GuidesMarketplaceAPI ReferenceAtlas API Reference
Guides
Switch to SecurityScorecard

Get a new score, add a company to a portfolio

Suggest Edits

Because the best way to learn is doing, we compiled a few samples that show how to use our APIs for different example use cases.
Each of these comes from a public repository you're welcome to clone and play with.

In the following example we identify the default private portfolio, and then we add a company to that portfolio.

import os
import requests
import sys

token = os.getenv('SSC_API_TOKEN')
api_url = os.getenv('API_URL', 'https://api.securityscorecard.io')

headers = {
    'Accept': 'application/json; charset=utf-8',
    'Content-Type': 'application/json',
    'Authorization': 'Token ' + token,
    'cache-control': 'no-cache',
    }

# get portfolios
url = api_url + '/portfolios'
response = requests.get(api_url + '/portfolios', headers=headers)
response.raise_for_status()

portfolios = response.json()['entries']
my_portfolio = [
    item for item in portfolios
    # My Portfolio is read_only and private
    if 'readOnly' in item and item['readOnly'] == True and item['privacy'] == 'private'
][0]

# add google.com to the portfolio
url = api_url + '/portfolios/' + my_portfolio['id'] + '/companies/google.com'
response = requests.put(url, headers=headers)
response.raise_for_status()

# get scorecards in My Portfolio
url = api_url + '/portfolios/' + my_portfolio['id'] + '/companies'
response = requests.get(url, headers=headers)
response.raise_for_status()

scorecards = response.json()['entries']

# check google.com is in the portfolio
scorecard = [
    item for item in scorecards
    if item['domain'] == 'google.com'
]
assert len(scorecard) == 1, 'scorecard not found in the portfolio'

print ('google.com score is ' + str(scorecard[0]['score']))

const axios = require('axios');

const token = process.env.SSC_API_TOKEN;
const apiUrl = process.env.API_URL || 'https://api.securityscorecard.io';

const headers = {
    'Accept': 'application/json; charset=utf-8',
    'Content-Type': 'application/json',
    'Authorization': 'Token ' + token,
    'cache-control': 'no-cache',
};

(async() => {
    try {
        // Get portfolios
        let response = await axios.get(`${apiUrl}/portfolios`, { headers });
        const portfolios = response.data.entries;
        const myPortfolio = portfolios.find(
            (item) => item.readOnly === true && item.privacy === 'private'
        );

        if (!myPortfolio) {
            throw new Error('My portfolio not found');
        }
        // Add google.com to the portfolio
        response = await axios({
            method: 'put',
            url: `${apiUrl}/portfolios/${myPortfolio.id}/companies/google.com`,
            headers
            },
        );

        // Get scorecards in My Portfolio
        response = await axios.get(
            `${apiUrl}/portfolios/${myPortfolio.id}/companies`,
            { headers }
        );
        const scorecards = response.data.entries;

        // Check google.com is in the portfolio
        const scorecard = scorecards.find((item) => item.domain === 'google.com');

        if (!scorecard) {
            throw new Error('scorecard not found in the portfolio');
        }

        console.log(`google.com score is ${scorecard.score}`);
    } catch (error) {
        console.error('Error:', error);
        process.exit(1);
    }
})();

At the end of the example we assert that the company was truly added to the default private portfolio, and print the score.

Updated about 1 month ago