Share (export) a finished PCI scan to Qualys PCI Merchant where you can generate reports required to prove your PCI compliance. The PCI Merchant account to be used must be already defined as a PCI account link using the Qualys user interface
Permissions - Any user with scan permissions (Manager, Unit Manager or Scanner) can share a PCI scan with one of their own PCI Merchant accounts and obtain share status. The user’s Qualys account must allow access to the PCI scan and must have a link to the target PCI Merchant account.
Share restriction - The following share restriction applies to all users. One PCI scan can be shared (exported) to one PCI Merchant subscription one time only, assuming the share request is successful. (Note: If a particular scan has been exported to any PCI account in the same PCI Merchant subscription as your PCI account, the scan can’t be exported.) If a share request fails for some reason, it's possible to submit another share request for the same PCI scan and PCI Merchant account.
|
Parameter |
Required/Optional |
Data Type |
Description |
|---|---|---|---|
|
action=share |
Required |
String |
Specify action to share PCI scans. |
|
echo_request={0|1} |
Optional |
Integer |
Specify 1 to view (echo) input parameters in the XML output. By default these are not included. |
|
scan_ref={value} |
Required |
Integer |
The scan reference of a finished PCI scan. The scan status of this scan must be “Finished”. |
|
merchant_username={value} |
Required |
String |
The user name of the PCI Merchant account that the PCI scan will be exported to. The API user’s Qualys account must have a PCI account link already defined for this target PCI Merchant account. |
API Request
curl -s -H "X-Requested-With: curl demo 2" -D headers.15 -b"QualysSession=38255848108d68a2feaf9ee664ca78a7; path=/api; secure" -d"action=share&merchant_username=manager1@qualys&scan_ref=scan/1281646610.5720""https://<qualys_base_url>/api/2.0/fo/scan/pci/"
Response when request to share PCI scan is successful:
XML Output
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE SIMPLE_RETURN SYSTEM "https://<qualys_base_url>/api/2.0/simple_return.dtd">
<SIMPLE_RETURN>
<RESPONSE>
<DATETIME>2018-01-17T00:50:39Z</DATETIME>
<TEXT>Requested share of scan to PCI</TEXT>
<ITEM_LIST>
<ITEM>
<KEY>scan_ref</KEY>
<VALUE>scan/1281646610.5720</VALUE>
</ITEM>
<ITEM>
<KEY>merchant_username</KEY>
<VALUE>manager1@qualys</VALUE>
</ITEM>
</ITEM_LIST>
</RESPONSE>
</SIMPLE_RETURN>
Response when PCI scan has already been shared:
XML Output
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE SIMPLE_RETURN SYSTEM "https://<qualys_base_url>/api/2.0/simple_return.dtd">
<SIMPLE_RETURN>
<RESPONSE>
<DATETIME>2018-01-04T14:54:01Z</DATETIME>
<CODE>999</CODE>
<TEXT>This scan has already been shared with the Merchant account.</TEXT>
</RESPONSE>
</SIMPLE_RETURN><platform API server>/api/2.0/simple_return.dtd