Secure Code Warrior API API Reference

This Secure Code Warrior API provides programmatic access to company data.

Authentication

API access is disabled by default. Generate a new key from the Company Administration > [Edit Company] section.

The API key can be passed in as either a header field in X-API-Key (recommended) or a query parameter. Please see the example calls using curl for an illustration.

SCW API Endpoints

API Center: https://portal-api.eu.securecodewarrior.com/api/v1

Example call using curl

curl -X GET "https://portal-api.eu.securecodewarrior.com/api/v1/training/developer-leaderboard?report_period=7" -H "accept: application/json" -H "X-API-Key: d5b9ce1761f7da46799307494a806dc58dfd79f85e84552cf21a5a86eaa49548"

Request Content-Types: application/json
Response Content-Types: application/json
Version: 1.0.0

Authentication

APITokenFromHeader

(RECOMMENDED) API access is disabled by default. Generate a new key from the Company Administration > [Edit Company] section.

type
apiKey
in
header
name
X-API-Key

APITokenFromQueryString

API access is disabled by default. Generate a new key from the Company Administration > [Edit Company] section.

type
apiKey
in
query
name
api_key

Training

Authorized Keys: Report API key

GET /training/developer-leaderboard

This endpoint returns a list of all developers within the organisation, with their current stats as well as the change in stats over the report period (which may be 1, 7 or 30 days).

report_period: integer 1, 7, 30
in query

The number of days over which to view the changes in statistics

Returns an array of leaderboard entries

400 Bad Request

Bad request.

Response Example (200 OK)
{
  "report_period_in_days": 7,
  "leaderboard": [
    {
      "rank": 1,
      "developer": {
        "name": "Code Warrior",
        "email": "user@securecodewarrior.com",
        "member_since": "2018-01-01T04:57:47.715Z",
        "last_logged_in": "2018-01-01T04:57:47.715Z",
        "status": "enabled",
        "company": "Secure Code Warrior",
        "team": "Team Awesome",
        "tags": [
          "Syd branch"
        ],
        "roles": [
          "developer"
        ]
      },
      "overall_stats_over_report_period": {
        "installed_sensei": true,
        "used_sensei": true,
        "points_gained": 25,
        "accuracy_change": 21,
        "confidence_level_change": 28,
        "minutes_spent": 52,
        "challenges_correct": 32,
        "challenges_incorrect": 0
      },
      "challenges": [
        {
          "language": "Java Spring",
          "challenges_completed": 32,
          "total_challenges": 32,
          "progress": 100,
          "security_maturity": "Security Champion",
          "points": 120,
          "accuracy": 100,
          "confidence_level": 100,
          "minutes_spent": 52,
          "stats_over_report_period": {
            "points_gained": 25,
            "accuracy_change": 21,
            "confidence_level_change": 28,
            "minutes_spent": 52,
            "challenges_correct": 32,
            "challenges_incorrect": 0
          }
        }
      ],
      "challenges_summary": {
        "challenges_completed": 32,
        "total_challenges": 32,
        "progress": 100,
        "security_maturity": "Security Champion",
        "points": 6200,
        "accuracy": 100,
        "confidence_level": 100,
        "minutes_spent": 72
      }
    }
  ]
}

GET /training/developers-progress

This endpoint returns the training progress of all developers within the organisation, with current realm, level and quest progress.

Returns an array of developer progress entries

Response Example (200 OK)
{
  "developers": [
    {
      "developer": {
        "name": "Code Warrior",
        "email": "user@securecodewarrior.com",
        "member_since": "2018-01-01T04:57:47.715Z",
        "last_logged_in": "2018-01-01T04:57:47.715Z",
        "status": "enabled",
        "company": "Secure Code Warrior",
        "team": "Team Awesome",
        "tags": [
          "Syd branch"
        ],
        "roles": [
          "developer"
        ]
      },
      "languages": [
        {
          "name": "Java Spring",
          "language_progress": 100,
          "realms": [
            {
              "name": "Defend Your Code",
              "realm_progress": 100,
              "levels": [
                {
                  "name": "Most Critical Weaknesses",
                  "level_progress": 100,
                  "quests": [
                    {
                      "name": "SQL Injection",
                      "quest_progress": 100
                    }
                  ]
                }
              ]
            }
          ]
        }
      ]
    }
  ]
}

GET /training/developers-activity

This endpoint returns the detailed challenge log of all developers within the organisation, with challenge score, difficulty and challenge outcome of the developer.

Returns an array of developer challenge log entries

Response Example (200 OK)
{
  "activities": [
    {
      "developer": {
        "name": "Code Warrior",
        "email": "user@securecodewarrior.com",
        "member_since": "2018-01-01T04:57:47.715Z",
        "last_logged_in": "2018-01-01T04:57:47.715Z",
        "status": "enabled",
        "company": "Secure Code Warrior",
        "team": "Team Awesome",
        "tags": [
          "Syd branch"
        ],
        "roles": [
          "developer"
        ]
      },
      "challenge": {
        "language": "Java Spring",
        "realm": "Defend Your Code",
        "level": "Most Critical Weaknesses",
        "quest": "SQL Injection",
        "category": "Injection Flaws",
        "subcategory": "SQL Injection",
        "difficulty": "Hard",
        "started": "2018-01-17T04:57:47.715Z",
        "completed": "2018-01-18T04:57:47.715Z",
        "duration": 120,
        "status": "correct",
        "hints_used": 0,
        "score": 300,
        "max_score": 300,
        "select_vulnerability": {
          "attempt_index": 1,
          "status": "correct",
          "max_score": 100,
          "score": 100,
          "skipped": false
        },
        "locate_vulnerability": {
          "attempt_index": 1,
          "status": "correct",
          "max_score": 100,
          "score": 100
        },
        "identify_solution": {
          "attempt_index": 1,
          "status": "correct",
          "max_score": 100,
          "score": 100
        }
      }
    }
  ]
}

GET /training/team-leaderboard

This endpoint returns a list of all teams within the organisation, with their current stats as well as the change in stats over the report period (which may be 1, 7 or 30 days).

report_period: integer 1, 7, 30
in query

The number of days over which to view the changes in statistics

omitInactive: boolean
in query

When set to true, will omit all inactive accounts from results

Returns all entries for the leaderboard

400 Bad Request

Bad request.

Response Example (200 OK)
[
  {
    "report_period_in_days": 7,
    "leaderboard": [
      {
        "rank": 1,
        "name": "Team Awesome",
        "developers": 7,
        "points_average": 300,
        "points_total": 2100,
        "accuracy": 100,
        "confidence_level": 100,
        "time_spent": 100,
        "installed_sensei": 3,
        "stats_over_report_period": {
          "points_gained": 25,
          "accuracy_change": 21,
          "confidence_level_change": 28,
          "minutes_spent": 52,
          "challenges_correct": 32,
          "challenges_incorrect": 0
        }
      }
    ]
  }
]

Assessments

Authorized Keys: Report API key

GET /assessments

This endpoint will return a list of Assessment objects which contain a range of datapoints related to assessments. This includes assessment IDs, which may be used in conjunction with the other assessments API endpoints.

200 OK

Returns an array of Assessment objects

type
Response Example (200 OK)
[
  {
    "_id": "5702d346c6bf9dfe533ffa6d",
    "status": "correct",
    "name": "Junior Developer Assessment",
    "description": "This assessment is useful for onboarding new developers into the team",
    "supported_languages": [
      "[\"Java Spring\", \"Ruby Rails\"]"
    ],
    "difficulty": "medium",
    "success_ratio": 75,
    "emits_certificate": true,
    "time_limit": 3600000,
    "start_date": "2018-01-17T04:57:47.715Z",
    "end_date": "2018-01-18T04:57:47.715Z",
    "timezone": "Australia/Sydney",
    "number_of_challenges": 21,
    "self_assess": true,
    "retries_allowed": true
  }
]

GET /assessments/{assessment_id}/attempts

This endpoint returns a detailed report for all developers who have taken the Assessment with the given ID. This includes all the data in the summary report plus details on all the challenges that are a part of the assessment.

assessment_id: string
in path

The assessment ID

Returns the detailed assessment data

400 Bad Request

Bad request.

Response Example (200 OK)
[
  {
    "_id": "string",
    "_assessment": "5702d346c6bf9dfe533ffa6d",
    "developer": {
      "name": "Code Warrior",
      "email": "user@securecodewarrior.com",
      "member_since": "2018-01-01T04:57:47.715Z",
      "last_logged_in": "2018-01-01T04:57:47.715Z",
      "status": "enabled",
      "company": "Secure Code Warrior",
      "team": "Team Awesome",
      "tags": [
        "Syd branch"
      ],
      "roles": [
        "developer"
      ]
    },
    "status": "correct",
    "language": "Java Spring",
    "started": "2018-01-17T04:57:47.715Z",
    "completed": "2018-01-18T04:57:47.715Z",
    "deadline": "2018-01-19T04:57:47.715Z",
    "score": 100,
    "completed_in": "2 seconds",
    "passing_grade": 30,
    "pass_status": "Passed",
    "progress": {
      "correct": 25,
      "incorrect": 0,
      "number_of_challenges": 25,
      "completed": 25
    },
    "accuracy": {
      "located": 100,
      "identified": 100,
      "fixed": 100
    },
    "challenges": [
      {
        "number": 1,
        "category": "Injection Flaws",
        "subcategory": "SQL Injection",
        "difficulty": "medium",
        "codebase": "Large",
        "status": "correct",
        "max_score": 300,
        "score": 300,
        "locate": {
          "status": "correct"
        },
        "identify": {
          "status": "correct"
        },
        "fix": {
          "status": "correct"
        }
      }
    ]
  }
]

Tournaments

Authorized Keys: Report API key

GET /tournaments

This endpoint returns a list of tournaments in the company.

200 OK

Returns the tournament ids

type
Response Example (200 OK)
[
  {
    "_id": "58454294bc0cedf458849d49",
    "name": "Annual Tournament",
    "description": "Get ready for the ultimate tournament! Test your skills and win some prizes.",
    "start_time": "2018-01-17T04:57:47.715Z",
    "end_time": "2018-01-21T04:57:47.715Z",
    "timezone": "Australia/Sydney"
  }
]

GET /tournaments/{tournament_id}/leaderboard

This endpoint returns the leaderboard for a single tournament. This includes all levels, challenges and stages that the developer participated in, with detailed metrics of each.

tournament_id: string
in path

The tournament ID

Returns the detailed tournament data

400 Bad Request

Bad request.

Response Example (200 OK)
[
  {
    "rank": 1,
    "developer": {
      "name": "Code Warrior",
      "email": "user@securecodewarrior.com",
      "member_since": "2018-01-01T04:57:47.715Z",
      "last_logged_in": "2018-01-01T04:57:47.715Z",
      "status": "enabled",
      "company": "Secure Code Warrior",
      "team": "Team Awesome",
      "tags": [
        "Syd branch"
      ],
      "roles": [
        "developer"
      ]
    },
    "blocked": false,
    "minutes_spent": 45,
    "language": "Java Spring",
    "max_points": 4000,
    "points": 3500,
    "hints_used": 25,
    "lives_lost": 10,
    "levels": [
      {
        "name": "Level 1",
        "challenges": [
          {
            "number": 1,
            "category": "Injection Flaws",
            "subcategory": "SQL Injection",
            "difficulty": "hard",
            "status": "correct",
            "max_points": 350,
            "points": 320,
            "codebase_size": "large",
            "minutes_spent": 3,
            "stages": [
              {
                "number": 1,
                "name": "Locate Vulnerability",
                "status": "correct",
                "points": 320,
                "max_points": 350,
                "minutes_spent": 3,
                "lives_lost": 1,
                "hints_used": 0
              }
            ]
          }
        ]
      }
    ]
  }
]

URL fetcher

Authorized Keys: Report API key

GET /url-fetcher/course

JSON containing course URL

language_framework: string (up to 32 chars)
in query

Name of language and framework in the format of "Java::Spring"

course: string (up to 64 chars)
in query

Name of course

module: string (up to 64 chars)
in query

Name of course module

redirect: boolean
in query

Redirects user to the return URL

200 OK

Returns a course URL

302 Found

Redirect straight to course URL

Response Example (200 OK)
{
  "url": "https://portal.securecodewarrior.com/#/game/013/play/java/spring/realm/training_ground/level/common_weaknesses"
}

Schema Definitions

Tournament: object

_id: string

The ID of the tournament

name: string

The name of the tournament

description: string

The tournament description

start_time: string (dateTime)

The time the tournament starts

end_time: string (dateTime)

The time the tournament ends

timezone: string

The timezone that the tournament is being held in

Example
{
  "_id": "58454294bc0cedf458849d49",
  "name": "Annual Tournament",
  "description": "Get ready for the ultimate tournament! Test your skills and win some prizes.",
  "start_time": "2018-01-17T04:57:47.715Z",
  "end_time": "2018-01-21T04:57:47.715Z",
  "timezone": "Australia/Sydney"
}

TournamentParticipant: object

rank: integer

The final position of the participant within the tournament

developer: Developer
blocked: boolean

Whether this participant was blocked from the tournnament

minutes_spent: integer

How long the developer spent answering (in minutes)

language: string

The language/framework the the participant used

max_points: integer

The maximum amount of points available in the tournament

points: integer

The amount of points the participant gained

hints_used: integer

Number of hints the participant used

lives_lost: integer

The number of lives the participant lost during the tournament

levels: Level

The levels of the challenge

Level
Example
{
  "rank": 1,
  "developer": {
    "name": "Code Warrior",
    "email": "user@securecodewarrior.com",
    "member_since": "2018-01-01T04:57:47.715Z",
    "last_logged_in": "2018-01-01T04:57:47.715Z",
    "status": "enabled",
    "company": "Secure Code Warrior",
    "team": "Team Awesome",
    "tags": [
      "Syd branch"
    ],
    "roles": [
      "developer"
    ]
  },
  "blocked": false,
  "minutes_spent": 45,
  "language": "Java Spring",
  "max_points": 4000,
  "points": 3500,
  "hints_used": 25,
  "lives_lost": 10,
  "levels": [
    {
      "name": "Level 1",
      "challenges": [
        {
          "number": 1,
          "category": "Injection Flaws",
          "subcategory": "SQL Injection",
          "difficulty": "hard",
          "status": "correct",
          "max_points": 350,
          "points": 320,
          "codebase_size": "large",
          "minutes_spent": 3,
          "stages": [
            {
              "number": 1,
              "name": "Locate Vulnerability",
              "status": "correct",
              "points": 320,
              "max_points": 350,
              "minutes_spent": 3,
              "lives_lost": 1,
              "hints_used": 0
            }
          ]
        }
      ]
    }
  ]
}

Level: object

name: string

The level name

challenges: object[]
object
number: integer

The challenge number (starts at 1)

category: string

The challenge category

subcategory: string

The challenge subcategory

difficulty: string easy, medium, hard
status: Status
max_points: integer

The maximum points available for this challenge

points: integer

The points obtained for this challenge

codebase_size: string small, large
minutes_spent: integer

How long the developer spent answering (in minutes)

stages: Stage
Stage
Example
{
  "name": "Level 1",
  "challenges": [
    {
      "number": 1,
      "category": "Injection Flaws",
      "subcategory": "SQL Injection",
      "difficulty": "hard",
      "status": "correct",
      "max_points": 350,
      "points": 320,
      "codebase_size": "large",
      "minutes_spent": 3,
      "stages": [
        {
          "number": 1,
          "name": "Locate Vulnerability",
          "status": "correct",
          "points": 320,
          "max_points": 350,
          "minutes_spent": 3,
          "lives_lost": 1,
          "hints_used": 0
        }
      ]
    }
  ]
}

Stage: object

number: integer

The stage number

name: string

The name of the stage

status: string correct, incorrect, pending

The status of the attempt at this stage

points: integer

Points gained on this stage

max_points: integer

Maximum points available on this stage

minutes_spent: integer

How long the developer spent answering (in minutes)

lives_lost: integer

The number of lives lost on this stage

hints_used: integer

The number of hints used on this stage

Example
{
  "number": 1,
  "name": "Locate Vulnerability",
  "status": "correct",
  "points": 320,
  "max_points": 350,
  "minutes_spent": 3,
  "lives_lost": 1,
  "hints_used": 0
}

Assessment: object

_id: string

The assessment ID

status: string correct, incorrect, done

The status of the assessment

name: string

The name of the assessment

description: string

The assessment description

supported_languages: string[]

List of languages/frameworks available for the assessment

string
difficulty: string easy, medium, hard

The difficulty of the assessment

success_ratio: integer

The percentage required to pass the assessment

emits_certificate: boolean

Is the assessment linked to a certificate?

time_limit: integer

The time limit of the assessment in milliseconds. null = no time limit

start_date: string (dateTime)

The date the assessment starts

end_date: string (dateTime)

The date the assessment ends

timezone: string

The timezone of the assessment

number_of_challenges: integer

The number of challenges in the assessment

self_assess: boolean

Is assessment a public assessment?

retries_allowed: boolean

Are retries allowed for this assessment?

Example
{
  "_id": "5702d346c6bf9dfe533ffa6d",
  "status": "correct",
  "name": "Junior Developer Assessment",
  "description": "This assessment is useful for onboarding new developers into the team",
  "supported_languages": [
    "[\"Java Spring\", \"Ruby Rails\"]"
  ],
  "difficulty": "medium",
  "success_ratio": 75,
  "emits_certificate": true,
  "time_limit": 3600000,
  "start_date": "2018-01-17T04:57:47.715Z",
  "end_date": "2018-01-18T04:57:47.715Z",
  "timezone": "Australia/Sydney",
  "number_of_challenges": 21,
  "self_assess": true,
  "retries_allowed": true
}

AccuracyStats: object

Accuracy statistics in percentages. A pair is returned. Either located/fixed or identified/fixed

located: integer

The % of vulnerabilities located

identified: integer

The % of vulnerabilities identified

fixed: integer

The % of vulnerabilities fixed

Example
{
  "located": 100,
  "identified": 100,
  "fixed": 100
}

AssessmentAttempt: object

_id: string

The assessment attempt ID

_assessment: string

The assessment it belongs to

developer: Developer
status: Status
language: string

The language/framework of the assessment. null = language/framework not selected for assessment supporting more than one language

started: string (dateTime)

The date/time that the assessment was started

completed: string (dateTime)

The date/time that the assessment was completed

deadline: string (dateTime)

The date/time of the assessment deadline. If an assessment does not have a time limit, deadline will be null

score: integer

Assessment score in %

completed_in: string

The amount of time taken to complete the assessment attempt

passing_grade: integer

The percentage required to pass the assessment

pass_status: string

The pass status of the assessment

progress: object

Details of the assessment attempt

correct: integer

The number of correct challenges

incorrect: integer

The number of incorrect challenges

number_of_challenges: integer

The total number of challenges

completed: integer

The number of challenges completed

accuracy:

The accuracy of locating/identifying/fixing the vulnerabilities

challenges: Challenge
Challenge
Example
{
  "_id": "string",
  "_assessment": "5702d346c6bf9dfe533ffa6d",
  "developer": {
    "name": "Code Warrior",
    "email": "user@securecodewarrior.com",
    "member_since": "2018-01-01T04:57:47.715Z",
    "last_logged_in": "2018-01-01T04:57:47.715Z",
    "status": "enabled",
    "company": "Secure Code Warrior",
    "team": "Team Awesome",
    "tags": [
      "Syd branch"
    ],
    "roles": [
      "developer"
    ]
  },
  "status": "correct",
  "language": "Java Spring",
  "started": "2018-01-17T04:57:47.715Z",
  "completed": "2018-01-18T04:57:47.715Z",
  "deadline": "2018-01-19T04:57:47.715Z",
  "score": 100,
  "completed_in": "2 seconds",
  "passing_grade": 30,
  "pass_status": "Passed",
  "progress": {
    "correct": 25,
    "incorrect": 0,
    "number_of_challenges": 25,
    "completed": 25
  },
  "accuracy": {
    "located": 100,
    "identified": 100,
    "fixed": 100
  },
  "challenges": [
    {
      "number": 1,
      "category": "Injection Flaws",
      "subcategory": "SQL Injection",
      "difficulty": "medium",
      "codebase": "Large",
      "status": "correct",
      "max_score": 300,
      "score": 300,
      "locate": {
        "status": "correct"
      },
      "identify": {
        "status": "correct"
      },
      "fix": {
        "status": "correct"
      }
    }
  ]
}

Status: string

Indicates the status of a challenge/assessment which may be pending, in progress, done or 'out of reach'

string pending, in_progress, done, out_of_reach, skipped, correct, incorrect

Challenge: object

A challenge object represents all the data relevent to a given type of challenge. The locate and identify fields are mutually exclusive thus only one will be returned based on the type of challenge. Empty array of challenges occurs when the language for the assessment attempt has yet to be selected

number: integer

The challenge number (starts at 1)

category: string

The challenge category

subcategory: string

The challenge subcategory

difficulty: string easy, medium, hard
codebase: string

Codebase of the challenge

status: Status
max_score: integer

The maximum score available for this challenge

score: integer

The score obtained for this challenge

locate: object

The statistics associated with the "locating vulnerabilities" stage

status: string correct, incorrect

The current status of the stage

identify: object

The statistics associated with the "identifying vulnerabilities" stage

status: string correct, incorrect

The current status of the stage

fix: object

The statistics associated with the "fixing vulnerabilities" stage

status: string correct, incorrect

The current status of the stage

Example
{
  "number": 1,
  "category": "Injection Flaws",
  "subcategory": "SQL Injection",
  "difficulty": "medium",
  "codebase": "Large",
  "status": "correct",
  "max_score": 300,
  "score": 300,
  "locate": {
    "status": "correct"
  },
  "identify": {
    "status": "correct"
  },
  "fix": {
    "status": "correct"
  }
}

TeamLeaderboard: object

The team leaderboard contains all the team leaderboard entries valid during the given reporting period

report_period_in_days: integer 1, 7, 30

The number of days into the past to report on

leaderboard: TeamLeaderboardEntry
TeamLeaderboardEntry
Example
{
  "report_period_in_days": 7,
  "leaderboard": [
    {
      "rank": 1,
      "name": "Team Awesome",
      "developers": 7,
      "points_average": 300,
      "points_total": 2100,
      "accuracy": 100,
      "confidence_level": 100,
      "time_spent": 100,
      "installed_sensei": 3,
      "stats_over_report_period": {
        "points_gained": 25,
        "accuracy_change": 21,
        "confidence_level_change": 28,
        "minutes_spent": 52,
        "challenges_correct": 32,
        "challenges_incorrect": 0
      }
    }
  ]
}

TeamLeaderboardEntry: object

An entry in the team leaderboard

rank: integer

The team's rank on the leaderboard.

name: string

The name of the team

developers: integer

The number of developers on the team

points_average: integer

The team's average points

points_total: integer

The team's total points

accuracy: integer

The team's accuracy (in %)

confidence_level: integer

The team's confidence level (in %)

time_spent: integer

The total minutes spent by the team on challenges

installed_sensei: integer

The number of developers in the team that have installed sensei

stats_over_report_period: StatsOverReportPeriod
Example
{
  "rank": 1,
  "name": "Team Awesome",
  "developers": 7,
  "points_average": 300,
  "points_total": 2100,
  "accuracy": 100,
  "confidence_level": 100,
  "time_spent": 100,
  "installed_sensei": 3,
  "stats_over_report_period": {
    "points_gained": 25,
    "accuracy_change": 21,
    "confidence_level_change": 28,
    "minutes_spent": 52,
    "challenges_correct": 32,
    "challenges_incorrect": 0
  }
}

StatsOverReportPeriod: object

The statistics computed for the given report period

points_gained: integer

The number of points the developer has gained

accuracy_change: integer

The change in accuracy over the reporting period

confidence_level_change: integer

The change in confidence level over the reporting period

minutes_spent: integer

The minutes spent by the team on challenges

challenges_correct: integer

The number of correct challenges

challenges_incorrect: integer

The number of incorrect challenges

Example
{
  "points_gained": 25,
  "accuracy_change": 21,
  "confidence_level_change": 28,
  "minutes_spent": 52,
  "challenges_correct": 32,
  "challenges_incorrect": 0
}

Developer: object

Information about an individual developer

name: string

The name of the developer (first + middle + surname)

email: string

The developers email address

member_since: string (dateTime)

The date the developer became a member

last_logged_in: string (dateTime)

The date the developer last logged in

status: string

The current status of the developer account

company: string

The company name that the developer is a part of

team: string

The team name that the developer is a part of

tags: string[]

The tags associated with this developer

string
roles: string[] user, developer, team manager, company admin

The roles that this developer has

string
Example
{
  "name": "Code Warrior",
  "email": "user@securecodewarrior.com",
  "member_since": "2018-01-01T04:57:47.715Z",
  "last_logged_in": "2018-01-01T04:57:47.715Z",
  "status": "enabled",
  "company": "Secure Code Warrior",
  "team": "Team Awesome",
  "tags": [
    "Syd branch"
  ],
  "roles": [
    "developer"
  ]
}

DeveloperLeaderboardEntry: object

This object represents an entry in the developer leaderboard

rank: integer

The developer's rank on the leaderboard

developer: Developer
overall_stats_over_report_period:

The statistics computed overall for the given report period

challenges: object[]

The challenges that have been attempted

object
language: string

The language/framework the the challenge relates to

challenges_completed: integer

The number of challenges completed

total_challenges: integer

The total number of challenges available

progress: integer

The % progress made through the challenge

security_maturity: string Beginner, Security Aware, Security Skilled, Security Champion

The security maturity level of the developer

points: integer

The points gained on this challenge

accuracy: integer

How accurate the developer was in answering (in %)

confidence_level: integer

How confident the developer was in answering (in %)

minutes_spent: integer

How long the developer spent answering (in minutes)

stats_over_report_period: StatsOverReportPeriod
challenges_summary: object

Summary data for the challenges

challenges_completed: integer

The number of challenges completed

total_challenges: integer

The total number of challenges available

progress: integer

The amount of progress the developer has made (in %)

security_maturity: string Beginner, Security Aware, Security Skilled, Security Champion

The security maturity level of the developer

points: integer

The total points gained in the challenges

accuracy: integer

How accurate the developer was overall in answering the challenges (in %)

confidence_level: integer

How confident the developer was in answering the challenges (in %)

minutes_spent: integer

How long the developer spent answering (in minutes)

Example
{
  "rank": 1,
  "developer": {
    "name": "Code Warrior",
    "email": "user@securecodewarrior.com",
    "member_since": "2018-01-01T04:57:47.715Z",
    "last_logged_in": "2018-01-01T04:57:47.715Z",
    "status": "enabled",
    "company": "Secure Code Warrior",
    "team": "Team Awesome",
    "tags": [
      "Syd branch"
    ],
    "roles": [
      "developer"
    ]
  },
  "overall_stats_over_report_period": {
    "installed_sensei": true,
    "used_sensei": true,
    "points_gained": 25,
    "accuracy_change": 21,
    "confidence_level_change": 28,
    "minutes_spent": 52,
    "challenges_correct": 32,
    "challenges_incorrect": 0
  },
  "challenges": [
    {
      "language": "Java Spring",
      "challenges_completed": 32,
      "total_challenges": 32,
      "progress": 100,
      "security_maturity": "Security Champion",
      "points": 120,
      "accuracy": 100,
      "confidence_level": 100,
      "minutes_spent": 52,
      "stats_over_report_period": {
        "points_gained": 25,
        "accuracy_change": 21,
        "confidence_level_change": 28,
        "minutes_spent": 52,
        "challenges_correct": 32,
        "challenges_incorrect": 0
      }
    }
  ],
  "challenges_summary": {
    "challenges_completed": 32,
    "total_challenges": 32,
    "progress": 100,
    "security_maturity": "Security Champion",
    "points": 6200,
    "accuracy": 100,
    "confidence_level": 100,
    "minutes_spent": 72
  }
}

DeveloperLeaderboard: object

The developer leaderboard contains all the developer leaderboard entries valid during the given reporting period

report_period_in_days: integer 1, 7, 30

The number of days into the past to report on

leaderboard: DeveloperLeaderboardEntry

The leaderboard entries

DeveloperLeaderboardEntry
Example
{
  "report_period_in_days": 7,
  "leaderboard": [
    {
      "rank": 1,
      "developer": {
        "name": "Code Warrior",
        "email": "user@securecodewarrior.com",
        "member_since": "2018-01-01T04:57:47.715Z",
        "last_logged_in": "2018-01-01T04:57:47.715Z",
        "status": "enabled",
        "company": "Secure Code Warrior",
        "team": "Team Awesome",
        "tags": [
          "Syd branch"
        ],
        "roles": [
          "developer"
        ]
      },
      "overall_stats_over_report_period": {
        "installed_sensei": true,
        "used_sensei": true,
        "points_gained": 25,
        "accuracy_change": 21,
        "confidence_level_change": 28,
        "minutes_spent": 52,
        "challenges_correct": 32,
        "challenges_incorrect": 0
      },
      "challenges": [
        {
          "language": "Java Spring",
          "challenges_completed": 32,
          "total_challenges": 32,
          "progress": 100,
          "security_maturity": "Security Champion",
          "points": 120,
          "accuracy": 100,
          "confidence_level": 100,
          "minutes_spent": 52,
          "stats_over_report_period": {
            "points_gained": 25,
            "accuracy_change": 21,
            "confidence_level_change": 28,
            "minutes_spent": 52,
            "challenges_correct": 32,
            "challenges_incorrect": 0
          }
        }
      ],
      "challenges_summary": {
        "challenges_completed": 32,
        "total_challenges": 32,
        "progress": 100,
        "security_maturity": "Security Champion",
        "points": 6200,
        "accuracy": 100,
        "confidence_level": 100,
        "minutes_spent": 72
      }
    }
  ]
}

DevelopersProgress: object

This contains the progress of each developer on each of languages, realms, levels, and quests

developers: DeveloperProgressEntry

List of developers who have made an attempt at training

DeveloperProgressEntry
Example
{
  "developers": [
    {
      "developer": {
        "name": "Code Warrior",
        "email": "user@securecodewarrior.com",
        "member_since": "2018-01-01T04:57:47.715Z",
        "last_logged_in": "2018-01-01T04:57:47.715Z",
        "status": "enabled",
        "company": "Secure Code Warrior",
        "team": "Team Awesome",
        "tags": [
          "Syd branch"
        ],
        "roles": [
          "developer"
        ]
      },
      "languages": [
        {
          "name": "Java Spring",
          "language_progress": 100,
          "realms": [
            {
              "name": "Defend Your Code",
              "realm_progress": 100,
              "levels": [
                {
                  "name": "Most Critical Weaknesses",
                  "level_progress": 100,
                  "quests": [
                    {
                      "name": "SQL Injection",
                      "quest_progress": 100
                    }
                  ]
                }
              ]
            }
          ]
        }
      ]
    }
  ]
}

DeveloperProgressEntry: object

This entry represents an object in the developers training progress containing information the developer and the progress of their attempts in training mode

developer: Developer
languages: TrainingProgressEntry

List of languages attempted by the developer on training mode

TrainingProgressEntry
Example
{
  "developer": {
    "name": "Code Warrior",
    "email": "user@securecodewarrior.com",
    "member_since": "2018-01-01T04:57:47.715Z",
    "last_logged_in": "2018-01-01T04:57:47.715Z",
    "status": "enabled",
    "company": "Secure Code Warrior",
    "team": "Team Awesome",
    "tags": [
      "Syd branch"
    ],
    "roles": [
      "developer"
    ]
  },
  "languages": [
    {
      "name": "Java Spring",
      "language_progress": 100,
      "realms": [
        {
          "name": "Defend Your Code",
          "realm_progress": 100,
          "levels": [
            {
              "name": "Most Critical Weaknesses",
              "level_progress": 100,
              "quests": [
                {
                  "name": "SQL Injection",
                  "quest_progress": 100
                }
              ]
            }
          ]
        }
      ]
    }
  ]
}

TrainingProgressEntry: object

Entry with progress of completion on languages and list of realms

name: string

Name of language framework

language_progress: integer

Percentage of the language completed

realms: object[]

List of realms for each language

object
name: string

Name of realm

realm_progress: integer

Percentage of the realm completed

levels: object[]

List of levels for each realm

object
name: string

Name of level

level_progress: integer

Percentage of the level completed

quests: object[]

List of quests for each level

object
name: string

Name of quest

quest_progress: integer

percentage of quest completed

Example
{
  "name": "Java Spring",
  "language_progress": 100,
  "realms": [
    {
      "name": "Defend Your Code",
      "realm_progress": 100,
      "levels": [
        {
          "name": "Most Critical Weaknesses",
          "level_progress": 100,
          "quests": [
            {
              "name": "SQL Injection",
              "quest_progress": 100
            }
          ]
        }
      ]
    }
  ]
}

DevelopersActivity: object

Detailed log of challenges for a given time period

activities: ActivityEntry

List of developers containing with list of languages containing challenge attempts

ActivityEntry
Example
{
  "activities": [
    {
      "developer": {
        "name": "Code Warrior",
        "email": "user@securecodewarrior.com",
        "member_since": "2018-01-01T04:57:47.715Z",
        "last_logged_in": "2018-01-01T04:57:47.715Z",
        "status": "enabled",
        "company": "Secure Code Warrior",
        "team": "Team Awesome",
        "tags": [
          "Syd branch"
        ],
        "roles": [
          "developer"
        ]
      },
      "challenge": {
        "language": "Java Spring",
        "realm": "Defend Your Code",
        "level": "Most Critical Weaknesses",
        "quest": "SQL Injection",
        "category": "Injection Flaws",
        "subcategory": "SQL Injection",
        "difficulty": "Hard",
        "started": "2018-01-17T04:57:47.715Z",
        "completed": "2018-01-18T04:57:47.715Z",
        "duration": 120,
        "status": "correct",
        "hints_used": 0,
        "score": 300,
        "max_score": 300,
        "select_vulnerability": {
          "attempt_index": 1,
          "status": "correct",
          "max_score": 100,
          "score": 100,
          "skipped": false
        },
        "locate_vulnerability": {
          "attempt_index": 1,
          "status": "correct",
          "max_score": 100,
          "score": 100
        },
        "identify_solution": {
          "attempt_index": 1,
          "status": "correct",
          "max_score": 100,
          "score": 100
        }
      }
    }
  ]
}

ActivityEntry: object

This object represents the developer and their challenge attempts

developer: Developer
challenge: ChallengeAttempt
Example
{
  "developer": {
    "name": "Code Warrior",
    "email": "user@securecodewarrior.com",
    "member_since": "2018-01-01T04:57:47.715Z",
    "last_logged_in": "2018-01-01T04:57:47.715Z",
    "status": "enabled",
    "company": "Secure Code Warrior",
    "team": "Team Awesome",
    "tags": [
      "Syd branch"
    ],
    "roles": [
      "developer"
    ]
  },
  "challenge": {
    "language": "Java Spring",
    "realm": "Defend Your Code",
    "level": "Most Critical Weaknesses",
    "quest": "SQL Injection",
    "category": "Injection Flaws",
    "subcategory": "SQL Injection",
    "difficulty": "Hard",
    "started": "2018-01-17T04:57:47.715Z",
    "completed": "2018-01-18T04:57:47.715Z",
    "duration": 120,
    "status": "correct",
    "hints_used": 0,
    "score": 300,
    "max_score": 300,
    "select_vulnerability": {
      "attempt_index": 1,
      "status": "correct",
      "max_score": 100,
      "score": 100,
      "skipped": false
    },
    "locate_vulnerability": {
      "attempt_index": 1,
      "status": "correct",
      "max_score": 100,
      "score": 100
    },
    "identify_solution": {
      "attempt_index": 1,
      "status": "correct",
      "max_score": 100,
      "score": 100
    }
  }
}

ChallengeAttempt: object

Attempt made by deverloper in training mode

language: string

Name of language framework

realm: string

Name of realm

level: string

Name of level

quest: string

Name of quest

category: string

Category name of the challenge

subcategory: string

Subcategory name of the challenge

difficulty: string Easy, Medium, Hard

Level of difficulty for the challenge

started: string (dateTime)

Time challenge was started

completed: string (dateTime)

Time challenges was completed

duration: integer

Time in seconds it took for the challenge to complete

status: string correct, incorrect

Status of challenge, with incorrect status on challenge with 1 or more incorrect stages

hints_used: integer

Total number of hints from the challenge stages used by the developer

score: integer

Points acquired

max_score: string

Max points attainable for the challenge

select_vulnerability: SelectVulnerability
locate_vulnerability: LocateVulnerability
identify_solution: IdentifySolution
Example
{
  "language": "Java Spring",
  "realm": "Defend Your Code",
  "level": "Most Critical Weaknesses",
  "quest": "SQL Injection",
  "category": "Injection Flaws",
  "subcategory": "SQL Injection",
  "difficulty": "Hard",
  "started": "2018-01-17T04:57:47.715Z",
  "completed": "2018-01-18T04:57:47.715Z",
  "duration": 120,
  "status": "correct",
  "hints_used": 0,
  "score": 300,
  "max_score": 300,
  "select_vulnerability": {
    "attempt_index": 1,
    "status": "correct",
    "max_score": 100,
    "score": 100,
    "skipped": false
  },
  "locate_vulnerability": {
    "attempt_index": 1,
    "status": "correct",
    "max_score": 100,
    "score": 100
  },
  "identify_solution": {
    "attempt_index": 1,
    "status": "correct",
    "max_score": 100,
    "score": 100
  }
}

SelectVulnerability: object

Nature of challenge challenge

attempt_index: integer

Number of times the developer has attempted the stage

status: string correct, incorrect, out_of_reach

Outcome of the challenge, out_of_reach status describes a stage not yet attempted by the developer

max_score: integer

Max points attainable for selecting the vulnerability

score: integer

Points acquired for selecting the vulnerability

skipped: boolean

When set to true, stage has been skipped. If status is false, stage was completed or has yet to be attempted

Example
{
  "attempt_index": 1,
  "status": "correct",
  "max_score": 100,
  "score": 100,
  "skipped": false
}

LocateVulnerability: object

Nature of challenge challenge

attempt_index: integer

Number of times the developer has attempted the stage

status: string correct, incorrect, out_of_reach

Outcome of the challenge

max_score: integer

Max points attainable for locating the vulnerability

score: integer

Points acquired for locating the vulnerability

Example
{
  "attempt_index": 1,
  "status": "correct",
  "max_score": 100,
  "score": 100
}

IdentifySolution: object

Nature of challenge challenge

attempt_index: integer

Number of times the developer has attempted the stage

status: string correct, incorrect, out_of_reach

Outcome of the challenge

max_score: integer

Max points attainable for identifying the solution

score: integer

Points acquired for identifying the solution

Example
{
  "attempt_index": 1,
  "status": "correct",
  "max_score": 100,
  "score": 100
}

CourseURL: object

URL to training courses

url: string

URL to course

Example
{
  "url": "https://portal.securecodewarrior.com/#/game/013/play/java/spring/realm/training_ground/level/common_weaknesses"
}