Search Web Application
Returns a list of web applications that are in the user’s scope.
You can also retrieve the TruRisk Score for the Web application in the API response.
Permissions required: User must have WAS module enabled. The user account must have these permissions: Access Permission API Access. The output includes web applications in the user's scope.
Input ParametersInput Parameters
These elements are optional and act as filters. When multiple elements are specified, parameters are combined using a logical AND. Click here for descriptions of <WebApp> elements.
The special field=attributes attribute for the Criteria element is used to search custom attributes (see sample below).
Click here for available operators
|
Parameter |
Mandatory /Optional |
Data Type |
Description |
|---|---|---|---|
|
id |
Optional |
integer |
Web application ID. |
|
name |
Optional |
text |
Web application name. |
|
url |
Optional |
text |
The URL of the web application. |
|
tags |
Optional |
element |
Tags assigned to the web application. Click here for a description of these <WebApp> elements. |
|
tags.name |
Optional |
text |
Tag name assigned to web application. |
|
tags.id |
Optional |
integer |
Tag ID assigned to the web application. |
|
createdDate |
Optional |
date |
The date when the web application was created in WAS, in UTC date/time format. |
|
updatedDate |
Optional |
date |
The date when the web application was last updated in WAS, in UTC date/time format. |
|
isScheduled |
Optional |
boolean |
A flag indicating whether a scan is scheduled for the web application. |
|
isScanned |
Optional |
boolean |
A flag indicating whether the web application has been scanned. |
|
lastScan.status |
Optional |
keyword |
Scan status reported by last web application scan: SUBMITTED, RUNNING, FINISHED, TIME_LIMIT_EXCEEDED, SCAN_NOT_LAUNCHED, SCANNER_NOT_AVAILABLE, ERROR or CANCELED |
|
lastScan.date |
Optional |
date |
Date when the web application was last scanned, in UTC date/time format. |
|
verbose |
Optional |
boolean |
A flag to indicate whether the list of tags associated with the web application should be listed. Example:
|
Sample - List all web apps in the user's accountSample - List all web apps in the user's account
API request:
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" "<qualys_base_url>/qps/rest/3.0/search/was/webapp" -X "POST"
XML response:
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/webapp.xsd">
<responseCode>SUCCESS</responseCode>
<count>2</count>
<hasMoreRecords>false</hasMoreRecords>
<lastId>323103</lastId>
<data>
<WebApp>
<id>323102</id>
<name><![CDATA[My Web Application]]></name>
<url><![CDATA[https://example.com]]></url>
<owner>
<id>123068</id>
</owner>
<tags>
<count>3</count>
</tags>
<createdDate>2017-11-22T13:48:03Z</createdDate>
<updatedDate>2018-09-19T13:41:07Z</updatedDate>
</WebApp>
<WebApp>
<id>323103</id>
<name><![CDATA[Demo Web App]]></name>
<url><![CDATA[http://10.10.26.200:80/phpBB/1.4.4_basic]]></url>
<owner>
<id>123071</id>
</owner>
<tags>
<count>0</count>
</tags>
<createdDate>2018-06-22T13:45:46Z</createdDate>
<updatedDate>2018-09-16T14:33:38Z</updatedDate>
</WebApp>
</data>
</ServiceResponse>
Sample - List certain web appsSample - List certain web apps
API request:
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary @- "<qualys_base_url>/qps/rest/3.0/search/was/webapp" < file.xml
Note: “file.xml” contains the request POST data.
Request POST data:
<ServiceRequest>
<filters>
<Criteria field="name" operator="CONTAINS">Merchant</Criteria>
<Criteria field="id" operator="GREATER">323000</Criteria>
</filters>
</ServiceRequest>
XML response:
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/webapp.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<hasMoreRecords>false</hasMoreRecords>
<data>
<WebApp>
<id>323476</id>
<name>
<![CDATA[Merchant site 1]]>
</name>
<url>
<![CDATA[http://10.10.25.116:80/merchant/2.2/themerchant]]>
</url>
<owner>
<id>123056</id>
</owner>
<tags>
<count>0</count>
</tags>
<createdDate>2018-02-21T15:24:49Z</createdDate>
<updatedDate>2018-07-03T16:53:37Z</updatedDate>
</WebApp>
</data>
</ServiceResponse>
Sample - Search Web Application and view associated tagsSample - Search Web Application and view associated tags
API request:
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary @- "<qualys_base_url>/qps/rest/3.0/search/was/webapp" < file.xml
Note: “file.xml” contains the request POST data. Request POST data:
<ServiceRequest>
<preferences>
<verbose>true</verbose>
</preferences>
<filters>
<Criteria field="name" operator="CONTAINS">My Web Application</Criteria>
</filters>
</ServiceRequest>
XML response:
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/webapp.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<hasMoreRecords>false</hasMoreRecords>
<data>
<WebApp>
<id>6620298</id>
<name>
<![CDATA[My Web Application]]>
</name>
<url>
<![CDATA[http://www.example.com]]>
</url>
<owner>
<id>1056860</id>
</owner>
<tags>
<count>1</count>
<list>
<Tag>
<id>9029017</id>
<name>
<![CDATA[TagWebapp1]]>
</name>
</Tag>
</list>
</tags>
<createdDate>2017-12-15T16:13:06Z</createdDate>
<updatedDate>2018-11-19T04:38:08Z</updatedDate>
</WebApp>
</data>
</ServiceResponse>
Sample - Search custom attributes Sample - Search custom attributes
Search custom attributes using the field attribute for the Criteria element.
API request:
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary @- "https://qualysapi.qualys.com/qps/rest/3.0/search/was/webapp" < file.xml
Note: “file.xml” contains the request POST data. Find web applications that have a custom attribute name “Function,” and this attribute has a value that contains “web” (case insensitive search).
Request POST data:
<ServiceRequest>
<filters>
<Criteria field="attributes" name="Function" operator="CONTAINS">web</Criteria>
</filters>
</ServiceRequest>
Find web applications that have a custom attribute name “Function,” and this attribute has a value that is equal to “web”.
Request POST data (EQUALS):
<ServiceRequest>
<filters>
<Criteria field="attributes" name="Function" operator="EQUALS">web</Criteria>
</filters>
</ServiceRequest>
Find web applications that have a custom attribute name “Function,” and this attribute has a value not equal to “web.”
Request POST data (NOT EQUALS):
<ServiceRequest>
<filters>
<Criteria field="attributes" name="Function" operator="NOT EQUALS">web</Criteria>
</filters>
</ServiceRequest>
Sample - List all web applications in the user accountSample - List all web applications in the user account
This example shows the list of all web applications in the user account with the TruRisk Score.
API Request:
curl -u "USERNAME:PASSWORD" -H "content-type:text/xml" "<qualys_base_url>/qps/rest/3.0/search/was/webapp"
API Request Body:
<ServiceRequest>
<preferences>
<verbose>true</verbose>
</preferences>
<filters>
<Criteria field="id" operator="EQUALS">39725230</Criteria>
</filters>
</ServiceRequest>
Response:
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="
<qualys_base_url>/qps/xsd/3.0/was/webapp.x
sd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<hasMoreRecords>false</hasMoreRecords>
<data>
<WebApp>
<id>39725230</id>
<name>
<![CDATA[API_My Web Application Create111]]>
</name>
<url>
<![CDATA[http://mywebapp.com/]]>
</url>
<riskScore>0</riskScore>
<owner>
<id>895299984</id>
</owner>
<tags>
<count>1</count>
<list>
<Tag>
<id>133578207</id>
<name>
<![CDATA[Test Tag]]>
</name>
</Tag>
</list>
</tags>
<createdDate>2023-08-11T05:43:52Z</createdDate>
<updatedDate>2023-12-20T09:45:31Z</updatedDate>
</WebApp>
</data>
</ServiceResponse>
XSD
<platform API server>/qps/xsd/3.0/was/webapp.xsd