Business Units
Get all Business Units
This endpoint retrieves a list of Business Unit resources, respecting the permissions of the user who has made the request.
GET /api/v2/business-units/
Query Parameters
The following parameters may be used to filter the business unit resources in the response.
| Parameter | Description |
|---|---|
| name | Filter business units by name. |
| slug | Filter business units by slug. |
| ordering | Sort business units by the specified field. Prefix field name with minus to sort descending. Sortable fields: name. |
| search | Filter applications by performing a textual search on a name. |
| created | Filter business units by the date they were created. See Custom Filtering Lookups. |
| updated | Filter business units by the date they were updated. See Custom Filtering Lookups. |
| all_users | Specify either true or false. |
GET /api/v2/business-units/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
HTTP/1.1 200 OK
Content-Type: application/json
{
"results": [
{
"id": 1,
"slug": "example-business-unit-1",
"name": "example business unit 1",
"created": "2015-09-30T18:28:37.214914Z",
"updated": "2015-09-30T18:28:37.214959Z",
"default_groups": [],
"default_users": [],
"users": [{
"id": 682,
"email": "frank@sdelements.com",
"first_name": "Frank",
"last_name": "Testerton",
"is_active": true,
"role": {
"id": "UR1",
"name": "User"
}
}],
"groups": [{
"id": "G64",
"name": "Group Bar"
}],
"all_users": false,
"persist_phases": false,
"default_risk_policy": null
},
{
"id": 2,
"slug": "example-business-unit-2",
"name": "example business unit 2",
"created": "2015-09-30T19:30:25.254036Z",
"updated": "2015-09-30T19:30:25.254072Z",
"default_users": [],
"default_groups": [],
"users": [],
"groups": [],
"all_users": false,
"persist_phases": false,
"default_risk_policy": null
}
]
}
Include Parameters
See the Include Parameters section for more details.
| Parameter | Description |
|---|---|
| risk_policy_compliance | Includes an object which returns the number of compliant and non-compliant projects. |
| applications | Includes a list of the applications within the business unit. |
| application_metrics | Includes a total count of the applications within the business unit. |
| project_metrics | Includes a total count of the projects within the business unit along with count values indicating how many are risk compliant. |
| task_metrics | Includes a total count of the project Countermeasures within the business unit along with count values broken down by task status meaning. |
| problem_metrics | Includes a total count of the project Weaknesses within the business unit along with count values broken down by Weakness risk rating. |
GET /api/v2/business-units/?include=risk_policy_compliance HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
HTTP/1.1 200 OK
Content-Type: application/json
{
"results": [
{
"all_users": false,
"applications": [
{
"id": 6671,
"name": "Auto Notify - App",
"slug": "auto-notify-app"
}
],
"created": "2021-03-11T16:00:34.211813-05:00",
"default_groups": [],
"default_users": [
{
"id": 2744,
"email": "frank@sdelements.com",
"first_name": "Frank",
"last_name": "Testerton",
"is_active": true,
"role": "UR1"
}
],
"groups": [],
"name": "Auto Notify",
"slug": "auto-notify",
"id": 1489,
"updated": "2021-03-11T16:03:35.204782-05:00",
"users": [
{
"id": 2744,
"email": "frank@sdelements.com",
"first_name": "Frank",
"last_name": "Testerton",
"is_active": true,
"role": {
"id": "UR1",
"name": "User"
}
}
],
"persist_phases": true,
"risk_policy_compliance": {
"compliant_projects": 37,
"non_compliant_projects": 12
},
"default_risk_policy": null,
"application_metrics": {
"total_application_count": 7
},
"project_metrics": {
"total_project_count": 49,
"compliant_project_count": 37,
"not_compliant_project_count": 12
},
"task_metrics": {
"total_task_count": 195,
"incomplete_task_count": 77,
"not_applicable_task_count": 0,
"complete_task_count": 118
},
"problem_metrics": {
"total_problem_count": 122,
"risk_rating_1_problem_count": 0,
"risk_rating_2_problem_count": 6,
"risk_rating_3_problem_count": 7,
"risk_rating_4_problem_count": 11,
"risk_rating_5_problem_count": 39,
"risk_rating_6_problem_count": 7,
"risk_rating_7_problem_count": 23,
"risk_rating_8_problem_count": 9,
"risk_rating_9_problem_count": 8,
"risk_rating_10_problem_count": 12
}
}
]
}
Get a Specific Business Unit
This endpoint retrieves a specific Business Unit resource, as specified by the id parameter.
GET /api/v2/business-units/{business_unit_id}/
URL Parameters
| Parameter | Description |
|---|---|
| business_unit_id | The id of the Business Unit to retrieve. |
GET /api/v2/business-units/1/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
HTTP/1.1 200 OK
Content-Type: application/json
{
"id": 1,
"slug": "example-business-unit-1",
"name": "example business unit 1",
"created": "2015-09-30T18:28:37.214914Z",
"updated": "2015-09-30T18:28:37.214959Z",
"default_groups": [],
"default_users": [],
"users": [{
"id": 682,
"email": "frank@sdelements.com",
"first_name": "Frank",
"last_name": "Testerton",
"is_active": true,
"role": {
"id": "UR1",
"name": "User"
}
}],
"groups": [{
"id": "G64",
"name": "Group Bar"
}],
"all_users": false,
"persist_phases": false,
"default_risk_policy": null
}
Create a New Business Unit
| Fields | Required | Description |
|---|---|---|
| name | Yes | The name of the new business unit. |
| users | No | A list of dictionaries representing the users who are part of the business unit. Each dictionary has an email field. |
| groups | No | A list of dictionaries representing the groups which are part of the business unit. Each dictionary has an id field which is the group id. |
| default_users | No | A list of dictionaries representing the default user roles for the users in the business unit. Each dictionary has an email field and a role field where the role is the role id. The users specified here should be members of the business unit unless all_users is true. |
| default_groups | No | A list of dictionaries representing the default group roles for the users in the business unit. Each dictionary has an id field which is the group id and a role field where the role is the role id. The groups specified here should be members of the business unit unless all_users is true. |
| all_users | No | Whether the business unit includes all users. Trying to create a business unit with this field set to True and specific users/groups specified is an error. Default is false. |
| persist_phases | No | Set the persistence of TODO Countermeasures and their associated Weaknesses that belong to active phases in a project within this business unit. |
| default_risk_policy | No | The id of Risk Policy that applies to all projects of this business unit by default unless overriden by the project's risk policy. This overrides the organization's default Risk Policy. |
POST /api/v2/business-units/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
{
"name": "API Test",
"users": [{"email": "test@example.com"}],
"groups": [{"id": "G1"}],
"default_users": [{"email": "test@example.com", "role": "PR4"}],
"default_groups": [{"id": "G1", "role": "PR4"}],
"all_users": false,
"persist_phases": false,
"default_risk_policy": 29
}
HTTP/1.1 201 CREATED
Content-Type: application/json
{
"id": 541,
"slug": "api-test",
"name": "API Test",
"created": "2015-09-30T18:28:37.214914Z",
"updated": "2015-09-30T18:28:37.214959Z",
"users": [{
"id": 1,
"email": "test@example.com",
"first_name": "Admin",
"last_name": "Testerton",
"is_active": true,
"role": {
"id": "UR1",
"name": "User"
}
}],
"groups": [{
"id": "G1"
}],
"default_users": [{
"email": "test@example.com",
"role": "PR4",
"id": 1,
"first_name": "Admin",
"last_name": "Testerton",
"is_active": true
}],
"default_groups": [{
"id": "G1",
"role": "PR4"
}],
"all_users": false,
"persist_phases": false,
"default_risk_policy": 29
}
Update a Business Unit
Update a single business unit by specifying the id. The fields users, groups, name, persist_phases, default_users, and default_groups can be updated.
PATCH /api/v2/business-units/{business_unit_id}/
URL Parameters
| Parameter | Description |
|---|---|
| business_unit_id | The id of the Business Unit to update. |
PATCH /api/v2/business-units/36/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
{
"name": "New BU Name"
}
HTTP/1.1 200 OK
Content-Type: application/json
{
"id": 36,
"slug": "api-test",
"name": "New BU Name",
"created": "2015-09-30T18:28:37.214914Z",
"updated": "2015-09-30T18:28:37.214959Z",
"users": [{
"email": "test@example.com",
"id": 1,
"first_name": "Admin",
"last_name": "Testerton",
"is_active": true,
"role": {
"id": "UR1",
"name": "User"
}
}],
"groups": [{
"id": "G1"
}],
"default_users": [{
"email": "test@example.com",
"role": "PR4",
"id": 1,
"first_name": "Admin",
"last_name": "Testerton",
"is_active": true
}],
"default_groups": [{
"id": "G1",
"role": "PR4"
}],
"all_users": false,
"persist_phases": false,
"default_risk_policy": null
}
Delete a Business Unit
This endpoint deletes a single Business Unit resource, as specified by the id parameter.
DELETE /api/v2/business-units/{business_unit_id}/
URL Parameters
| Parameter | Description |
|---|---|
| business_unit_id | The id of the Business Unit to delete. |
DELETE /api/v2/business-units/1/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
HTTP/1.1 204 NO CONTENT