Returns a list of web applications that are in the user’s scope.
You can also retrieve the TruRisk Score for the Web application in the API response.
Permissions required - User must have WAS module enabled. The user account must have these permissions: Access Permission “API Access”. The output includes web applications in the user's scope.
These elements are optional and act as filters. When multiple elements are specified, parameters are combined using a logical AND. Click here for descriptions of <WebApp> elements.
The special field=attributes attribute for the Criteria element is used to search custom attributes (see sample below).
Click here for available operators
|
Parameter |
Mandatory /Optional |
Data Type |
Description |
|---|---|---|---|
|
id |
Optional |
integer |
Web application ID. |
|
name |
Optional |
text |
Web application name. |
|
url |
Optional |
text |
The URL of the web application. |
|
tags |
Optional |
element |
Tags assigned to the web application. Click here for a description of these <WebApp> elements. |
|
tags.name |
Optional |
text |
Tag name assigned to web application. |
|
tags.id |
Optional |
integer |
Tag ID assigned to the web application. |
|
createdDate |
Optional |
date |
The date when the web application was created in WAS, in UTC date/time format. |
|
updatedDate |
Optional |
date |
The date when the web application was last updated in WAS, in UTC date/time format. |
|
isScheduled |
Optional |
boolean |
A flag indicating whether a scan is scheduled for the web application. |
|
isScanned |
Optional |
boolean |
A flag indicating whether the web application has been scanned. |
|
lastScan.status |
Optional |
keyword |
Scan status reported by last web application scan: SUBMITTED, RUNNING, FINISHED, TIME_LIMIT_EXCEEDED, SCAN_NOT_LAUNCHED, SCANNER_NOT_AVAILABLE, ERROR or CANCELED |
|
lastScan.date |
Optional |
date |
Date when the web application was last scanned, in UTC date/time format. |
|
verbose |
Optional |
boolean |
A flag to indicate whether the list of tags associated with the web application should be listed. Example: <preferences> |
API request
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" "<qualys_base_url>/qps/rest/3.0/search/was/webapp" -X "POST"
XML response
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/webapp.xsd">
<responseCode>SUCCESS</responseCode>
<count>2</count>
<hasMoreRecords>false</hasMoreRecords>
<lastId>323103</lastId>
<data>
<WebApp>
<id>323102</id>
<name><![CDATA[My Web Application]]></name>
<url><![CDATA[https://example.com]]></url>
<owner>
<id>123068</id>
</owner>
<tags>
<count>3</count>
</tags>
<createdDate>2017-11-22T13:48:03Z</createdDate>
<updatedDate>2018-09-19T13:41:07Z</updatedDate>
</WebApp>
<WebApp>
<id>323103</id>
<name><![CDATA[Demo Web App]]></name>
<url><![CDATA[http://10.10.26.200:80/phpBB/1.4.4_basic]]></url>
<owner>
<id>123071</id>
</owner>
<tags>
<count>0</count>
</tags>
<createdDate>2018-06-22T13:45:46Z</createdDate>
<updatedDate>2018-09-16T14:33:38Z</updatedDate>
</WebApp>
</data>
</ServiceResponse>
API request
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary @- "<qualys_base_url>/qps/rest/3.0/search/was/webapp" < file.xml
Note: “file.xml” contains the request POST data.
Request POST data
<ServiceRequest>
<filters>
<Criteria field="name" operator="CONTAINS">Merchant</Criteria>
<Criteria field="id" operator="GREATER">323000</Criteria>
</filters>
</ServiceRequest>
XML response
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/webapp.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<hasMoreRecords>false</hasMoreRecords>
<data>
<WebApp>
<id>323476</id>
<name>
<![CDATA[Merchant site 1]]>
</name>
<url>
<![CDATA[http://10.10.25.116:80/merchant/2.2/themerchant]]>
</url>
<owner>
<id>123056</id>
</owner>
<tags>
<count>0</count>
</tags>
<createdDate>2018-02-21T15:24:49Z</createdDate>
<updatedDate>2018-07-03T16:53:37Z</updatedDate>
</WebApp>
</data>
</ServiceResponse>
API request
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary @- "<qualys_base_url>/qps/rest/3.0/search/was/webapp" < file.xml
Note: “file.xml” contains the request POST data. Request POST data
<ServiceRequest>
<preferences>
<verbose>true</verbose>
</preferences>
<filters>
<Criteria field="name" operator="CONTAINS">My Web Application</Criteria>
</filters>
</ServiceRequest>
XML response
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/webapp.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<hasMoreRecords>false</hasMoreRecords>
<data>
<WebApp>
<id>6620298</id>
<name>
<![CDATA[My Web Application]]>
</name>
<url>
<![CDATA[http://www.example.com]]>
</url>
<owner>
<id>1056860</id>
</owner>
<tags>
<count>1</count>
<list>
<Tag>
<id>9029017</id>
<name>
<![CDATA[TagWebapp1]]>
</name>
</Tag>
</list>
</tags>
<createdDate>2017-12-15T16:13:06Z</createdDate>
<updatedDate>2018-11-19T04:38:08Z</updatedDate>
</WebApp>
</data>
</ServiceResponse>
Search custom attributes using the field attribute for the Criteria element.
API request
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary @- "https://qualysapi.qualys.com/qps/rest/3.0/search/was/webapp" < file.xml
Note: “file.xml” contains the request POST data. Find web applications that have a custom attribute name “Function,” and this attribute has a value that contains “web” (case insensitive search).
Request POST data
<ServiceRequest>
<filters>
<Criteria field="attributes" name="Function" operator="CONTAINS">web</Criteria>
</filters>
</ServiceRequest>
Find web applications that have a custom attribute name “Function,” and this attribute has a value that is equal to “web”.
Request POST data (EQUALS)
<ServiceRequest>
<filters>
<Criteria field="attributes" name="Function" operator="EQUALS">web</Criteria>
</filters>
</ServiceRequest>
Find web applications that have a custom attribute name “Function,” and this attribute has a value not equal to “web.”
Request POST data (NOT EQUALS)
<ServiceRequest>
<filters>
<Criteria field="attributes" name="Function" operator="NOT EQUALS">web</Criteria>
</filters>
</ServiceRequest>
This example shows the list of all web applications in the user account with the TruRisk Score.
API Request
curl -u "USERNAME:PASSWORD" -H "content-type:text/xml" "<qualys_base_url>/qps/rest/3.0/search/was/webapp"
API Request Body
<ServiceRequest>
<preferences>
<verbose>true</verbose>
</preferences>
<filters>
<Criteria field="id" operator="EQUALS">39725230</Criteria>
</filters>
</ServiceRequest>
Response
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="
<qualys_base_url>/qps/xsd/3.0/was/webapp.x
sd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<hasMoreRecords>false</hasMoreRecords>
<data>
<WebApp>
<id>39725230</id>
<name>
<![CDATA[API_My Web Application Create111]]>
</name>
<url>
<![CDATA[http://mywebapp.com/]]>
</url>
<riskScore>0</riskScore>
<owner>
<id>895299984</id>
</owner>
<tags>
<count>1</count>
<list>
<Tag>
<id>133578207</id>
<name>
<![CDATA[Test Tag]]>
</name>
</Tag>
</list>
</tags>
<createdDate>2023-08-11T05:43:52Z</createdDate>
<updatedDate>2023-12-20T09:45:31Z</updatedDate>
</WebApp>
</data>
</ServiceResponse>
<platform API server>/qps/xsd/3.0/was/webapp.xsd