Introduction
Welcome to the Devici API! You can use our API to access Devici API endpoints, which can get information on various collections, threat models in our database.
Authentication
To authorize, use this code:
import axios from "axios";
axios.defaults.baseURL = "https://api.devici.com/api/v1/";
const response = await axios.post("/auth", {
clientId: "{{CLIENT_ID}}",
secret: "{{CLIENT_SECRET}}",
});
The above command returns JSON structured like this:
{
"access_token": "eyJraWQiOiIwcG...",
"expires_in": 3600,
"token_type": "Bearer"
}
const { token_type, access_token } = response.data;
axios.defaults.headers.common = {
Authorization: `${token_type} ${access_token}`,
};
The above command set token for the authentication header
Devici uses API keys to allow access to the API. You can register a new Devici API key at our app.
CLIENT_ID = 5afbae67pj...kbg4qg7n1jol2
CLIENT_SECRET = 32qhkqcjnf85ndi7elhn0m...d1nn257vgmc152m4ltc2jf7gj
Get token
POST https://api.devici.com/api/v1/auth
For the following requests, use this header:
Authorization: {{token_type}} {{access_token}}
Users
Get Users
To get All Users use this code:
axios.get("/users/?limit=20&page=0");
{
"items": [
{
"id": "{{user_id}}",
"role": "admin",
"first_name": "First",
"last_name": "Last",
"email": "{{user_email}}",
"status": "confirmed",
"is_enabled": true
},
],
"count": 1
}
This endpoint retrieves Users.
HTTP Request
GET https://api.devici.com/api/v1/users/?limit=20&page=0
Query Parameters
| Parameter | Default | Description |
|---|---|---|
| limit | 20 | Count of items per request |
| page | 1 | Page |
Get a Specific User
To get specific user use this code:
axios.get("/users/:id");
The above command returns JSON structured like this:
{
"id": "{{user_id}}",
"role": "admin",
"first_name": "First",
"last_name": "Last",
"email": "{{user_email}}",
"avatar_uploaded_at": "2025-03-11T09:29:23.072Z",
"avatarUrl": "{{img_url}}"
}
This endpoint retrieves a specific user.
HTTP Request
GET https://api.devici.com/api/v1/users/:id
Search Users
To search users use this code:
axios.get("/users/search/field=email&text=johndoe@mail.com");
The above command returns JSON structured like this:
{
"id": "{{user_id}}",
"created_at": "2025-02-10T14:26:04.248Z",
"updated_at": "2025-03-11T09:29:23.081Z",
"email": "johndoe@mail.com",
"first_name": "John",
"last_name": "Doe",
"is_active": true,
"role": "admin"
}
This endpoint retrieves a users.
HTTP Request
GET https://api.devici.com/api/v1/users/search/field=email&text=johndoe@mail.com
Query Parameters
| Parameter | Description |
|---|---|
| field | must be on of first_name, last_name, email |
| text | must be string |
Bulk invite users
To send invitations to multiple users use this code:
axios.post("/users/bulk-invite", {
payload: [
{
email: "johndoe@mail.com",
firstName: "John",
lastName: "Doe",
role: "user"
}
]
});
The above command returns JSON structured like this:
[
{
"id": "{{user_id}}",
"email": "johndoe@mail.com",
"first_name": "John",
"last_name": "Doe",
"role": "user",
"is_enabled": true,
"status": "invited",
"created_at": "2025-02-10T14:26:04.248Z",
}
]
Use this endpoint to send invitations to multiple users at once
role field can be one of admin | user, default is user
HTTP Request
POST https://api.devici.com/api/v1/users/bulk-invite
Invite specific user
To invite specific user use this code:
axios.post("/users/invite", {
email: "johndoe@mail.com",
firstName: "John",
lastName: "Doe",
role: "user"
});
The above command returns JSON structured like this:
{
"id": "{{user_id}}",
"email": "johndoe@mail.com",
"first_name": "John",
"last_name": "Doe",
"role": "user",
"is_enabled": true,
"status": "invited",
"created_at": "2025-02-10T14:26:04.248Z",
}
Use this endpoint to invite specific user
role field can be one of admin | user, default is user
HTTP Request
POST https://api.devici.com/api/v1/users/invite
Bulk re-invite users
To resend invitations to multiple users use this code:
axios.post("/users/bulk-re-invite", {
emails: ["johndoe@mail.com"]
});
The above command returns JSON structured like this:
[
{
"id": "{{user_id}}",
"email": "johndoe@mail.com",
"first_name": "John",
"last_name": "Doe",
"role": "user",
"is_enabled": true,
"status": "invited",
"created_at": "2025-02-10T14:26:04.248Z",
}
]
Use this endpoint to resend invitations to multiple users who have not yet accepted or whose invitations have expired.
HTTP Request
POST https://api.devici.com/api/v1/users/bulk-re-invite
Re-invite specific user
To re-invite specific user use this code:
axios.post("/users/re-invite", {
email: "johndoe@mail.com",
firstName: "John",
lastName: "Doe",
role: "user"
});
The above command returns JSON structured like this:
{
"id": "{{user_id}}",
"email": "johndoe@mail.com",
"first_name": "John",
"last_name": "Doe",
"role": "user",
"is_enabled": true,
"status": "invited",
"created_at": "2025-02-10T14:26:04.248Z",
}
Use this endpoint to re-invite a user who has not yet accepted the invitation or whose invitation has expired.
HTTP Request
POST https://api.devici.com/api/v1/users/re-invite
Bulk enable users
To enable multiple user accounts use this code:
axios.post("/users/bulk-enable", {
ids: ["{{user_id}}", "{{user_id}}"]
});
Use this endpoint to enable multiple user accounts at once.
HTTP Request
POST https://api.devici.com/api/v1/users/bulk-enable
Enable specific user
To enable specific user account use this code:
axios.post("/users/enable/{{user_id}}");
Use this endpoint to enable specific user account.
HTTP Request
POST https://api.devici.com/api/v1/users/enable/{{userId}}
Bulk disable users
To disable multiple user accounts use this code:
axios.post("/users/bulk-disable", {
ids: ["{{user_id}}", "{{user_id}}"]
});
Use this endpoint to disable multiple user accounts at once.
HTTP Request
POST https://api.devici.com/api/v1/users/bulk-disable
Disable specific users
To disable specific user account use this code:
axios.post("/users/disable/{{user_id}}");
Use this endpoint to disable specific user account.
HTTP Request
POST https://api.devici.com/api/v1/users/disable/{{user_id}}
Bulk change role for users
To update the roles of multiple users use this code:
axios.post("/users/bulk-change-role", {
payload: [
{
id: "{{user_id}}",
role: "admin"
}
]
});
The above command returns JSON structured like this:
[
{
"id": "{{user_id}}",
"email": "johndoe@mail.com",
"first_name": "John",
"last_name": "Doe",
"role": "user",
}
]
Use this endpoint to update the roles of multiple users in one request.
role field can be one of admin | user, default is user
HTTP Request
POST https://api.devici.com/api/v1/users/bulk-change-role
Change role for specific user
To update the role for specific user use this code:
axios.post("/users/change-role", {
id: "{{user_id}}",
role: "admin"
});
The above command returns JSON structured like this:
{
"id": "{{user_id}}",
"email": "johndoe@mail.com",
"first_name": "John",
"last_name": "Doe",
"role": "user",
}
Use this endpoint to update the role for specific user.
role field can be one of admin | user, default is user
HTTP Request
POST https://api.devici.com/api/v1/users/change-role
Import users
To import users use this code:
axios.post("/users/bulk-import", {
payload: [
{
firstName: "John",
lastName: "Doe",
email: "johndoe@mail.com",
role: "user"
}
]
});
The above command returns JSON structured like this:
[
{
"id": "{{user_id}}",
"email": "johndoe@mail.com",
}
]
Use this endpoint to import users by providing their details in bulk.
role field can be one of admin | user, default is user
HTTP Request
POST https://api.devici.com/api/v1/users/bulk-import
Delete Specific User
To delete specific user use this code:
axios.delete("/users/:id/:recipientId");
This endpoint deletes a specific user.
HTTP Request
DELETE https://api.devici.com/api/v1/users/:id/:recipientId
Params
| Parameter | Description |
|---|---|
| :id | ID of the user to be deleted |
| :recipientId | ID of the user will inherit the collections of the user being deleted |
Collections
Get All Collections
To get all collections use this code:
axios.get("/collections");
The above command returns JSON structured like this:
{
"items": [
{
"id": "{{collection_id}}",
"created_at": "2024-03-28T11:12:06.960Z",
"updated_at": "2024-03-28T11:12:06.960Z",
"title": "Default collection",
"description": null,
"color": null,
"created_by": {
"id": "{{owner_id}}"
}
},
{
"id": "{{collection_id}}",
"created_at": "2024-05-05T20:17:34.201Z",
"updated_at": "2024-05-05T20:17:34.201Z",
"title": "Test collection",
"description": null,
"color": null,
"created_by": {
"id": "{{owner_id}}"
}
}
],
"count": 2
}
This endpoint retrieves all collections.
HTTP Request
GET https://api.devici.com/api/v1/collections
Query Parameters
| Parameter | Default | Description |
|---|---|---|
| limit | 20 | Count of items per request |
| page | 1 | Page |
| sort | created_at | Order by created at |
| order | ASC | Sort by ASC |
Get a Specific Collection
To get specific collection use this code:
axios.get("/collections/:id");
The above command returns JSON structured like this:
{
"id": "{{collection_id}}",
"created_at": "2024-03-28T11:12:06.960Z",
"updated_at": "2024-03-28T11:12:06.960Z",
"title": "Default collection",
"description": null,
"color": null,
"created_by": {
"id": "{{owner_id}}"
}
}
This endpoint retrieves a specific collection.
HTTP Request
GET https://api.devici.com/api/v1/collections/:id
Create Collection
To create collection use this code:
axios.post("/collections", {
title: "New Collection from Public API",
description: "This Collection created form public api",
threatModelsData: [
{
title: "Threat model",
description: "this is the Threat model desctiption",
canvasData: [
{
nodes: [],
edges: [],
title: "Canvas title",
},
],
},
],
});
This endpoint create a specific collection.
HTTP Request
POST https://api.devici.com/api/v1/collections
Update a Specific Collection
To update specific collection use this code:
axios.patch("/collections/:id", {
title: "New Title",
description: "New description",
color: "#ffffff",
});
This endpoint update a specific collection.
HTTP Request
PATCH https://api.devici.com/api/v1/collections/:id
Get Users with granted access to a specific Collection
To get users who have access to a specific collection use this code:
axios.get("/collections/users-access/{{collection_id}}");
The above command returns JSON structured like this:
[
{
"id": "{{user_id}}",
"email": "johndoe@mail.com",
"first_name": "John",
"last_name": "Doe"
"permission": "read"
},
...
]
Use this endpoint to retrieve all users who have been granted access to a specific collection.
HTTP Request
GET https://api.devici.com/api/v1/collections/users-access/{{collection_id}}
Bulk Grant Users Access
To bulk grant access to multiple users for one or more collections, use this code:
axios.post("/collections/users-access/bulk-grant", {
payload: [
{
collectionId: "{{collection_id}}",
usersPermissions: [
{
userId: "{{user_id}}",
permission: "read"
},
{
userId: "{{user_id}}",
permission: "write"
}
]
}
]
});
Use this endpoint to grant access to multiple users for one or more collections in bulk
permission field must be one of read | write | manage
HTTP Request
POST https://api.devici.com/api/v1/collections/users-access/bulk-grant
Grant User Access
To grant access to a specific collection to one or more users, use this code:
axios.post("/collections/users-access/grant", {
collectionId: "{{collection_id}}",
usersPermissions: [
{
userId: "{{user_id}}",
permission: "read"
},
{
userId: "{{user_id}}",
permission: "write"
}
]
});
Use this endpoint to grant access to specific collection
permission field must be one of read | write | manage
HTTP Request
POST https://api.devici.com/api/v1/collections/users-access/grant
Bulk Revoke Users Access
To bulk revoke access for multiple users from one or more collections, use this code:
axios.post("/collections/users-access/bulk-revoke", {
payload: [
{
collectionId: "{{collection_id}}",
usersIds: ["user_id", "user_id"]
}
]
});
Use this endpoint to revoke access for multiple users from one or more collections in bulk.
HTTP Request
POST https://api.devici.com/api/v1/collections/users-access/bulk-revoke
Revoke User Access
To revoke access to a specific collection from one or more users, use this code:
axios.post("/collections/users-access/revoke", {
collectionId: "{{collection_id}}",
usersIds: ["user_id", "user_id"]
});
Use this endpoint to revoke access to a specific collection
HTTP Request
POST https://api.devici.com/api/v1/collections/users-access/revoke
Get Teams with granted access to a specific Collection
To get teams that have been granted access to a specific collection use this code:
axios.get("/collections/teams-access/{{collection_id}}");
The above command returns JSON structured like this:
[
{
"id": "{{team_id}}",
"title": "Alpha",
"users": [
{
"id": "{{user_id}}",
"email": "johndoe@mail.com",
"first_name": "John",
"last_name": "Doe"
}
],
"permission": "read"
},
...
]
Use this endpoint to retrieve all teams that have been granted access to a specific collection.
HTTP Request
GET https://api.devici.com/api/v1/collections/teams-access/{{collection_id}}
Bulk Grant Teams Access
To grant access to multiple teams for one or more collections, use this code:
axios.post("/collections/teams-access/bulk-grant", {
payload: [
{
collectionId: "{{collection_id}}",
teamsPermissions: [
{
teamId: "{{team_id}}",
permission: "read"
},
{
teamId: "{{team_id}}",
permission: "write"
}
]
}
]
});
Use this endpoint to grant access to multiple teams for one or more collections in bulk.
permission field must be one of read | write | manage
HTTP Request
POST https://api.devici.com/api/v1/collections/teams-access/bulk-grant
Grant Team Access
To grant access to multiple teams for specific collection, use this code:
axios.post("/collections/teams-access/grant", {
collectionId: "{{collection_id}}",
teamsPermissions: [
{
teamId: "{{team_id}}",
permission: "read"
},
{
teamId: "{{team_id}}",
permission: "write"
}
]
});
Use this endpoint to grant access to multiple teams for specific collection.
permission field must be one of read | write | manage
HTTP Request
POST https://api.devici.com/api/v1/collections/teams-access/grant
Bulk Revoke Teams Access
To revoke access for multiple teams from one or more collections, use this code:
axios.post("/collections/teams-access/bulk-revoke", {
payload: [
{
collectionId: "{{collection_id}}",
teamsIds: ["team_id", "team_id"]
}
]
});
Use this endpoint to revoke access for multiple teams from one or more collections in bulk.
HTTP Request
POST https://api.devici.com/api/v1/collections/teams-access/bulk-revoke
Revoke Teams Access
To revoke access for multiple teams from specific collection, use this code:
axios.post("/collections/teams-access/revoke", {
collectionId: "{{collection_id}}",
teamsIds: ["team_id", "team_id"]
});
Use this endpoint to revoke access for multiple teams from specific collection.
HTTP Request
POST https://api.devici.com/api/v1/collections/teams-access/revoke
Delete a Specific Collection
To delete specific collection use this code:
axios.delete("/collections/:id");
This endpoint deletes a specific collection.
HTTP Request
DELETE https://api.devici.com/api/v1/collections/:id
Threat Models
Get All Threat Models
To get all Threat Models use this code:
axios.get("/threat-models");
The above command returns JSON structured like this:
{
"items": [
{
"id": "{{threat_model_id}}",
"created_at": "2024-05-08T16:27:08.765Z",
"updated_at": "2024-05-10T07:51:01.753Z",
"title": "Last created tm",
"description": "hello",
"status": "Threats & Mitigations",
"priority": "medium",
"due_to_date": null,
"retro_completed_at": null,
"time_invested": null,
"quality_of_model": null,
"when_to_revisit": null,
"owner": {
"id": "{{owner_id}}",
"email": "owner.i@mail.com",
"first_name": "Temirlan",
"last_name": "sdf"
},
"collection": {
"id": "{{collection_id}}",
"title": "Hello22"
}
},
{
"id": "{{threat_model_id}}",
"created_at": "2024-05-06T09:33:03.817Z",
"updated_at": "2024-05-06T09:33:03.817Z",
"title": "hello one",
"description": "test",
"status": "Representation",
"priority": "medium",
"due_to_date": null,
"retro_completed_at": null,
"time_invested": null,
"quality_of_model": null,
"when_to_revisit": null,
"owner": {
"id": "{{owner_id}}",
"email": "owner.i@mail.com",
"first_name": "Temirlan",
"last_name": "sdf"
},
"collection": {
"id": "{{collection_id}}",
"title": "New Title 222"
}
}
],
"count": 2
}
This endpoint retrieves all threat models.
HTTP Request
GET https://api.devici.com/api/v1/threat-models
Query Parameters
| Parameter | Default | Description |
|---|---|---|
| limit | 20 | Count of items per request |
| page | 1 | Page |
| sort | created_at | Order by created at |
| order | ASC | Sort by ASC |
Get All Threat Models by Collection
To get all Threat Models by Collection id use this code:
axios.get("/threat-models/collection/:collectionId");
The above command returns JSON structured like this:
{
"items": [
{
"id": "{{threat_model_id}}",
"created_at": "2024-05-08T16:27:08.765Z",
"updated_at": "2024-05-10T07:51:01.753Z",
"title": "Draft Threat Model",
"description": "hello",
"status": "Threats & Mitigations",
"priority": "medium",
"due_to_date": null,
"retro_completed_at": null,
"time_invested": null,
"quality_of_model": null,
"when_to_revisit": null,
"owner": {
"id": "{{owner_id}}",
"email": "owner.i@mail.com",
"first_name": "Temirlan",
"last_name": "sdf"
},
"canvases": [
{ "id": "{{canvas_id}}" },
{ "id": "{{canvas_id}}" }
],
"collection": {
"id": "{{collection_id}}",
"title": "Collection title",
"description": null,
"color": null,
"type": "default"
}
},
{
"id": "{{threat_model_id}}",
"created_at": "2024-05-06T09:33:03.817Z",
"updated_at": "2024-05-06T09:33:03.817Z",
"title": "Draft Threat Model 2",
"description": "description",
"status": "Representation",
"priority": "medium",
"due_to_date": null,
"retro_completed_at": null,
"time_invested": null,
"quality_of_model": null,
"when_to_revisit": null,
"owner": {
"id": "{{owner_id}}",
"email": "owner.i@mail.com",
"first_name": "Temirlan",
"last_name": "sdf"
},
"canvases": [
{ "id": "{{canvas_id}}" },
{ "id": "{{canvas_id}}" }
],
"collection": {
"id": "{{collection_id}}",
"title": "Collection title",
"description": null,
"color": null,
"type": "default"
}
}
],
"count": 2
}
This endpoint retrieves all threat models that belong to provided collection.
HTTP Request
GET https://api.devici.com/api/v1/threat-models/collection/:collectionId
Query Parameters
| Parameter | Default | Description |
|---|---|---|
| limit | 20 | Count of items per request |
| page | 1 | Page |
| sort | created_at | Order by created at |
| order | ASC | Sort by ASC |
Get a Specific Threat Model
To get specific threat model use this code:
axios.get("/threat-models/:id");
The above command returns JSON structured like this:
{
"id": "{{threat_model_id}}",
"title": "hello one",
"description": "test",
"status": "Representation",
"priority": "medium",
"due_to_date": null,
"retro_completed_at": null,
"time_invested": null,
"quality_of_model": null,
"when_to_revisit": null,
"owner": {
"id": "{{owner_id}}"
},
"canvases": []
}
This endpoint retrieves a specific threat models.
HTTP Request
GET https://api.devici.com/api/v1/threat-models/:id
Create Threat Model
To create threat model use this code:
axios.post("/threat-models", {
title: "New Threat Model",
description: "This Threat model created form public api",
collectionId: "{{collection-id}}",
canvasData: [{ title: "New Canvas", nodes: [], edges: [] }],
});
This endpoint create a specific threat model.
HTTP Request
POST https://api.devici.com/api/v1/threat-models
Create Many Threat Models
To create many threat models use this code:
axios.post("/threat-models/many", {
collectionId: "{{collection-id}}",
threatModelsData: [
{
title: "New First Threat Model",
description: "This Threat model created form public api",
canvasData: [{ title: "New Canvas", nodes: [], edges: [] }],
},
{
title: "New Second Threat Model",
description: "This Threat model created form public api",
canvasData: [{ title: "New Canvas", nodes: [], edges: [] }],
},
],
});
This endpoint create a many threat models.
HTTP Request
POST https://api.devici.com/api/v1/threat-models/many
Update a Specific Threat Model
To update specific threat model use this code:
axios.patch("/threat-models/:id", {
title: "New Title",
description: "New description",
status: "new status",
priority: "new priority",
due_to_date: "due_to_date",
time_invested: 1,
quality_of_model: 1,
when_to_revisit: 1,
});
This endpoint update a specific threat model.
HTTP Request
PATCH https://api.devici.com/api/v1/threat-models/:id
Delete a Specific Threat Model
To delete specific threat model use this code:
axios.delete("/threat-models/:id");
This endpoint deletes a specific threat model.
HTTP Request
DELETE https://api.devici.com/api/v1/threat-models/:id
Export a PDF Report
To export a specific threat model PDF report, use this code:
axios.get("/threat-models/report/:id/canvas/:canvasId");
This endpoint exports a specific threat model PDF report.
HTTP Request
GET https://api.devici.com/api/v1/threat-models/report/:threatModelId/canvas/:canvasId
Export an Image
To export a specific canvas as an image, use this code:
axios.get("/threat-models/image/:canvasId");
This endpoint exports a specific canvas as an image.
HTTP Request
GET https://api.devici.com/api/v1/threat-models/image/:canvasId
Export a Neo4j
To export a specific canvas in Neo4j JSON format, use this code:
axios.get("/threat-models/neo4j/:canvasId");
The result will be json with the following data:
{
"nodes": [
{
"id": "{{component_id}}",
"labels": [
"Process"
],
"properties": {
"color": "#00BFFF",
"size": 3,
"type": "processNode"
}
},
{
"id": "{{component_id}}",
"labels": [
"Process"
],
"properties": {
"color": "#00BFFF",
"size": 3,
"type": "processNode"
}
}
],
"relationships": [
{
"id": "{{component_id}}",
"type": "Dataflow",
"start": "{{component_id}}",
"end": "{{component_id}}",
"properties": {
"color": "#6F767E"
}
}
]
}
This endpoint exports a specific canvas in Neo4j JSON format.
HTTP Request
GET https://api.devici.com/api/v1/threat-models/neo4j/:canvasId
Export an OTM
To export a specific threat model in OTM format.
To export a specific threat model in OTM format, use this code:
axios.get("/threat-models/otm/:id");
In response, a JSON file with the following fields will be received:
{
"parentProjectId": "{{parent_collection_id}}",
"otmVersion": "0.2.0",
"project": {
"name": "Draft threat model",
"id": "{{project_id}}",
"description": null,
"owner": "Tom End",
"ownerContact": "tom.e@gmail.com",
"tags": [],
"attributes": null
},
"representations": [
{
"name": "Canvas 1",
"id": "{{canvas_id}}",
"type": "diagram",
"size": null,
"attributes": null
}
],
"assets": [],
"components": [
{
"representationId": "{{canvas_id}}",
"name": "Process",
"id": "{{component_id}}",
"description": "",
"metaData": {
"user": {
"id": "{{user_id}}",
"role": "admin",
"email": "tom.e@gmail.com",
"tierData": {
"tier": "business",
"seats": {
"limit": 5,
"available": 3,
"isSeatsLimitExceeded": false
},
"codeGenius": {
"limit": 100,
"available": 100
},
"isBetaUser": false,
"billingPeriod": "year"
},
"last_name": "Tom",
"first_name": "End",
"productFruitsHash": "{{product_fruits_hash}}",
"isOnboardingCompleted": true
},
"label": "Process",
"selectedBy": [],
"representation": "{{component_id}}"
},
"parent": {
"trustZone": "{{component_id}}"
},
"type": "processNode",
"tags": [],
"representations": [
{
"representation": "{{canvas_id}}",
"id": "{{component_id}}",
"position": {
"x": -72.6225961538461,
"y": 665.6923076923076
},
"size": {
"width": -1,
"height": -1
},
"positionAbsolute": {
"x": -72.6225961538461,
"y": 661.8461538461538
}
}
],
"assets": null,
"threats": [],
"attributes": {}
}
],
"dataflows": [
{
"name": "Dataflow",
"id": "{{dataflow_id}}",
"bidirectional": false,
"source": "{{component_id}}",
"destination": "{{component_id}}",
"metaData": {
"color": "#6F767E",
"label": "Dataflow",
"points": [],
"fontSize": 12,
"algorithm": "linear",
"fontColor": "#ffffff",
"textStyle": {
"isBold": false
},
"markerType": "end",
"selectedBy": [],
"representation": "{{component_id}}"
},
"tags": null,
"assets": null,
"representations": null,
"threats": [],
"attributes": {},
"sourceHandle": "sourceRight",
"targetHandle": "sourceLeft",
"type": "default",
"markerEnd": {
"type": "arrowclosed",
"color": "#6F767E"
}
}
],
"trustZones": [],
"threats": [],
"mitigations": []
}
HTTP Request
GET https://api.devici.com/api/v1/threat-models/otm/:id
Import an OTM
To import OTM for creating the threat model, use this code:
axios.post("/threat-models/otm/:collectionId");
The following result will be received:
{
"id": "{{threat_model_id}}"
}
This endpoint imports an OTM file for creating a threat model in a specific collection.
HTTP Request
POST https://api.devici.com/api/v1/threat-models/otm/:collectionId
Canvases
Get All Canvases
To get all Canvases use this code:
axios.get("/canvases/threat-model/:threatModelId");
{
"items": [
{
"id": "{{canvas_id}}",
"created_at": "2024-05-08T16:27:08.765Z",
"updated_at": "2024-05-08T16:27:08.765Z",
"title": "Canvas title",
"format": "diagram",
"data": {
"edges": [],
"nodes": []
},
"threat_model": {
"id": "{{threat_model_id}}"
}
}
],
"count": 1
}
This endpoint retrieves all canvases for provided threat model.
HTTP Request
GET https://api.devici.com/api/v1/canvases/threat-model/:threatModelId
Query Parameters
| Parameter | Default | Description |
|---|---|---|
| limit | 20 | Count of items per request |
| page | 1 | Page |
| sort | created_at | Order by created at |
| order | ASC | Sort by ASC |
Get a Specific Canvas
To get specific canvas use this code:
axios.get("/canvases/:id");
The above command returns JSON structured like this:
{
"id": "{{canvas_id}}",
"created_at": "2024-05-08T16:27:08.765Z",
"updated_at": "2024-05-08T16:27:08.765Z",
"title": "Canvas",
"format": "diagram",
"data": {
"edges": [],
"nodes": []
},
"threat_model": {
"id": "{{threat_model_id}}"
}
}
This endpoint retrieves a specific canvas.
HTTP Request
GET https://api.devici.com/api/v1/canvases/:id
Create Canvas
To create canvases use this code:
axios.post("/canvases", {
title: "New Canvas",
threatModelId: "{{threat_model_id}}"
format: "diagram",
data: {
nodes: [],
edges: [],
},
});
This endpoint create a specific canvas.
HTTP Request
POST https://api.devici.com/api/v1/canvases
Update a Specific Canvas
To update specific canvas use this code:
axios.patch("/canvases/:id", {
title: "New title",
threatModelId: "{{threat_model_id}}",
format: "diagram",
data: {
nodes: [],
edges: [],
},
});
This endpoint update a specific canvas.
HTTP Request
PATCH https://api.devici.com/api/v1/canvases/:id
Delete a Specific Canvas
To delete specific canvas use this code:
axios.delete("/canvases/:id");
This endpoint deletes a specific canvas.
HTTP Request
DELETE https://api.devici.com/api/v1/canvases/:id
Components
Get All Components
To get all Components use this code:
axios.get("/components");
The above command returns JSON structured like this:
{
"items": [
{
"id": "{{component_id}}",
"created_at": "2024-05-17T16:54:05.143Z",
"updated_at": "2024-05-17T16:54:05.143Z",
"title": "Dataflow",
"description": "",
"canvas": {
"id": "{{canvas_id}}"
}
},
{
"id": "{{component_id}}",
"created_at": "2024-05-17T16:54:11.682Z",
"updated_at": "2024-05-17T16:54:11.682Z",
"title": "Process",
"description": "",
"canvas": {
"id": "{{canvas_id}}"
}
}
],
"count": 2
}
This endpoint retrieves all threat models.
HTTP Request
GET https://api.devici.com/api/v1/components
Query Parameters
| Parameter | Default | Description |
|---|---|---|
| limit | 20 | Count of items per request |
| page | 1 | Page |
| sort | created_at | Order by created at |
| order | ASC | Sort by ASC |
Get a Specific Component
To get specific component use this code:
axios.get("/components/:id");
The above command returns JSON structured like this:
{
"id": "{{component_id}}",
"created_at": "2024-05-17T16:54:11.682Z",
"updated_at": "2024-05-17T16:54:11.682Z",
"title": "Process",
"description": "",
"canvas": {
"id": "{{canvas_id}}"
},
"attributes": [],
"threats": []
}
This endpoint retrieves a specific component.
HTTP Request
GET https://api.devici.com/api/v1/components/:id
Get All Components for specific Canvas
To get all Components for specific canvas use this code:
axios.get("/components/for-canvas/:canvasId");
The above command returns JSON structured like this:
[
{
"id": "{{component_id}}",
"created_at": "2024-05-17T09:59:56.914Z",
"updated_at": "2024-05-17T09:59:56.914Z",
"title": "Datastore",
"description": "",
"attributes": [],
"threats": []
},
{
"id": "{{component_id}}",
"created_at": "2024-05-17T09:59:56.914Z",
"updated_at": "2024-05-17T09:59:56.914Z",
"title": "Dataflow",
"description": "",
"attributes": [],
"threats": []
}
]
This endpoint retrieves all components for specific canvas.
HTTP Request
GET https://api.devici.com/api/v1/components/for-canvas/:canvasId
Create Component
To create component use this code:
axios.post("/components", {
canvasId: "{{canvas_id}}",
title: "new-component",
description: "description",
});
This endpoint create a specific component.
HTTP Request
POST https://api.devici.com/api/v1/components
Update a Specific Compnent
To update specific component use this code:
axios.patch("/components/:id", {
title: "New Title",
description: "New description",
});
This endpoint update a specific component.
HTTP Request
PATCH https://api.devici.com/api/v1/components/:id
Delete a Specific Component
To delete specific component use this code:
axios.delete("/components/:id");
This endpoint deletes a specific component.
HTTP Request
DELETE https://api.devici.com/api/v1/components/:id
Threats
Get All Threats
To get all Threats use this code:
axios.get("/threats");
The above command returns JSON structured like this:
{
"items": [
{
"id": "{{threat_id}}",
"created_at": "2024-05-22T16:25:46.212Z",
"updated_at": "2024-05-22T16:25:46.212Z",
"ref_id": "0dda2bb4-c754-471b-93a1-fe74067e1ff0",
"title": "Information Disclosure",
"description": "Information disclosure is the unintentional exposure or release of confidential or sensitive data to unauthorized individuals or entities.",
"source": null,
"priority": "medium",
"status": "open",
"is_custom": false,
"component": {
"id": "{{component_id}}"
}
},
{
"id": "{{threat_id}}",
"created_at": "2024-05-22T16:27:34.547Z",
"updated_at": "2024-05-22T16:27:34.547Z",
"ref_id": "cfdb3781-1574-4a5d-90a5-a895c666a9c7",
"title": "Denial of Service",
"description": "Denial of service (DoS) is an attack that disrupts the normal functioning of a system or network by overwhelming it with excessive traffic or requests.",
"source": null,
"priority": "medium",
"status": "open",
"is_custom": false,
"component": {
"id": "{{component_id}}"
}
}
],
"count": 2
}
This endpoint retrieves all threats.
HTTP Request
GET https://api.devici.com/api/v1/threats
Query Parameters
| Parameter | Default | Description |
|---|---|---|
| limit | 20 | Count of items per request |
| page | 1 | Page |
| sort | created_at | Order by created at |
| order | ASC | Sort by ASC |
Get a Specific Threat
To get specific threat use this code:
axios.get("/threats/:id");
The above command returns JSON structured like this:
{
"id": "{{threat_id}}",
"created_at": "2024-05-22T16:25:46.212Z",
"updated_at": "2024-05-22T16:25:46.212Z",
"ref_id": "0dda2bb4-c754-471b-93a1-fe74067e1ff0",
"title": "Information Disclosure",
"description": "Information disclosure is the unintentional exposure or release of confidential or sensitive data to unauthorized individuals or entities.",
"source": null,
"priority": "medium",
"status": "open",
"is_custom": false,
"component": {
"id": "{{component_id}}"
}
}
This endpoint retrieves a specific threat.
HTTP Request
GET https://api.devici.com/api/v1/threats/:id
Get All Threats for specific Component
To get all Threats for specific Component use this code:
axios.get("/threats/for-component/:componentId");
The above command returns JSON structured like this:
[
{
"id": "{{threat_id}}",
"title": " threat threat ksdfj",
"status": "open",
"is_custom": true,
"neutralized_by": []
},
{
"id": "{{threat_id}}",
"title": "very new threat",
"status": "open",
"is_custom": true,
"neutralized_by": []
}
]
This endpoint retrieves all threats for specific component.
HTTP Request
GET https://api.devici.com/api/v1/threats/for-component/:componentId
Create Threat
To create threat use this code:
axios.post("/threats", {
title: "New Threat",
componentId: "{{component_id}}",
priority: "low",
description: "description",
});
This endpoint create a specific threat.
HTTP Request
POST https://api.devici.com/api/v1/threats
Update a Specific Threat
To update specific threat use this code:
axios.patch("/threats/:id", {
title: "New Title",
description: "New description",
priority: "low",
status: "open",
});
This endpoint update a specific threat.
HTTP Request
PATCH https://api.devici.com/api/v1/threats/:id
Delete a Specific Threat
To delete specific threat use this code:
axios.delete("/threats/:id");
This endpoint deletes a specific threat.
HTTP Request
DELETE https://api.devici.com/api/v1/threats/:id
Mitigations
Get All Mitigations
To get all Mitigations use this code:
axios.get("/mitigations");
The above command returns JSON structured like this:
{
"items": [
{
"id": "{{mitigation_id}}",
"title": "Distributed Architecture",
"definition": "A distributed architecture provides horizontal scaling, by deploying multiple instances of the application and infrastructure in the same physical location.",
"consideration": null,
"explanation": null,
"example": null,
"question": "Did you architect your solution so that it is more than a single instance of the application?",
"is_custom": false,
"status": null,
"threat": {
"id": "{{threat_id}}"
}
},
{
"id": "{{mitigation_id}}",
"title": "Add encryption",
"definition": "Encryption is the cryptographic transformation of data (called “plaintext”) into a form (called “ciphertext”) that conceals the data’s original meaning to prevent it from being known or used. Ensure that you have encryption for all data flows that are outside the trust boundary and cross the trust boundary. It is a solid practice to encrypt everything, both internal and external.",
"consideration": null,
"explanation": null,
"example": null,
"question": "Are you using encryption for data in transit and at rest?",
"is_custom": false,
"status": null,
"threat": {
"id": "{{threat_id}}"
}
}
],
"count": 2
}
This endpoint retrieves all mitigations.
HTTP Request
GET https://api.devici.com/api/v1/mitigations
Query Parameters
| Parameter | Default | Description |
|---|---|---|
| limit | 20 | Count of items per request |
| page | 1 | Page |
| sort | created_at | Order by created at |
| order | ASC | Sort by ASC |
Get a Specific Mitigation
To get specific mitigation use this code:
axios.get("/mitigations/:id");
The above command returns JSON structured like this:
{
"id": "{{mitigation_id}}",
"title": "Distributed Architecture",
"definition": "A distributed architecture provides horizontal scaling, by deploying multiple instances of the application and infrastructure in the same physical location.",
"consideration": null,
"explanation": null,
"example": null,
"question": "Did you architect your solution so that it is more than a single instance of the application?",
"is_custom": false,
"status": null,
"threat": {
"id": "34030aaa-bcfe-4437-87c4-22f3c49d3a87"
}
}
This endpoint retrieves a specific mitigation.
HTTP Request
GET https://api.devici.com/api/v1/mitigations/:id
Get All Mitigations for specific Threat
To get all Mitigations for specific Threat use this code:
axios.get("/mitigations/for-threat/:threatId");
The above command returns JSON structured like this:
[
{
"id": "{{mitigation_id}}",
"title": "Distributed Architecture",
"definition": "A distributed architecture provides horizontal scaling, by deploying multiple instances of the application and infrastructure in the same physical location.",
"consideration": null,
"explanation": null,
"example": null,
"question": "Did you architect your solution so that it is more than a single instance of the application?",
"is_custom": false,
"status": null,
"threat": {
"id": "{{threat_id}}"
}
}
]
This endpoint retrieves all mitigations for specific threat.
HTTP Request
GET https://api.devici.com/api/v1/mitigations/for-threat/:threatId
Create Mitigation
To create mitigaiton use this code:
axios.post("/mitigations", {
threatId: "{{threat_id}}",
title: "New Mitigation",
definition: "definition",
consideration: "consideration",
explanation: "explanation",
example: "example",
});
This endpoint create a specific mitigation.
HTTP Request
POST https://api.devici.com/api/v1/mitigations
Update a Specific Mitigation
To update specific mitigation use this code:
axios.patch("/mitigations/:id", {
title: "New Mitigation",
definition: "definition",
consideration: "consideration",
explanation: "explanation",
example: "example",
status: "done",
});
This endpoint update a specific mitigation.
status field can accept:
done - Complete
will - Queued for Action
never - Not Applicable
null - Unclassified
HTTP Request
PATCH https://api.devici.com/api/v1/mitigations/:id
Delete a Specific Mitigation
To delete specific mitigation use this code:
axios.delete("/mitigations/:id");
This endpoint deletes a specific mitigation.
HTTP Request
DELETE https://api.devici.com/api/v1/mitigations/:id
Comments
Get All Comments
To get all Comments use this code:
axios.get("/comments");
The above command returns JSON structured like this:
{
"items": [
{
"id": "{{comment_id}}",
"text": "This is first comment",
"created_at": "2024-05-17T16:54:05.143Z",
"updated_at": "2024-05-17T16:54:05.143Z",
"is_edited": false,
"threat": {
"id": "{{threat_id}}"
},
"user": {
"id": "{{owner_id}}",
"avatar_uploaded_at": "2024-05-17T16:54:05.143Z"
}
},
{
"id": "{{comment_id}}",
"text": "This is second comment",
"created_at": "2024-05-17T16:54:05.143Z",
"updated_at": "2024-05-17T16:54:05.143Z",
"is_edited": false,
"threat": {
"id": "{{threat_id}}"
},
"user": {
"id": "{{owner_id}}",
"avatar_uploaded_at": "2024-05-17T16:54:05.143Z"
}
}
],
"count": 2
}
This endpoint retrieves all comments.
HTTP Request
GET https://api.devici.com/api/v1/comments
Query Parameters
| Parameter | Default | Description |
|---|---|---|
| limit | 20 | Count of items per request |
| page | 1 | Page |
| sort | created_at | Order by created at |
| order | ASC | Sort by ASC |
Get a Specific Comment
To get specific comment use this code:
axios.get("/comments/:id");
The above command returns JSON structured like this:
{
"id": "{{comment_id}}",
"text": "This is second comment",
"created_at": "2024-05-17T16:54:05.143Z",
"updated_at": "2024-05-17T16:54:05.143Z",
"is_edited": false,
"threat": {
"id": "{{threat_id}}"
},
"user": {
"id": "{{owner_id}}",
"avatar_uploaded_at": "2024-05-17T16:54:05.143Z"
}
}
This endpoint retrieves a specific comment.
HTTP Request
GET https://api.devici.com/api/v1/comments/:id
Get All Comments for specific Threat
To get all Comments for specific Threat use this code:
axios.get("/comments/for-threat/:threatId");
The above command returns JSON structured like this:
[
{
"id": "{{comment_id}}",
"text": "This is first comment",
"created_at": "2024-05-17T16:54:05.143Z",
"updated_at": "2024-05-17T16:54:05.143Z",
"is_edited": false,
"user": {
"id": "{{owner_id}}",
"avatar_uploaded_at": "2024-05-17T16:54:05.143Z"
}
},
{
"id": "{{comment_id}}",
"text": "This is second comment",
"created_at": "2024-05-17T16:54:05.143Z",
"updated_at": "2024-05-17T16:54:05.143Z",
"is_edited": false,
"user": {
"id": "{{owner_id}}",
"avatar_uploaded_at": "2024-05-17T16:54:05.143Z"
}
}
]
This endpoint retrieves all comments for specific threat.
HTTP Request
GET https://api.devici.com/api/v1/comments/for-threat/:threatId
Create Comment
To create comment use this code:
axios.post("/comments", {
threatId: "{{threat_id}}",
text: "Comment text",
});
This endpoint create a specific comment.
HTTP Request
POST https://api.devici.com/api/v1/comments
Create Many Comments
To create many comments use this code:
axios.post("/comments/many", [
{
threatId: "{{threat_id}}",
userId: "{{user_id}}",
text: "Comment text"
},
{
threatId: "{{threat_id}}",
userId: "{{user_id}}",
text: "Comment text"
},
{
threatId: "{{threat_id}}",
userId: "{{user_id}}",
text: "Comment text"
}
]);
This endpoint create a many comments.
HTTP Request
POST https://api.devici.com/api/v1/comments/many
Update a Specific Comment
To update specific comment use this code:
axios.patch("/comments/:id", {
text: "Updated text",
});
This endpoint update a specific comment.
HTTP Request
PATCH https://api.devici.com/api/v1/comments/:id
Delete a Specific Comment
To delete specific comment use this code:
axios.delete("/comments/:id");
This endpoint deletes a specific comment.
HTTP Request
DELETE https://api.devici.com/api/v1/comments/:id
Codex Attributes
Get All Attributes
To get all attributes, use this code:
axios.get("/codex/attributes");
HTTP Request
GET https://api.devici.com/api/v1/codex/attributes
The above command returns JSON structured like this:
{
"items": [
{
"id": "{{attribute_id}}",
"created_at": "2024-08-08T08:54:45.294Z",
"title": "Attribute 1",
"description": "Description 1",
"aliases": [
"Alias 1",
"Alias 2",
"Alias 3"
]
},
{
"id": "{{attribute_id}}",
"created_at": "2024-08-08T10:47:00.245Z",
"title": "Attribute 2",
"description": "Description 2",
"aliases": [
"Alias 4",
"Alias 5",
"Alias 6"
]
},
{
"id": "{{attribute_id}}",
"created_at": "2024-08-08T10:47:00.245Z",
"title": "Attribute 3",
"description": "Description 3",
"aliases": [
"Alias 7",
"Alias 8",
"Alias 9"
]
}
],
"count": 3
}
Search Attributes
To search attributes, use this code:
axios.get("/codex/attributes/search?text={{some text}}");
HTTP Request
GET https://api.devici.com/api/v1/codex/attributes/search?text={{some text}}
Query Parameters
| Parameter | Default | Description |
|---|---|---|
| text | Atribute titile |
The above command returns JSON structured like this:
[
{
"id": "{{attribute_id}}",
"created_at": "2024-08-08T13:06:42.770Z",
"title": "Search Result Attribute",
"description": "Description for Search Result",
"aliases": [
"Search Alias 1",
"Search Alias 2",
"Search Alias 3"
]
}
]
Get a Specific Attribute
To get a specific attribute, use this code:
axios.get("/codex/attributes/:id");
HTTP Request
GET https://api.devici.com/api/v1/codex/attributes/:id
The above command returns JSON structured like this:
{
"id": "{{attribute_id}}",
"created_at": "2024-07-18T14:27:11.414Z",
"title": "Specific Attribute",
"description": "Description for Specific Attribute",
"resources": null,
"aliases": [
"Specific Alias 1"
]
}
Create a New Attribute
To create a new attribute, use this code:
axios.post("/codex/attributes", {
title: "New Attribute 10",
description: "Description for Attribute 10",
aliases: [
"Alias 10",
"Alias 11"
],
resources: [
{
url: "https://test.com",
title: "Resource Title 10"
}
]
});
HTTP Request
POST https://api.devici.com/api/v1/codex/attributes
The above command returns JSON structured like this:
{
"id": "{{attribut_id}}",
"created_at": "2024-08-08T14:42:32.853Z",
"title": "New Attribute 10",
"description": "Description for Attribute 10",
"aliases": [
{
"id": "{{alias_id}}",
"title": "Alias 10"
},
{
"id": "{{alias_id}}",
"title": "Alias 11"
}
]
}
Create Multiple Attributes
To create multiple attributes, use this code:
axios.post("/codex/attributes/many", {
attributes: [
{
title: "New Attribute 1",
description: "Description for Attribute 1",
aliases: [
"Alias 1",
"Alias 2"
],
resources: [
{
url: "https://test.com",
title: "Resource Title 1"
}
]
},
{
title: "New Attribute 2",
description: "Description for Attribute 2",
aliases: [
"Alias 3",
"Alias 4"
]
}
]
});
HTTP Request
POST https://api.devici.com/api/v1/codex/attributes/many
The above command returns JSON structured like this:
[
{
"title": "New Attribute 1",
"description": "Description for Attribute 1",
"resources": [
{
"url": "https://test.com",
"title": "Resource Title 1"
}
],
"aliases": [
{
"title": "New Attribute 1",
"updated_at": "2024-08-08T13:06:42.770Z",
"id": "{{alias_id}}",
"created_at": "2024-08-08T13:06:42.770Z",
"deleted_at": null
},
{
"title": "Alias 1",
"updated_at": "2024-08-08T13:06:42.770Z",
"id": "{{alias_id}}",
"created_at": "2024-08-08T13:06:42.770Z",
"deleted_at": null
},
{
"title": "Alias 2",
"updated_at": "2024-08-08T13:06:42.770Z",
"id": "{{alias_id}}",
"created_at": "2024-08-08T13:06:42.770Z",
"deleted_at": null
}
],
"codex": {
"id": "{{codex_id}}"
},
"updated_at": "2024-08-08T13:06:42.770Z",
"id": "{{attribute_id}}",
"created_at": "2024-08-08T13:06:42.770Z",
"deleted_at": null
},
{
"title": "New Attribute 2",
"description": "Description for Attribute 2",
"aliases": [
{
"title": "New Attribute 2",
"updated_at": "2024-08-08T13:06:42.770Z",
"id": "{{alias_id}}",
"created_at": "2024-08-08T13:06:42.770Z",
"deleted_at": null
},
{
"title": "Alias 3",
"updated_at": "2024-08-08T13:06:42.770Z",
"id": "{{alias_id}}",
"created_at": "2024-08-08T13:06:42.770Z",
"deleted_at": null
},
{
"title": "Alias 4",
"updated_at": "2024-08-08T13:06:42.770Z",
"id": "{{alias_id}}",
"created_at": "2024-08-08T13:06:42.770Z",
"deleted_at": null
}
],
"codex": {
"id": "{{codex_id}}"
},
"updated_at": "2024-08-08T13:06:42.770Z",
"resources": null,
"id": "{{codex_id}}",
"created_at": "2024-08-08T13:06:42.770Z",
"deleted_at": null
}
]
Update a Specific Attribute
To update a specific attribute, use this code:
axios.put("/codex/attributes/:id", {
title: "Updated Attribute",
description: "Updated Description",
resources: [
{
url: "https://test.com",
title: "Updated Resource Title"
}
],
aliases: [
"Updated Alias 1"
],
codex: {
id: "{{codex_id}}"
},
updated_at: "2024-08-02T10:14:28.935Z",
id: "{{attribute_id}}",
created_at: "2024-08-02T10:14:28.935Z",
deleted_at: null
});
HTTP Request
PUT https://api.devici.com/api/v1/codex/attributes/:id
The above command returns JSON structured like this:
{
"id": "{{attribute_id}}",
"created_at": "2024-07-18T14:27:11.414Z",
"title": "Updated Attribute",
"description": "Updated Description",
"aliases": [
{
"id": "{{alias_id}}",
"title": "Updated Alias 1"
},
{
"id": "{{alias_id}}",
"title": "Additional Alias 1"
}
]
}
Delete a Specific Attribute
To delete a specific attribute, use this code:
axios.delete("/codex/attributes/:id");
HTTP Request
DELETE https://api.devici.com/api/v1/codex/attributes/:id
Delete Multiple Attributes
To delete multiple attributes, use this code:
axios.delete("/codex/attributes/many", {
{
"ids": ["{{attribute_id}}"]
}
});
HTTP Request
DELETE https://api.devici.com/api/v1/codex/attributes/many
Codex Mitigations
Get All Codex Mitigations
To get all mitigations, use this code:
axios.get("/codex/mitigations");
The above command returns JSON structured like this:
{
"items": [
{
"id": "{{mitigation_id}}",
"created_at": "2024-08-08T08:59:18.952Z",
"title": "Mitigation",
"definition": "Description Mitigation"
}
],
"count": 1
}
HTTP Request
GET https://api.devici.com/api/v1/codex/mitigations
Search Mitigations
To search mitigations, use this code:
axios.get("/codex/mitigations/search?text={{some text}}");
HTTP Request
GET https://api.devici.com/api/v1/codex/mitigations/search?text={{some text}}
Query Parameters
| Parameter | Default | Description |
|---|---|---|
| text | Mitigation titile |
The above command returns JSON structured like this:
[
{
"id": "{{mitigation_id}}",
"created_at": "2024-08-08T08:59:18.952Z",
"title": "Mitigation3",
"definition": "Description Mitigation1"
},
{
"id": "{{mitigation_id}}",
"created_at": "2024-08-08T08:59:18.952Z",
"title": "Mitigation4",
"definition": "Description Mitigation2"
}
]
Get a Specific Codex Mitigation
To get a specific mitigation, use this code:
axios.get("/codex/mitigations/:id");
The above command returns JSON structured like this:
{
"id": "{{mitigation_id}}",
"title": "Mitigation",
"definition": "Description Mitigation",
"consideration": "Consideration",
"explanation": "Explanation",
"example": "Example",
"question": "Question",
"resources": [
{
"url": "https://test.com",
"title": "Some resource"
}
]
}
HTTP Request
GET https://api.devici.com/api/v1/codex/mitigations/:id
Create a New Mitigation
To create a new mitigation, use this code:
axios.post("/codex/mitigations", {
title: "New Mitigation",
definition: "Description for Mitigation",
example: "Example for Mitigation",
question: "Question for Mitigation",
explanation: "Explanation for Mitigation",
consideration: "Consideration for Mitigation",
resources: [
{
url: "https://test.com",
title: "Resource for Mitigation"
}
]
});
HTTP Request
POST https://api.devici.com/api/v1/codex/mitigations
The above command returns JSON structured like this:
{
"id": "{{mitigation_id}}",
"title": "New Mitigation",
"definition": "Description for Mitigation",
"consideration": "Consideration for Mitigation",
"explanation": "Explanation for Mitigation",
"example": "Example for Mitigation",
"question": "Question for Mitigation",
"resources": [
{
"url": "https://test.com",
"title": "Resource for Mitigation"
}
]
}
Create Multiple Mitigations
To create multiple mitigations, use this code:
axios.post("/codex/mitigations/many", {
mitigations: [
{
title: "Mitigation1",
definition: "Description Mitigation1",
example: "Example1",
question: "Question1",
explanation: "Explanation1",
consideration: "Consideration1",
resources: [
{
url: "https://test.com",
title: "Some resource"
}
]
},
{
title: "Mitigation2",
definition: "Description Mitigation2",
example: "Example2",
question: "Question2",
explanation: "Explanation2",
consideration: "Consideration2",
resources: [
{
url: "https://test.com",
title: "Some resource"
}
]
}
]
});
HTTP Request
POST https://api.devici.com/api/v1/codex/mitigations/many
The above command returns JSON structured like this:
[
{
"title": "Mitigation1",
"definition": "Description Mitigation1",
"consideration": "Consideration1",
"explanation": "Explanation1",
"example": "Example1",
"question": "Question1",
"resources": [
{
"url": "https://test.com",
"title": "Some resource"
}
],
"codex": {
"id": "{{codex_id}}"
},
"updated_at": "2024-08-08T13:51:08.098Z",
"id": "{{mitigation_id}}",
"created_at": "2024-08-08T13:51:08.098Z",
"deleted_at": null
},
{
"title": "Mitigation2",
"definition": "Description Mitigation2",
"consideration": "Consideration2",
"explanation": "Explanation2",
"example": "Example2",
"question": "Question2",
"resources": [
{
"url": "https://test.com",
"title": "Some resource"
}
],
"codex": {
"id": "{{codex_id}}"
},
"updated_at": "2024-08-08T13:51:08.098Z",
"id": "{{mitigation_id}}",
"created_at": "2024-08-08T13:51:08.098Z",
"deleted_at": null
}
]
Update a Specific Codex Mitigation
To update a specific codex mitigation, use this code:
axios.put("/codex/mitigations/:id", {
id: "{{mitigation_id}}",
title: "Mitigation",
definition: "Description Mitigation",
consideration: "Consideration",
explanation: "Explanation",
example: "Example",
question: "Question",
resources: [
{
url: "https://test.com",
title: "Some resource"
}
]
});
HTTP Request
PUT https://api.devici.com/api/v1/codex/mitigations/:id
Delete a Specific Codex Mitigation
To delete a specific codex mitigation, use this code:
axios.delete("/codex/mitigations/:id");
HTTP Request
DELETE https://api.devici.com/api/v1/codex/mitigations/:id
Delete Multiple Mitigations
To delete multiple mitigations, use this code:
axios.delete("/codex/mitigations/many", {
ids: ["{{mitigation_id}}"]
});
HTTP Request
DELETE https://api.devici.com/api/v1/codex/mitigations/many
Codex Threats
Get All Codex Threats
To get all codex threats, use this code:
axios.get("/codex/threats");
The above command returns JSON structured like this:
{
"items": [
{
"id": "{{threat_id}}",
"created_at": "2024-08-08T14:19:42.080Z",
"title": "Threats1",
"description": "Description Threats1",
"priority": "low"
},
{
"id": "{{threat_id}}",
"created_at": "2024-08-08T14:19:42.080Z",
"title": "Threats2",
"description": "Description Threats2",
"priority": "low"
}
],
"count": 2
}
HTTP Request
GET https://api.devici.com/api/v1/codex/threats
Search Threats
To search threats, use this code:
axios.get("/codex/threats/search?text={{some text}}");
The above command returns JSON structured like this:
[
{
"id": "{{threat_id}}",
"title": "Threats1",
"description": "Description Threats1",
"priority": "low"
},
{
"id": "{{threat_id}}",
"title": "Threats2",
"description": "Description Threats2",
"priority": "low"
}
]
HTTP Request
GET https://api.devici.com/api/v1/codex/threats/search?text={{some text}}
Query Parameters
| Parameter | Default | Description |
|---|---|---|
| text | Threat titile |
Get a Specific Codex Threat
To get a specific codex threat, use this code:
axios.get("/codex/threats/:id");
The above command returns JSON structured like this:
{
"id": "{{threat_id}}",
"title": "Threats",
"description": "Description Threats",
"priority": "low",
"resources": [
{
"url": "https://test.com",
"title": "Some resource"
}
],
"caused_by": [
{
"id": "{{attribute_id}}",
"title": "Attribute"
}
],
"neutralized_by": [],
"mitigations": [
{
"id": "{{mitigation_id}}",
"title": "Mitigation"
}
]
}
HTTP Request
GET https://api.devici.com/api/v1/codex/threats/:id
Create a New Threat
To create a new threat, use this code:
axios.post("/codex/threats", {
title: "New Threat",
description: "Description for Threat",
priority: "low",
mitigationsIds: [
"{{mitigation_id}}"
],
resources: [
{
url: "https://test.com",
title: "Resource for Threat"
}
],
causedByIds: [
"{{attribut_id}}"
]
});
The above command returns JSON structured like this:
{
"id": "{{threat_id}}",
"title": "New Threat",
"description": "Description for Threat",
"priority": "low",
"resources": [
{
"url": "https://test.com",
"title": "Resource for Threat"
}
],
"caused_by": [
{
"id": "{{attribut_id}}",
"title": "Attribute"
}
],
"neutralized_by": [],
"mitigations": [
{
"id": "{{mitigation_id}}",
"title": "Mitigation"
}
]
}
HTTP Request
POST https://api.devici.com/api/v1/codex/threats
Create Multiple Threats
To create multiple threats, use this code:
axios.post("/codex/threats/many", {
threats: [
{
title: "Threats1",
description: "Description Threats1",
priority: "low",
mitigationsIds: [
"{{mitigation_id}}"
],
resources: [
{
url: "https://test.com",
title: "Some resource"
}
],
causedByIds: [
"{{attribute_id}}"
]
},
{
title: "Threats1",
description: "Description Threats1",
priority: "low",
mitigationsIds: [
"{{mitigation_id}}"
],
resources: [
{
url: "https://test.com",
title: "Some resource"
}
],
causedByIds: [
"{{attribute_id}}"
]
}
]
});
The above command returns JSON structured like this:
[
{
"id": "{{threat_id}}",
"title": "Threats1",
"description": "Description Threats",
"priority": "low",
"resources": [
{
"url": "https://test.com",
"title": "Some resource"
}
],
"caused_by": [
{
"id": "{{attribute_id}}",
"title": "Attribute"
}
],
"neutralized_by": [],
"mitigations": [
{
"id": "{{mitigation_id}}",
"title": "Mitigation"
}
]
},
{
"id": "{{threat_id}}",
"title": "Threats2",
"description": "Description Threats",
"priority": "low",
"resources": [
{
"url": "https://test.com",
"title": "Some resource"
}
],
"caused_by": [
{
"id": "{{attribute_id}}",
"title": "Attribute"
}
],
"neutralized_by": [],
"mitigations": [
{
"id": "{{mitigation_id}}",
"title": "Mitigation"
}
]
}
]
HTTP Request
POST https://api.devici.com/api/v1/codex/threats/many
Update a Specific Codex Threat
To update a specific codex threat, use this code:
axios.put("/codex/threats/:id", {
id: "{{threat_id}}",
title: "Threats",
description: "Description Threats",
priority: "low",
resources: [
{
url: "https://test.com",
title: "Some resource"
}
],
caused_by: [
{
id: "{{attribute_id}}",
title: "Attribute"
}
],
neutralized_by: [],
mitigations: [
{
id: "{{mitigation_id}}",
title: "Mitigation"
}
]
});
HTTP Request
PUT https://api.devici.com/api/v1/codex/threats/:id
The above command returns JSON structured like this:
{
"id": "{{threat_id}}",
"title": "Threats",
"description": "Description Threats",
"priority": "low"
}
Delete a Specific Codex Threat
To delete a specific codex threat, use this code:
axios.delete("/codex/threats/:id");
HTTP Request
DELETE https://api.devici.com/api/v1/codex/threats/:id
Delete Multiple Threats
To delete multiple threats, use this code:
axios.delete("/codex/threats/many", {
ids: ["{{threat_id}}"]
});
HTTP Request
DELETE https://api.devici.com/api/v1/codex/threats/many
Audit Logs
Get Audit Logs Actions
To get Audit Logs Actions use this code:
axios.get("/audit-log/types");
[
"collection-created",
"collection-deleted",
"collection-owner-changed",
"threat-model-created",
"threat-model-deleted",
"canvas-created",
"canvas-deleted",
"components-deleted",
"customer-settings-changed",
"user-deleted",
"user-role-changed",
"user-invited",
"user-toggled-mfa",
"saml-settings-created",
"saml-settings-changed",
"saml-settings-deleted",
"mfa-enabled",
"mfa-disabled",
"session-duration-changed",
"api-key-created",
"api-key-regenerated",
"api-key-deleted",
"signed-up",
"signed-in",
"signed-out",
"password-changed",
"password-forgot",
"app-integration-created",
"app-integration-updated",
"app-integration-deleted",
"app-integration-test"
]
This endpoint retrieves all Action for filtering Audit Logs.
HTTP Request
GET https://api.devici.com/api/v1/audit-log/types
Get All Audit Logs
To get all Audit Logs use this code:
axios.get("/audit-log/?limit=1&actions=api-key-regenerated");
{
"items": [
{
"logId": "{{canvas_id}}",
"action": "API key renenerate",
"userIp": "123.123.123.123",
"entityId": "{{entity_id}}}",
"timestamp": "2024-05-08T16:27:08.765Z",
"expiresAt": "17457498341",
"user": {
"id": "{{user_id}}",
"email": "johndoe@mail.com",
"first_name": "John",
"last_name": "Doe",
"role": "admin"
}
}
],
"nextKey": "{{next_key_id}}"
}
This endpoint retrieves all Audit Logs.
HTTP Request
GET https://api.devici.com/api/v1/audit-log/?limit=1&nextKey={{next_key_id}}&actions=API_KEY_REGENERATED
Query Parameters
| Parameter | Default | Description |
|---|---|---|
| limit | 25 | Count of items per request |
| users | - | Filter by specific user(s) |
| actions | - | Filter by specific action(s) |
| start | 1 month before current date |
Filter by date (start date), format: yyyy-mm-dd |
| end | Current date |
Filter by date (end date), format: yyyy-mm-dd |
| nextKey | - | Use "nextKey" from previous response to get the next chunk of data |
Export on CSV
To export Audit Logs via CSV use this code:
axios.get("/audit-log/csv");
CSV file example:
Action,User,User Ip,Timestamp,Details
API key regenerate,John Doe,123.123.123.123,1/24/2025,-
Signed in,John Doe,123.123.123.123,1/24/2025,-
Threat Model created,John Doe,123.123.123.123,1/22/2025,Title: Draft threat model | Collection: New Collection for test syslog
Signed in,John Doe,123.123.123.123,1/22/2025,-
Collection deleted,John Doe,123.123.123.123,1/21/2025,Title: Edited Collection257384
Threat Model created,John Doe,123.123.123.123,1/20/2025,Title: brave's first threat model | Collection: Default_collection
Signed in,John Doe,123.123.123.1231,1/20/2025,-
Collection deleted,John Doe,123.123.123.123,1/17/2025,Title: Edited Collection244503
...
This endpoint retrieves all Action for filtering Audit Logs.
HTTP Request
GET https://api.devici.com/api/v1/audit-log/csv?actions=API_KEY_REGENERATED&start=2025-01-01&end=2025-02-01
Query Parameters
| Parameter | Default | Description |
|---|---|---|
| users | - | Filter by specific user(s) |
| actions | - | Filter by specific action(s) |
| start | 1 month before current date |
Filter by date (start date), format: yyyy-mm-dd |
| end | Current date |
Filter by date (end date), format: yyyy-mm-dd |
Reports
Get Threat Models Reports
To get Threat Models Reports use this code:
axios.get("/reports/threat-models/?limit=1&page=0&start=01.01.2025&end=01.31.2025");
{
"items": [
{
"id": "{{threat_model_id}}",
"created_at": "2024-10-10T14:58:26.981Z",
"title": "Title",
"status": "Threats & Mitigations",
"priority": "high",
"owner": {
"first_name": "Jon",
"last_name": "Doe"
},
"canvasCount": 1,
"mitigatedThreats": 0,
"unmitigatedThreats": 4,
"canvases": [
{
"id": "{{canvas_id}}",
"title": "Canvas 1"
}
],
"collection": {
"id": "{{collection_id}}",
"title": "Collection"
}
}
],
"count": 1
}
This endpoint retrieves Threat Models report.
HTTP Request
GET https://api.devici.com/api/v1/reports/threat-models/?limit=1&page=0&start=01.01.2025&end=01.31.2025
Query Parameters
| Parameter | Default | Description |
|---|---|---|
| limit | 20 | Count of items per request |
| page | 1 | Page |
| start | - | The starting point or timestamp for the query range |
| end | - | The endpoint or timestamp for the query range |
| projectId | - | Filter by a specific collection |
| runningId | - | Filter by a specific running |
Get Threat Models Reports via PDF
To get Threat Models Reports via PDF use this code:
axios.get("/reports/threat-models-pdf?start=01.01.2025&end=01.31.2026");
A PDF file will be received.
This endpoint retrieves Threat Models report via PDF file.
HTTP Request
GET https://api.devici.com/api/v1/reports/threat-models-pdf?start=01.01.2025&end=01.31.2026
Query Parameters
| Parameter | Default | Description |
|---|---|---|
| start | - | The starting point or timestamp for the query range |
| end | - | The endpoint or timestamp for the query range |
Get Threat Models Reports via CSV
To get Threat Models Reports via CSV use this code:
axios.get("/reports/threat-models-csv?start=01.01.2025&end=01.31.2026");
CSV file example:
Title,Collection,Priority,Status,Mitigated Threats,Unmitigated Threats,Responsible,Canvases,Created At
Edited Test Model244,Default_collection,high,Threats & Mitigations,0,4,John Doe,1,10/10/2024
Default_collection Draft threat model,Default_collection,medium,Representation,0,0,John Doe,1,10/14/2024
Draft threat model,Default_collection,medium,Threats & Mitigations,0,0,John Doe,1,10/14/2024
Draft threat model,Default_collection,medium,Threats & Mitigations,0,0,John Doe,1,10/14/2024
Single node,Default_collection,medium,Threats & Mitigations,0,0,John Doe,1,10/14/2024
Draft threat model,Default_collection,medium,Representation,0,0,John Doe,1,10/14/2024
Draft threat model,Default_collection,medium,Representation,0,0,John Doe,1,10/15/2024
Draft threat model,Default_collection,medium,Representation,0,0,John Doe,1,10/15/2024
This endpoint retrieves Threat Models report via CSV file.
HTTP Request
GET https://api.devici.com/api/v1/reports/threat-models-csv?start=01.01.2025&end=01.31.2026
Query Parameters
| Parameter | Default | Description |
|---|---|---|
| start | - | The starting point or timestamp for the query range |
| end | - | The endpoint or timestamp for the query range |
Dashboard
Get Dashboard Charts Types
To get Dashboard charts types use this code:
axios.get("/dashboard/types");
[
"total-users",
"top-threats",
"top-attributes",
"top-mitigations",
"top-risk-threat-models",
"threat-models-by-project",
"threats-vs-mitigated-threats",
"threat-models-by-status-and-priority"
]
This endpoint retrieves Dashboard Charts Types.
HTTP Request
GET https://api.devici.com/api/v1/dashboard/types
Get Dashboard data by specific chart type
To get Dashboard data by specific chart type use this code:
axios.get("/dashboard/?limit=1&page=0&start=01.01.2025&end=01.31.2025&type=top-threats");
[
{
"name": "Denial of Service",
"count": "796"
},
{
"name": "Information Disclosure",
"count": "794"
},
{
"name": "Tampering",
"count": "790"
},
{
"name": "Repudiation",
"count": "523"
},
{
"name": "Spoofing",
"count": "488"
}
]
This endpoint retrieves Dashboard data by specific chart type.
HTTP Request
GET https://api.devici.com/api/v1/dashboard/?limit=1&page=0&start=01.01.2025&end=01.31.2025&type=top-threats
Query Parameters
| Parameter | Default | Description |
|---|---|---|
| limit | 20 | Count of items per request |
| page | 1 | Page |
| type | - | Use one of the types from /dashboard/types |
| start | - | The starting point or timestamp for the query range |
| end | - | The endpoint or timestamp for the query range |
| projectId | - | Filter by a specific collection |
| runningId | - | Filter by a specific running |
Teams
Get Teams
To get a list of all teams use this code:
axios.get("/teams/?limit=20&page=0");
{
"items": [
{
"id": "{{team_id}}",
"title": "Alpha",
"users": ["{{user_id}}"],
"created_at": "2025-02-10T15:01:41.411Z",
"collections": ["{{collection_id}}", "{{collection_id}}"]
}
],
"count": 1
}
Use this endpoint to retrieve a list of all teams.
HTTP Request
GET https://api.devici.com/api/v1/teams/?limit=20&page=0
Query Parameters
| Parameter | Default | Description |
|---|---|---|
| limit | 20 | Count of items per request |
| page | 1 | Page |
Get a Specific Team
To get specific team by id use this code:
axios.get("/teams/:id");
The above command returns JSON structured like this:
{
"id": "{{team_id}}",
"title": "Alpha",
"users": [
{
"id": "{{user_id}}",
"email": "{{user_email}}",
"first_name": "First",
"last_name": "Last",
"role": "user"
}
],
"collections": [
{
"id": "{{collection_id}}",
"title": "Collection title",
"permission": "write"
}
]
}
Use this endpoint to retrieve details of a specific team by its ID.
HTTP Request
GET https://api.devici.com/api/v1/teams/:id
Create Team
To create a new team use this code:
axios.post("/teams", {
payload: [
{
title: "Team 11111",
usersIds: ["{{user_id}}"],
collectionsPermissions: [{
collectionId: "{{collection_id}}",
permission: "read"
}]
},
{
title: "Team 22222",
usersIds: ["{{user_id}}"],
collectionsPermissions: [{
collectionId: "{{collection_id}}",
permission: "write"
}]
}
]
});
Use this endpoint to create a new team.
permission field must be one of read | write | manage
HTTP Request
POST https://api.devici.com/api/v1/teams
Update Teams
To update multiple teams use this code:
axios.put("/teams", {
payload: [
{
id: "{{team_id}}",
title: "Team updated title",
usersIds: ["{{user_id}}"],
collectionsPermissions: [{
collectionId: "{{collection_id}}",
permission: "read"
}]
}
]
});
Use this endpoint to update multiple teams in one request.
HTTP Request
PUT https://api.devici.com/api/v1/teams
Delete Specific Team
To delete specific team by id use this code:
axios.delete("/teams/:id");
Use this endpoint to delete a specific team by its ID.
HTTP Request
DELETE https://api.devici.com/api/v1/teams/:id
Errors
The Devici API uses the following error codes:
| Error Code | Meaning |
|---|---|
| 400 | Bad Request -- Your request is invalid. |
| 401 | Unauthorized -- Your API key is wrong. |
| 403 | Forbidden -- The entity requested is hidden for administrators only. |
| 404 | Not Found -- The specified entity could not be found. |
| 405 | Method Not Allowed -- You tried to access a entity with an invalid method. |
| 406 | Not Acceptable -- You requested a format that isn't json. |
| 410 | Gone -- The entity requested has been removed from our servers. |
| 418 | I'm a teapot. |
| 429 | Too Many Requests -- You're requesting too many entities! Slow down! |
| 500 | Internal Server Error -- We had a problem with our server. Try again later. |
| 503 | Service Unavailable -- We're temporarily offline for maintenance. Please try again later. |