Create Application

/rest/{version}/teams/{teamId}/applications/new

Descriptor	Value
HTTP Method	POST
Description	Creates an application under the given team with id of teamId.
Required Permission	Manage Applications
Version Introduced	2.3.0
Changes in 2.7.5	Added "testEnvironment", "releaseFrequency", and "isInternal" to the REST call response.
Changes in 2.7.9	Added "unassignedVulnCount" for unmapped severities.
Changes in 2.8.2	Added ability to add description to application.
Changes in 2.8.5	Added the following parameters: testEnvironment, uniqueId, applicationCriticality, frameworkType, releaseFrequency, skipApplicationMerge, isInternal, associatedUser, repositoryUrl, repositoryType, repositoryBranch, repositoryUserName, repositoryPassword, repositoryFolder

Request Header Parameters

Parameter	Value	Required	Description
Accept	String	Yes	A value of ‘application/json’ must be provided.
Authorization	APIKEY {apiKey}	Yes	API being used to execute API call.

Request POST Data Parameters

Parameter	Value	Required	Description	Available Values
name	String	Yes	The name of the new application that is being created.
url	String	No	The URL of where the application being assessed lives.
description	String	No	The text to be included in the description field for the application.
testEnvironment	String	No	The name of the test environment associated with the new application being created.	N/A
uniqueId	String	No	A unique ID value to assign to the application.	N/A
applicationCriticality	Integer	No	The severity level for the application, from 1 for Low to 4 for Critical.	“1”, “2”, “3”, “4”
frameworkType	String	No	The web framework the app was built on.	“DETECT”, “JSP”, “RAILS”, “SPRING_MVC”, “STRUTS”, “DOT_NET_MVC”, “DOT_NET_WEB_FORMS”
releaseFrequency	String	No	Selectable option for how frequently the application updates.	"UNKNOWN", "DAILY", "WEEKLY", "BIWEEKLY", "MONTHLY"
skipApplicationMerge	Boolean	No	Setting to enable or disable vulnerability merging for an application.	TRUE, FALSE
isInternal	Boolean	No	Setting to enable or disable internal status for the application.	N/A
associatedUser	String	No	User name(s) associated with the new application being created.	N/A
repositoryUrl	String	No	The repository where the source code for the app can be found. Requires repositoryType to be specified.	N/A
repositoryType	String	Possibly	The type of repository your repositoryUrl refers to. Required if you specify a repositoryUrl.	“GIT”, “SVN”
repositoryBranch	String	No	The git branch for the source code.	N/A
repositoryUserName	String	No	The user name to use for git credentials.	N/A
repositoryPassword	String	No	The password to use for git credentials.	N/A
repositoryFolder	String	No	The root directory for the source code.	N/A

Sample Call:

curl --insecure -H 'Accept: application/json' -H "Authorization: APIKEY {apiKey}" -X POST --data 'name=Test App&url=http://example.com' http://localhost:8080/threadfix/rest/latest/teams/1/applications/new

Sample Output:

{
    "message": "",
    "success": true,
    "responseCode": -1,
    "object": {
        "id": 38,
        "name": "API team",
        "url": "http://example.com",
        "uniqueId": null,
        "applicationCriticality": {
            "id": 1,
            "name": "Low"
        },
        "policyStatuses": [],
        "description": null,
        "releaseFrequency": "UNKNOWN",
        "testEnvironment": null,
        "grcApplication": null,
        "scans": [],
        "infoVulnCount": 0,
        "lowVulnCount": 0,
        "mediumVulnCount": 0,
        "highVulnCount": 0,
        "criticalVulnCount": 0,
        "totalVulnCount": 0,
        "isInternal": false,
        "unassignedVulnCount": 0,
        "waf": null,
        "organization": {
            "name": "Test Team",
            "id": 1
        }
    }
}