SecurityScorecard

Develop on the SecurityScorecard Platform

Create unique customer experiences using our APIs, connect data sources across your technology stack, and build any app or automation you want.

Build apps

Creating an App

To create a SecurityScorecard app you only need one thing: an app manifest.

The App Manifest

This is an internet-facing json document in a permanent url, that describes your app.

Here's a basic example you can use as template:

{
  "name": "Your Application Name", // must be unique
  "description": "this is the description of your app",
  "long_description": "this is the long description of your app, visible on the details page",
  "homepage": "https://example.com/your-app/about",
  // note that if a url is relative, is resolved based on the url of this manifest
  "logo_url": "logo.png",
  "hero_images": [
     // hero image to show in the marketplace app page, 
     // typically a screenshot of animated gif showing a preview of this app in action. 
     // this can also be a youtube video to embed.
     "assets/hero.gif"
  ]
}

Note: for guidelines on how to define the copy, logo and other metadata above, see our Design Guidelines.

Once you have your manifest exposed in a public permanent url you can do a first install by calling this endpoint:

curl -X POST \
  https://api.securityscorecard.io/apps \
  -H 'content-type: application/json'
  -H 'authorization: Token <your API key>'
  --data '{"url":"https://example.com/your-app/manifest.json"}'

Congratulations!

Your app is created and will be listed in the Marketplace only for you (for the user associated to the used API key). Your app is still private, but you can invite other developers to install it using the method above.

You can also invite other teammates to install this app using an invite url. Your app invite url is simple its url in the marketplace adding /authorize at the end. For example: https://platform.securityscorecard.io/#/marketplace/cb977b47-59a9-42ac-a2ba-0185f0d981ee/authorize

Whenever any user installs your app (including yourself), SecurityScorecard will fetch your app manifest to look for any changes. This makes it seamless to publish updates. But beware some breaking changes (eg. new API scopes required) will require users to re-install your app.

Updated 2 months ago


What's Next

At this point, you can start describing your app, and testing how it looks in the marketplace, but it doesn't do much. Let's start adding some functionality.

App installation process
Accessing API in behalf of the app user
App Actions
App Signals
Design Guidelines

Creating an App


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.