The API enables you to interact with ASecureCloud programmatically to automate actions such as onboarding accounts, updating settings, and launching security assessments. The api can be accessed at
A premium subscription is required to use the API

To get started, you need to create an API key to be used for authenticating the requests. Navigate to Dashboard > User Settings, and click on Generate API Keys

The API key and secret key generated will be used in all API calls for authentication. They are passed in the authorization header with Basic Auth. which will be used in the API requests' authorization header using Basic Auth.

  • PATH: GET /accounts/
  • Description: Lists all configured AWS accounts associated with the ASecureCloud profile
  • Parameters: None

  • PATH: POST /accounts/
  • Description: Lists the configured AWS accounts associated with the ASecureCloud profile
  • Parameters:
    • accountId (required) – AWS account id number (12 digits)
    • description (required) – AWS account description

  • PATH: GET /accounts/{account_id}
  • Description: Retrieves the managed account configuration details including the authentication profile details
  • Parameters: None

  • PATH: PUT /accounts/{account_id}
  • Description: Update an existing managed AWS account settings such as description and assessment schedule
  • Parameters:
    • description (optional) – AWS account description
    • assessmentSchedule (optional) – Set the schedule for the automated weekly assessment

  • PATH: DELETE /accounts/{account_id}
  • Description: Deletes a managed AWS account from the user's profile
  • Parameters: None

  • PATH: POST /accounts/{account_id}/authProfile
  • Description: Creates a new authentication profile for the specified AWS account. This allows ASecureCloud to access the
  • Parameters:
    • name (required) authentication profile name
    • description (required) authentication profile description
    • authType (required) – Allowed values: ["role", "user"], specifies authentication method to be used to access the AWS account (cross account IAM role vs IAM access keys)
    • roleName (required if "role" is set) – the IAM role name that will be used to access the environment
    • accessKeyId (required if "user" is set)
    • secretAccessKey (required if "user" is set)
    • sessionToken (optional)
When creating an authentication profile that uses an IAM role, the external ID will be generated by and sent back in the response body. See screenshot below.

  • PATH: DELETE /accounts/{account_id}/authProfile/{auth_profile_name}
  • Description: Deletes an existing authentication profile for a managed AWS account
  • Parameters: None

  • PATH: POST /assessments
  • Description: Launch a security assessment for the specific AWS account
  • Parameters:
    • accountId (required) – Managed AWS account id
    • regions (required) – list of regions to be included in the assessment. Example format: ["us-east-1", "us-east-2"]
    • authProfile (optional) – Name of the authentication profile to use for the assessment. If not provided, then the first authentication profile defined for the managed account will be used
Last modified 7mo ago
Copy link
On this page
Getting Started
API Reference