Summary
The Content Security Policy (CSP) endpoint allows you to view a list of configured CSPs or view an individual CSP for a specific site.
List CSPs for One Site
Returns a list of all CSPs configured for one site with the specified prefix.
Endpoint
GET /content-security-policies?prefix=[:prefix]
Required Parameters
Name |
Type |
Description |
Options/Constraints |
prefix |
string |
Unique site identifier. Returns each CSP and version associated with a site. |
Alphanumeric characters only. |
Example
curl -X GET "https://api.bluetriangletech.com/content-security-policies?prefix=demo" \
-H "X-API-Email: email@company.com" \
-H "X-API-Key: 2831ac6dffec75a48fe712345e000481" \
-H "Content-Type: application/json" \
View CSP by ID
Returns the CSP with the specified ID.
Endpoint
GET /content-security-policies?id=[:id]
Required Parameters
Name |
Type |
Description |
Options/Constraints |
id
|
integer |
ID of the CSP being retrieved. If id is the only get parameter sent, all versions of the CSP with matching ids will be returned |
|
Example
curl -X GET "https://api.bluetriangletech.com/content-security-policies?id=123" \
-H "X-API-Email: email@company.com" \
-H "X-API-Key: 2831ac6dffec75a48fe712345e000481" \
-H "Content-Type: application/json" \
Example Response for Multiple CSPs
[
{
"id": "1539186539",
"name": "asdf",
"version": "1",
"metaTag": null,
"responseHeader": null
},
...]
View CSP by Version
Returns the CSP with the specified version.
Endpoint
GET /content-security-policies?version=[:version]
Required Parameters
Name |
Type |
Description |
Options/Constraints |
id
|
integer |
ID of the CSP being retrieved. If id is the only get parameter sent, all versions of the CSP with matching ids will be returned |
|
version |
string |
Version number of the CSP being retrieved. Must be accompanied with CSP id parameter. |
|
Example
curl -X GET "https://api.bluetriangletech.com/content-security-policies?id=123&version=15" \
-H "X-API-Email: email@company.com" \
-H "X-API-Key: 2831ac6dffec75a48fe712345e000481" \
-H "Content-Type: application/json" \
Example - Pull the latest version of a CSP
curl -X GET "https://api.bluetriangletech.com/content-security-policies?id=123&version=latest" \
-H "X-API-Email: email@company.com" \
-H "X-API-Key: 2831ac6dffec75a48fe712345e000481" \
-H "Content-Type: application/json" \
Example Script in Python
Below is a basic example of pulling a CSP from the API. You can also download this script including a more advanced version at the bottom of the article.
"""
Simplified example script for calling the Blue Triangle API for a Content Security Policy
Prints out the Content Security Policy for the Specified ID and Version
See the extended example in csp_api_example.py for more robust functionality
"""
import requests
import json
# Site Prefix is required for the CSP Endpoint
site_prefix = 'examplesite'
# Request Header fields available in the Blue Triangle Portal
# Under the User Menu -> View Profile page
request_headers = {
'X-API-Email': 'example@bluetriangletech.com',
'X-API-Key': 'abcd1234',
'Content-Type': 'application/json'
}
# Blue Triangle's API Endpoint for Content Security Policies
btt_endpoint_url = 'https://api.bluetriangletech.com/content-security-policies?prefix=' + site_prefix
# Issue the GET request to the Blue Triangle API
api_response = requests.request("GET", btt_endpoint_url, headers=request_headers)
csp_data_dict = json.loads(api_response.text)
# Prints each CSP Name, CSP Version, and CSP ID
for csp in csp_data_dict:
print("CSP Name: '%s', CSP Version: %s, CSP ID: %s" % (csp['name'], csp['id'], csp['version']))
# Specify a CSP ID and CSP Version to print out the Content Security Policy alone
csp_id = '12345'
csp_version = '1'
for csp in csp_data_dict:
if csp_id == csp['id'] and csp_version == csp['version']:
print(csp['responseHeader'])