],
"orderBy": {
"field": "title",
"direction": "ASC"
}
}
}
}
)
if response.status_code == 200:
result = response.json()
print(result)
else:
print(f"Error: {response.status_code}")
print(response.text)
```
{% endtab %}
{% endtabs %}
### Arguments
You can use the following argument(s) to customize your `getApiSecurityItems` query.
| Argument | Description | Supported fields |
| -------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| getApiSecurityInput [`GetApiSecurityInput`](/api-documentation/api-reference/api--api-security/types/inputs/get-api-security-input.md) | Parameters for filtering and paginating the API security items. | scanId String
offset Int
limit Int
owners \[String]
tagIds \[String]
search String
filters ApiSecFilters
filterSearch \[AutoCompleteSearch]
openItems \[FilterTypes]
orderBy ApiSecurityOrderBy
|
### Fields
Return type: [`ApiSecurityItemsResponse`](/api-documentation/api-reference/api--api-security/types/objects/api-security-items-response.md)
You can use the following field(s) to specify what information your `getApiSecurityItems` query will return. Please note that some fields may have their own subfields.
| Field | Description | Supported fields |
| ----------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| apiSecurityItems [`[ApiSecurityItem]`](/api-documentation/api-reference/api--api-security/types/objects/api-security-item.md) | List of API security items found in the scan | id String
scanId String
title String
description String
version String
methodDescription String
methodOperationId String
methodSummary String
openapi String
servers \[String]
epName String
methodName String
methodResponses \[MethodResponse]
methodTags \[String]
methodParameters \[MethodParameter]
appId String
appType String
appName String
fileName \[String]
definitions \[APIDefinitions]
framework String
language String
firstSeen Date
uuid String
issuesBySeverity Severities
codeLocations \[CodeLocation]
commits \[ApiInventoryCommit]
|
| total `Int` | Total number of API security items available | |
| totalFiltered `Int` | Total number of API security items after applying filters | |
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.ox.security/api-documentation/api-reference/api--api-security/queries/get-api-security-items.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.