1. Overview

The Quixxi REST API enables you to create app, scan app and apply shield to your application in Quixxi from apps on any platform.

The REST API Provides methods to:

  • Create Application: Create a new application on container in Quixxi portal.
  • Scan Application: Scans the apk/ipa/aab and generates the report.
  • Shield Application: Applies Quixxi Shield to your application.

2. Create Application

Create Application
URL : api/v1/application
Type : POST
Headers : DevKey: “GUID of the developer”
Content Type : application/json
Description : Creates a new application in Quixxi portal. Returns application GUID on success or Returns Error message on error.
Input Model Output Model
{
“Name” : “TestRestAPI_1”
}
“Application TestRestAPI_1 has been created successfully and your app key is XXXXXX-XXXX-XXXX-XXXX-XXXXXXXX”

3. Rest services for applying shield to app

3.1 List App Shield Configurations
List App Shield Configurations
URL : api/v1/protection/configurations?PlatformId={PlatformId}
Type : GET
Headers : AppKey: “GUID of application”
DevKey: “GUID of the developer”
ContentType:application/json
Description : Lists Shield Settings for existing application, Next API is used to save these settings for an application. These settings are saved against an app permanently. PlatformId = 1 for Android, PlatformId = 2 for iOS
Input Model Output Model
[
{
“Name”: “app.securityCompilation.android.reflection”,
“Value”: “1”,
“Title”: “Use reflection”,
“GroupTitle”: “Reverse Engineering Protection”,
“GroupDescription”: “Protects the app from reverse engineering”,
“Description”: “This option is set to OFF state by default and can be modified. If this option is ON, Quixxi Shield will use the reflection concept to replace field references and method calls. This will help increase the complexity to understand the code and its flow.”,
“IsEnabled”: true,
“Items”: null
},
{
“Name”: “app.securityCompilation.android.removeDebugLogs”,
“Value”: “1”,
“Title”: “Remove app logs”,
“GroupTitle”: “Reverse Engineering Protection”,
“GroupDescription”: “Protects the app from reverse engineering”,
“Description”: “This option is set to ON state by default and can be modified. This option applies ONLY to native apps. If this option is ON, Quixxi Shield will remove the logs used in the app that might favor hacking attempts. Logs include the output due to Log.i(), Log.d(), Log.v() and System.out.println() calls.”,
“IsEnabled”: true,
“Items”: null
}
]
3.2 Save App Shield Configurations – Runtime Protection options
Save App Shield Configurations – Runtime Protection options
URL : api/v1/protection/configurations
Type : POST
Headers : AppKey: “GUID of application”
DevKey : “GUID of the developer”
Description : Saves runtime protection Configurations for an existing application. These settings are saved against an application permanently even if the shield is not applied to the application.
Input Model Output Model
{
“platformId”:1,
“Items”:[
{“Name”:”app.securityCompilation.android.removeDebugLogs”,”Value”:1},
{“Name”:”app.securityCompilation.android.copyPasteProtection”,”Value”:1}
]}
{
“_Status”: 200,
“_ShowMessage”: true,
“_Message”: “Shield configurations saved successfully”
}
3.3 Protect App
Protect App
URL : api/v1/protection
Type : POST
Headers : AppKey: “GUID of application”
DevKey : “GUID of the developer”
Content Type : application/json
Description : Applies Quixxi shield to the app with the shield configuration saved using the previous API or applies Quixxi shield to the app with default shield configuration.
Input Model Output Model
securityFile : test.apk {
“_Status”: 200,
“_ShowMessage”: true,
“_Message”: “Compilation started…”
}
3.4 Get Progress
Get Progress
URL : api/v1/shield /status?compilationid={compilationId}
Type : GET
Headers : AppKey: “GUID of application”
DevKey : “GUID of the developer”
Content Type : application/json
Description : Gives the status / progress of shield request
Input Model Output Model
{
“_Status”: 200,
“_ShowMessage”: true,
“_Message”: “Your shield request has been completed. ”
}
3.5 Download Protected Application Package
Download Protected Application Package
URL : api/v1/protection/package
Type : GET
Headers : AppKey: “GUID of application”
DevKey : “GUID of the developer”
Content Type : application/zip
Description : Download protected application package
Input Model Output Model
Downloads the zip package.
3.6 Download Protected Application Certificate
Download Protected Application Certificate
URL : api/v1/protection/certificate?platformId={platformId}
Type : GET
Headers : AppKey: “GUID of application”
DevKey : “GUID of the developer”
Content Type : application/json
Description : Downloads protected application certificate. PlatformId = 1 for Android, PlatformId = 2 for iOS
Input Model Output Model
{
“_Status”: 200,
“_ShowMessage”: true,
“_Message”: “url to download certificate”
}

4. Rest services to scan app

4.1 Scan application
Scan application
URL : api/v1/vulnerability
Type : POST
Headers : AppKey: “GUID of application”
DevKey : “GUID of the developer”
Content Type : multipart/form-data
Description : Download protected application package
Input Model Output Model
File :File to scan {
“_Status”: 200,
“_ShowMessage”: true,
“_Message”: “Your scan request has been added Queue, Your request id is 13776. Please use this to get status about your request.”
}
4.2 Get Progress
Get Progress
URL : api/v1/scan/status?scanId={scanid}
Type : POST
Headers : AppKey: “GUID of application”
DevKey : “GUID of the developer”
Content Type : multipart/form-data
Description : Gives status / progress of the scan request. Progress starts from 10 and ends at 100. After the completion of the shield It will return “Your scan request has been completed”.
Input Model Output Model
{
“_Status”: 200,
“_ShowMessage”: true,
“_Message”: “Your scan request has been completed. ”
}
4.3 Get Last Scan Report
Get Last Scan Report
URL : api/v1/vulnerability?Platform={PlatformId}&type={ReportType}
Type : POST
Headers : AppKey: “GUID of application”
DevKey : “GUID of the developer”
Content Type : mutipart/form-data
Description : Downloads the scan report. PlaformId 1 for Android and 2 for iOS. Report type 1 for json, 2 for xml and 3 for pdf.
Input Model Output Model
“url to download the report”

1. Overview

The Quixxi REST API enables you to create app, scan app and apply shield to your application in Quixxi from apps on any platform.

The REST API Provides methods to:

  • Create Application: Create a new application on container in Quixxi portal.
  • Scan Application: Scans the apk/ipa/aab and generates the report.
  • Shield Application: Applies Quixxi Shield to your application.

2. Create Application

Create Application
URL : api/v1/application
Type : POST
Headers : DevKey: “GUID of the developer”
Content Type : application/json
Description : Creates a new application in Quixxi portal. Returns application GUID on success or Returns Error message on error.
Input Model Output Model
{
“Name” : “TestRestAPI_1”
}
“Application TestRestAPI_1 has been created successfully and your app key is XXXXXX-XXXX-XXXX-XXXX-XXXXXXXX”

3. Rest services for applying shield to app

3.1 List App Shield Configurations
List App Shield Configurations
URL : api/v1/protection/configurations?PlatformId={PlatformId}
Type : GET
Headers : AppKey: “GUID of application”
DevKey: “GUID of the developer”
ContentType:application/json
Description : Lists Shield Settings for existing application, Next API is used to save these settings for an application. These settings are saved against an app permanently. PlatformId = 1 for Android, PlatformId = 2 for iOS
Input Model Output Model
[
{
“Name”: “app.securityCompilation.android.reflection”,
“Value”: “1”,
“Title”: “Use reflection”,
“GroupTitle”: “Reverse Engineering Protection”,
“GroupDescription”: “Protects the app from reverse engineering”,
“Description”: “This option is set to OFF state by default and can be modified. If this option is ON, Quixxi Shield will use the reflection concept to replace field references and method calls. This will help increase the complexity to understand the code and its flow.”,
“IsEnabled”: true,
“Items”: null
},
{
“Name”: “app.securityCompilation.android.removeDebugLogs”,
“Value”: “1”,
“Title”: “Remove app logs”,
“GroupTitle”: “Reverse Engineering Protection”,
“GroupDescription”: “Protects the app from reverse engineering”,
“Description”: “This option is set to ON state by default and can be modified. This option applies ONLY to native apps. If this option is ON, Quixxi Shield will remove the logs used in the app that might favor hacking attempts. Logs include the output due to Log.i(), Log.d(), Log.v() and System.out.println() calls.”,
“IsEnabled”: true,
“Items”: null
}
]
3.2 Save App Shield Configurations – Runtime Protection options
Save App Shield Configurations – Runtime Protection options
URL : api/v1/protection/configurations
Type : POST
Headers : AppKey: “GUID of application”
DevKey : “GUID of the developer”
Description : Saves runtime protection Configurations for an existing application. These settings are saved against an application permanently even if the shield is not applied to the application.
Input Model Output Model
{
“platformId”:1,
“Items”:[
{“Name”:”app.securityCompilation.android.removeDebugLogs”,”Value”:1},
{“Name”:”app.securityCompilation.android.copyPasteProtection”,”Value”:1}
]}
{
“_Status”: 200,
“_ShowMessage”: true,
“_Message”: “Shield configurations saved successfully”
}
3.3 Protect App
Protect App
URL : api/v1/protection
Type : POST
Headers : AppKey: “GUID of application”
DevKey : “GUID of the developer”
Content Type : application/json
Description : Applies Quixxi shield to the app with the shield configuration saved using the previous API or applies Quixxi shield to the app with default shield configuration.
Input Model Output Model
securityFile : test.apk {
“_Status”: 200,
“_ShowMessage”: true,
“_Message”: “Compilation started…”
}
3.4 Get Progress
Get Progress
URL : api/v1/shield /status?compilationid={compilationId}
Type : GET
Headers : AppKey: “GUID of application”
DevKey : “GUID of the developer”
Content Type : application/json
Description : Gives the status / progress of shield request
Input Model Output Model
{
“_Status”: 200,
“_ShowMessage”: true,
“_Message”: “Your shield request has been completed. ”
}
3.5 Download Protected Application Package
Download Protected Application Package
URL : api/v1/protection/package
Type : GET
Headers : AppKey: “GUID of application”
DevKey : “GUID of the developer”
Content Type : application/zip
Description : Download protected application package
Input Model Output Model
Downloads the zip package.
3.6 Download Protected Application Certificate
Download Protected Application Certificate
URL : api/v1/protection/certificate?platformId={platformId}
Type : GET
Headers : AppKey: “GUID of application”
DevKey : “GUID of the developer”
Content Type : application/json
Description : Downloads protected application certificate. PlatformId = 1 for Android, PlatformId = 2 for iOS
Input Model Output Model
{
“_Status”: 200,
“_ShowMessage”: true,
“_Message”: “url to download certificate”
}

4. Rest services to scan app

4.1 Scan application
Scan application
URL : api/v1/vulnerability
Type : POST
Headers : AppKey: “GUID of application”
DevKey : “GUID of the developer”
Content Type : multipart/form-data
Description : Download protected application package
Input Model Output Model
File :File to scan {
“_Status”: 200,
“_ShowMessage”: true,
“_Message”: “Your scan request has been added Queue, Your request id is 13776. Please use this to get status about your request.”
}
4.2 Get Progress
Get Progress
URL : api/v1/scan/status?scanId={scanid}
Type : POST
Headers : AppKey: “GUID of application”
DevKey : “GUID of the developer”
Content Type : multipart/form-data
Description : Gives status / progress of the scan request. Progress starts from 10 and ends at 100. After the completion of the shield It will return “Your scan request has been completed”.
Input Model Output Model
{
“_Status”: 200,
“_ShowMessage”: true,
“_Message”: “Your scan request has been completed. ”
}
4.3 Get Last Scan Report
Get Last Scan Report
URL : api/v1/vulnerability?Platform={PlatformId}&type={ReportType}
Type : POST
Headers : AppKey: “GUID of application”
DevKey : “GUID of the developer”
Content Type : mutipart/form-data
Description : Downloads the scan report. PlaformId 1 for Android and 2 for iOS. Report type 1 for json, 2 for xml and 3 for pdf.
Input Model Output Model
“url to download the report”