Skip to content

papi (2)

Panorays Public API

Download OpenAPI description
swagger.json
swagger.yaml
Overview
Support
support@panorays.com
Languages
Servers
Mock server
https://panorays-papi-v2-documentation.redocly.app/_mock/swagger
https://api.panoraysapp.com

Supplier

Use these routes to access and update your suppliers.

Operations

Segment

Operations

Posture

Operations

Portfolio

Operations

Asset

Operations

Finding

Operations

RemediationTasks

Operations

BusinessInformation

Operations

File

Operations

Questionnaire

Operations

RiskInsights

Operations

BusinessSnapshot

Operations

Relationship

Operations

Licenses

Operations

Templates

Operations

Activity Center

Operations

Tags

Tag actions (Create, Delete, Get, Update) apply to company tags only. Tags can’t be updated via the supplier endpoint, as they may link to multiple suppliers. When a company tag is updated/deleted, all associated suppliers are automatically updated — no separate supplier update is needed.

Operations

Factors

Operations

CyberNewsArticles

Operations

DarkWebMentions

Operations

ReEvaluation

Operations

Webhooks Intro

The hook api provides a simple way of registering to events that happen with your suppliers

Getting Started

The following steps will walk you through the process of registering and reacting to webhooks.

  1. Register an API token

If you don’t already have an API token, you can generate one through Panorays platform or contact Panorays Support at support@panorays.com.

  1. Register your app

Before you can start receiving events, register your application with Panorays using the Handshake API call.

  1. Subscribe to relevant events

You will only receive event calls for events you subscribe to using the Subscribe API call.
Note: You can unsubscribe at any time using the Unsubscribe API call.

  1. Start receiving events

You're done! From now on, you will receive notifications for every event you subscribed to.

To learn how to secure your app and ensure you handle events only from Panorays, read about Verifying requests.

Verify Requests

Panorays signs every request with a secret that's unique to your service account, using this secret you can verify that the incoming request arrived from Panorays servers.

Handshake

Operations

Handshake

Request

Before being able to register and receive events, a server should be registered and verified. A “Verification Handshake” will happen which will verify SSL certificate and send a POST with a body of { challenge: <hash> } to the server given. The response to the POST message should contain the given challenge hash and status 200. The verification handshake process should only happen once and will be done during the onboarding of the API by Panorays.

Security
bearer
Bodyapplication/jsonrequired
urlstringrequired
curl -i -X POST \
  https://panorays-papi-v2-documentation.redocly.app/_mock/swagger/v2/hooks/handshake \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "url": "string"
  }'

Responses

url registered, secret generated

Bodyapplication/json
secretstringrequired
Response
application/json
{
  "secret": "string"
}

Subscription

Operations