Cloud Storage Security Help Docs
Release Notes
  • Introduction
  • Getting Started
    • How to Subscribe
      • Pay-As-You-Go (PAYG)
      • Bring Your Own License/GovCloud (BYOL)
      • AWS Transfer Family
    • How to Deploy
      • Steps to Deploy
      • Advanced Deployment Considerations
      • AWS Transfer Family
    • How to Configure
  • Console Overview
    • Dashboard
    • Malware Scanning
      • AWS
        • Buckets
        • Amazon EBS Volumes
        • Amazon EFS Volumes
        • Amazon FSx Volumes
        • WorkDocs Connections
      • Azure
        • Blob Containers
      • GCP
        • GCP Buckets
    • See What's Infected
      • Findings
      • Malware History
      • Results
    • Schedules
    • Monitoring
      • Error Logs
      • Bucket Settings
      • Deployment
      • Jobs
      • Notifications
      • Storage Assessment
      • Usage
    • Configuration
      • Classification Rule Sets
      • Classification Custom Rules
      • Scan Settings
      • Console Settings
      • AWS Integrations
      • Job Networking
      • API Agent Settings
      • Proactive Notifications
      • License Management
      • Event Agent Settings
    • Access Management
      • Manage Users
      • Manage Accounts
        • Linking an AWS Account
        • Linking an Azure Account
        • Linking a GCP Account
      • Manage Groups
    • Support
      • Getting Started
      • Stay Connected
      • Contact Us
      • Documentation
  • Product Updates
  • How It Works
    • Scanning Overview
      • Event Driven Scanning for New Files
      • Retro Scanning for Pre-Existing Files
      • API Driven Scanning
    • Architecture Overview
    • Deployment Details
    • Sizing Discussion
    • Integrations
      • AWS Security Hub
      • AWS CloudTrail Lake
      • AWS Transfer Family
      • Amazon GuardDuty
      • Amazon Bedrock
    • Demo Videos
    • Scanning APIs
    • SSO Integrations
      • Entra ID SSO Integration
      • Okta SSO Integration
  • Frequently Asked Questions
    • Getting Started
    • Product Functionality
    • Architecture Related
    • Supported File Types
  • Troubleshooting
    • CloudFormation Stack failures
    • Cross-Region Scanning on with private network
    • API Scanning: Could not connect to SSL/TLS (v7)
    • Password not received after deployment
    • Conflicted buckets
    • Modifying scaling info post-deployment
    • Objects show unscannable with access denied
    • Remote account objects not scanning
    • My scanning agents keep starting up and immediately shutting down
    • I cannot access the management console
    • Linked Account Out of Date
    • Rebooting the Management Console
    • Error when upgrading to the latest major version
    • I Cannot Create/Delete an API Agent
  • Release Notes
    • Latest (v8)
    • v7
    • v6 and older
  • Contact Us & Support
  • Data Processing Agreement
  • Privacy Policy
Powered by GitBook
On this page
  1. How It Works

Scanning APIs

PreviousDemo VideosNextSSO Integrations

Last updated 1 year ago

Cloud Storage Security Scanning API

v1 OAS3

HealthCheck

Scan

Token

css_scanning_api_openapi_doc.json

Checks if the server is alive

get
Responses
200
Success
get
GET /health HTTP/1.1
Host: 
Accept: */*
200

Success

No content

Check the status of an extra large file scan job. This could be used when a file larger than what can fit on the API's disk was submitted to be scanned via the scan existing API. The initial scan existing API request would have a reference ID returned back that would be included in this request.

get
Query parameters
referenceIdstringOptional
Responses
200
Success
400
Bad Request
401
Unauthorized
404
Not Found
500
Server Error
get
GET /api/Scan/JobStatus HTTP/1.1
Host: 
Accept: */*
{
  "result": "Clean",
  "detectedInfections": [
    {
      "file": "text",
      "infection": "text"
    }
  ],
  "errorMessage": "text",
  "dateScanned": "2025-05-09T11:27:04.636Z",
  "trueFileType": "text",
  "referenceId": "text"
}
  • Cloud Storage Security Scanning API
  • HealthCheck
  • GETChecks if the server is alive
  • Scan
  • GETCheck the status of an extra large file scan job. This could be used when a file larger than what can fit on the API's disk was submitted to be scanned via the scan existing API. The initial scan existing API request would have a reference ID returned back that would be included in this request.
  • POSTScan a file that already exists in cloud storage
  • POSTSend a file to the API to be scanned. This can either be done via a multi-part file upload or a binary file transfer. If done as a binary file transfer, headers may be added to specify the file name and an upload destination (if desired). The upload destination is specified as an uploadTo form field when using multi-part form uploads.
  • POSTScan a file that exists at an arbitrary url. For example, this may be a file on a generic public http(s) endpoint, or an object with a pre-signed url.
  • Token
  • POSTPerforms authentication for a user, returning the bearer token to be used for future API requests

Scan a file that already exists in cloud storage

post
Body
containerstringRequired
objectPathstringRequired
versionIdstring | nullableOptional
uploadedBystring | nullableOptional
fileSizeinteger ยท int64Optional
lastModifiedstring ยท date-timeOptional
Responses
200
Success
400
Bad Request
401
Unauthorized
500
Server Error
post
POST /api/Scan/Existing HTTP/1.1
Host: 
Content-Type: application/json
Accept: */*
Content-Length: 134

{
  "container": "text",
  "objectPath": "text",
  "versionId": "text",
  "uploadedBy": "text",
  "fileSize": 1,
  "lastModified": "2025-05-09T11:27:04.636Z"
}
{
  "result": "Clean",
  "detectedInfections": [
    {
      "file": "text",
      "infection": "text"
    }
  ],
  "errorMessage": "text",
  "dateScanned": "2025-05-09T11:27:04.636Z",
  "trueFileType": "text",
  "referenceId": "text"
}

Send a file to the API to be scanned. This can either be done via a multi-part file upload or a binary file transfer. If done as a binary file transfer, headers may be added to specify the file name and an upload destination (if desired). The upload destination is specified as an uploadTo form field when using multi-part form uploads.

post
Header parameters
File-NamestringOptional

Optional - for use when performing scan and upload only

Upload-TostringOptional

Optional - for use when performing scan and upload only

Body
fileNamestring ยท binaryOptional
uploadTostringOptional
Responses
200
Success
400
Bad Request
401
Unauthorized
500
Server Error
post
POST /api/Scan HTTP/1.1
Host: 
Content-Type: multipart/form-data
Accept: */*
Content-Length: 39

{
  "fileName": "binary",
  "uploadTo": "text"
}
{
  "result": "Clean",
  "detectedInfections": [
    {
      "file": "text",
      "infection": "text"
    }
  ],
  "errorMessage": "text",
  "dateScanned": "2025-05-09T11:27:04.636Z",
  "trueFileType": "text",
  "referenceId": "text"
}

Scan a file that exists at an arbitrary url. For example, this may be a file on a generic public http(s) endpoint, or an object with a pre-signed url.

post
Body
urlstringOptional
Responses
200
Success
400
Bad Request
401
Unauthorized
500
Server Error
post
POST /api/Scan/url HTTP/1.1
Host: 
Content-Type: multipart/form-data
Accept: */*
Content-Length: 14

{
  "url": "text"
}
{
  "result": "Clean",
  "detectedInfections": [
    {
      "file": "text",
      "infection": "text"
    }
  ],
  "errorMessage": "text",
  "dateScanned": "2025-05-09T11:27:04.636Z",
  "trueFileType": "text",
  "referenceId": "text"
}

Performs authentication for a user, returning the bearer token to be used for future API requests

post
Body
usernamestringRequired
passwordstringRequired
mfaCodestring | nullableOptional
Responses
200
Success
401
Unauthorized
post
POST /api/Token HTTP/1.1
Host: 
Content-Type: application/json
Accept: */*
Content-Length: 54

{
  "username": "text",
  "password": "text",
  "mfaCode": "text"
}
{
  "accessToken": "text",
  "tokenType": "text",
  "expiresIn": 1
}