WithSecure Elements Endpoint Security

the withsecure elements endpoint security connector enables streamlined security automation for incident management and device monitoring within an organization's network withsecure elements endpoint security offers a robust platform for endpoint protection and response, safeguarding against sophisticated cyber threats this connector enables swimlane turbine users to integrate seamlessly with withsecure's capabilities, allowing for automated incident commenting, response action creation, device management, and user information retrieval by leveraging this integration, security teams can efficiently manage incidents, respond to threats proactively, and maintain visibility over their security posture, all within the swimlane turbine environment withsecure elements connector can be deployed in a security events forwarder role to pull data from withsecure elements and forward it to almost any siem using syslog, common event format (cef) or log event extended format (leef) elements connector is fully managed from the withsecure elements security center specifically, you can configure the use of the forwarding feature for the whole partner scope or limit it to a certain company see the elements connector getting started guide https //www withsecure com/userguides/product html#business/connector/latest/en for more details prerequisites to utilize the withsecure elements endpoint security connector with swimlane turbine, ensure you have the following prerequisites custom authentication with the following parameters url the endpoint url for the withsecure api client id your unique identifier for withsecure api access client secret a secret key associated with your client id to authenticate api requests capabilities the withsecure elements endpoint security connector provides the following capabilities add comment to incidents create new response actions delete devices get current user information list created response actions list detection for incident in organization scope list device operations list incidents in organization scope list organizations query devices query epp, edr and collaboration security events read list of security events trigger new remote operation on devices update devices update status of incidents asset setup login to the withsecure elements security center https //elements withsecure com/ https //elements withsecure com/ goto management > organization settings > api clients and create an new api client copy th client id, client secret use it for asset setup tasks setup query devices the query devices endpoint can be used for following usecases list devices get statistics about devices get histogram with device statistics for the last 30 days first use case is supported when accept header is set to application/json second use case requires accept header equal to application/vnd withsecure aggr+json and count parameter to be set third use case requires accept header equal to application/vnd withsecure aggr+json and histogram parameter to be set with application/json accept header endpoint returns list of devices for given organization retrieves devices matching all filters that are used in query when query contains "deviceid" parameter then other used filters are ignored with application/vnd withsecure aggr+json accept header endpoint returns aggregations aggregations provide useful statistical overview for the broader picture of organization's assets devices are first filtered according to the provided query parameters and then grouped and counted use count query parameter to select the property by which values devices will be counted histogram query parameter works exactly the same as count, with only difference that histogram will return aggregations data for the last 30 days count and histogram parameters can't be used together in a single query filters supported with count and histogram parameters organizationid, type, name, online, label, clientversion, protectionstatusoverview trigger new remote operation on devices triggering has two stages operation is created in the internal backend operation is triggered on the remote host successful response only means that the operation was created in the internal backend (first stage) client can query operations for the device to check status from the remote host (second stage) depending on an operation type, additional arguments might be required they should be sent in the body parameters map like object operation specific information in the response may be returned in the metadataparameters map like object check the list of supported operations here https //connect withsecure com/api reference/elements#post /devices/v1/operations update devices endpoint may be used to change device state change device subscription can find more details about above scenarios here https //connect withsecure com/api reference/elements#patch /devices/v1/devices query epp, edr and collaboration protection security events this endpoint supports following response formats items page (default) endpoint return security events matching filter parameters as page of items where each item represents security event object client iterate over search results using page anchor and it can decide about page size and items ordering aggregation endpoint groups and counts security events matching filter parameters by property selected by the client to select this mode client must add http header accept application/vnd withsecure aggr+json to the request additionally it has to add parameter count={property name} the request parameters usage and examples can be found here https //connect withsecure com/api reference/elements#post /security events/v1/security events read list of security events this endpoint is kept in maintenance mode which means it will receive only bugfixes and any new feature won't be added in the future create new response action check the supported action types and parameters here https //connect withsecure com/api reference/elements#post /response actions/v1/response actions before choosing this connector action configurations withsecure edr oauth2 0 authentication authentication using client id and client secret configuration parameters parameter description type required url a url to the target host string required verify ssl verify ssl certificate boolean optional token url string optional client id the client id string required client secret the client secret string required http proxy a proxy to route requests through string optional actions add comment to incidents adds a specified comment to selected incidents in withsecure elements endpoint security using target identifiers endpoint url /incidents/v1/comments method post input argument name type required description targets array required list of incident ids to comment min items 1 max items 10 comment string required comment to add to the target incidents output parameter type description status code number http status code of the response reason string response reason phrase items array output field items incidentid string unique identifier comment string output field comment example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "items" \[] } } ] create new response action initiates a response action on specified targets within withsecure elements endpoint security using organizationid, type, and targets endpoint url /response actions/v1/response actions method post input argument name type required description organizationid string required id of organization to which target devices belong type string required type of action targets array required list of targets (device identifiers) on which action is created min items 1 max items 10 comment string optional additional comment for action maxfilehash number optional maximum file size to hash, in mb prevents excessive delays when hashing large files (required in netstat) threadid number optional thread id (required in killthread) match string optional strategy used to match processes (required in killprocess) processmemorydump boolean optional run memory dump on process before killing it required in killprocess memory dump can be run only if processname or processid strategy is used memorydumpflag string optional flag that will be used when dumping the process memory required in killprocess full memory dump includes all accessible memory of process, pmem only information necessary to capture process' stack traces processmatchvalues array optional list of values that are used to match process to kill (required in killprocess) depending on selected strategy it might be list of identifiers, names or regular expressions min items 1 max items 6 capturememory boolean optional take capture of system's memory required in fullmemorydumpwhen linux devices are selected as targets collectprofile boolean optional collect files required to build a kernel profile required in fullmemorydump when linux devices are selected as targets winpmemversion string optional version of winpmem to use required in fullmemorydump when windows devices are selected as targets output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier example \[ { "status code" 200, "response headers" { "date" "mon, 09 sep 2024 10 11 29 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "server" "nginx", "x transaction" "0000 d425d30e3a4a4a79", "vary" "origin, access control request method, access control request headers", "strict transport security" "max age=31536000 ; includesubdomains" }, "reason" "ok", "json body" { "id" "string" } } ] delete devices removes specified devices from withsecure elements endpoint security, freeing up subscription seats and hiding them from the device list endpoint url /devices/v1/devices method delete input argument name type required description deviceid array required list of device id's to be deleted up to 20 items output parameter type description status code number http status code of the response reason string response reason phrase devices array output field devices example \[ { "status code" 200, "response headers" { "date" "mon, 09 sep 2024 07 12 50 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "server" "nginx", "x transaction" "0000 cac6b1b18e344010", "vary" "origin, access control request method, access control request headers", "strict transport security" "max age=31536000 ; includesubdomains" }, "reason" "ok", "json body" { "devices" \[] } } ] get current user information retrieve details about the currently authenticated user in withsecure elements endpoint security endpoint url /whoami/v1/whoami method get output parameter type description status code number http status code of the response reason string response reason phrase clientid string unique identifier organizationid string unique identifier example \[ { "status code" 200, "response headers" { "date" "wed, 11 sep 2024 09 51 32 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "server" "nginx", "x transaction" "0000 ba65dbf08940468b", "vary" "origin, access control request method, access control request headers", "strict transport security" "max age=31536000 ; includesubdomains" }, "reason" "", "json body" { "clientid" "fusion df13a6b8f1314e549b539930", "organizationid" "5a1b6078 3c68 4870 9d2b 4f1fff3485ad" } } ] list created response actions retrieve a list of response actions created for rdr sensors in withsecure elements endpoint security, requiring an organizationid endpoint url /response actions/v1/responses method get input argument name type required description organizationid string required uuid of an organization order string optional sorting order anchor string optional anchor pointing to the page that should be retrieved if the parameter is missing or equal to default value then endpoint returns first page type string optional filter by response action type actionid string optional filter by response action id state string optional filter by response action state comment string optional filter by comment matches any part of the comment author string optional filter by author username result string optional filter by response action result deviceid string optional uuid of a device limit number optional the size of the single batch value defines upper bound for number of items, that are sent in single response however it doesn't guarantee, that response will contain exact number of items if next page exist client that reads all items matching query parameters should depend only on nextanchor property, which contain link to next result client can stop iteration when nextanchor is missing in response output parameter type description status code number http status code of the response reason string response reason phrase items array output field items id string unique identifier type string type of the resource state string output field state progress object output field progress devicescount number count value pendingtaskscount number count value errortaskscount number error message if any activetaskscount number count value completedtaskscount number count value successfullycompletedtaskscount number whether the operation was successful createdtimestamp string output field createdtimestamp updatedtimestamp string output field updatedtimestamp devices array output field devices deviceid string unique identifier author object output field author id string unique identifier source string output field source username string name of the resource comment string output field comment result string result of the operation nextanchor string output field nextanchor example \[ { "status code" 200, "response headers" { "date" "mon, 09 sep 2024 10 59 03 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "server" "nginx", "x transaction" "0000 8ea252f7eaa348b7", "vary" "origin, access control request method, access control request headers", "strict transport security" "max age=31536000 ; includesubdomains" }, "reason" "", "json body" { "items" \[], "nextanchor" "string" } } ] list detections for incident in organization scope retrieve a list of detections for a specified incident within an organization's scope, ordered by time in descending order endpoint url /incidents/v1/detections method get input argument name type required description organizationid string optional uuid of an organization if organizationid is missing, default organization of authenticated client is used incidentid string required id of an incident client can find that value in details of edr security event incident id must match uuid format anchor string optional anchor pointing to the page that should be retrieved if the parameter is missing or equal to default value then endpoint returns first page createdtimestampstart string optional lower, inclusive bound for createdtimestamp in the returned list cannot be used with updatedtimestamp filters createdtimestampend string optional upper, exclusive bound for createdtimestamp in the returned list cannot be used with updatedtimestamp filters limit number optional maximal number of items in response min > 1, max > 100 output parameter type description status code number http status code of the response reason string response reason phrase items array output field items detectionid string unique identifier incidentid string unique identifier deviceid string unique identifier name string name of the resource detectionclass string output field detectionclass severity string output field severity risklevel string output field risklevel exepath string output field exepath exename string name of the resource exehash string output field exehash cmdl string output field cmdl pid number unique identifier createdtimestamp string output field createdtimestamp initialreceivedtimestamp string output field initialreceivedtimestamp username string name of the resource privileges string output field privileges activitycontext array output field activitycontext type string type of the resource description string output field description detectionavgcount number count value detectionmaxcount number count value detectionavgsensors number output field detectionavgsensors example \[ { "status code" 200, "reason" "ok", "json body" { "items" \[], "nextanchor" "next page ref" } } ] list device operations retrieves a list of operations triggered on a specified device within withsecure elements endpoint security; returns empty for inactive devices endpoint url /devices/v1/operations method get input argument name type required description deviceid string required uuid of a device output parameter type description items array output field items id string unique identifier status string status value operationname string name of the resource startedtimestamp string output field startedtimestamp lastupdatedtimestamp string output field lastupdatedtimestamp expirationtimestamp string output field expirationtimestamp metadata object response data profileid string unique identifier example \[ { "items" \[ {}, {} ] } ] list incidents in organization scope retrieve a list of incidents within a specified organization and time frame using withsecure elements endpoint security endpoint url /incidents/v1/incidents method get input argument name type required description anchor string optional anchor pointing to the page that should be retrieved if the parameter is missing or equal to default value then endpoint returns first page organizationid string optional uuid of an organization if organizationid is missing, default organization of authenticated client is used incidentid string optional uuid of the incident createdtimestampstart string optional lower, inclusive bound for createdtimestamp in the returned list cannot be used with updatedtimestamp filters createdtimestampend string optional upper, exclusive bound for createdtimestamp in the returned list cannot be used with updatedtimestamp filters updatedtimestampstart string optional lower, inclusive bound for updatedtimestamp in the returned list cannot be used with createdtimestamp filters updatedtimestampend string optional upper, exclusive bound for updatedtimestamp in the returned list cannot be used with createdtimestamp filters exclusivestart boolean optional if equals "true", then createdtimestampstart and updatedtimestampstart are used as exclusive lower bound otherwise, createdtimestampstart and updatedtimestampstart are inclusive status string optional status of the incidents to return to filter by multiple statuses add this parameter repeatedly resolution string optional resolution of the incident to return to filter by multiple resolutions add this parameter repeatedly risklevel string optional filters by risk level to filter by multiple risk levels add this parameter repeatedly archived boolean optional specify whether archived incidents should be send in response it is advised to query only not archived incidents as it might have positive impact on query performance it is strongly advised to add archived=false limit number optional maximal number of items in response min 1 to max 50 order string optional specifies sorting order output parameter type description status code number http status code of the response reason string response reason phrase items array output field items organizationid string unique identifier severity string output field severity risklevel string output field risklevel riskscore number score value incidentpublicid string unique identifier createdtimestamp string output field createdtimestamp name string name of the resource incidentid string unique identifier initialreceivedtimestamp string output field initialreceivedtimestamp resolution string output field resolution updatedtimestamp string output field updatedtimestamp status string status value categories array output field categories nextanchor string output field nextanchor example \[ { "status code" 200, "response headers" { "date" "mon, 09 sep 2024 10 35 40 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "server" "nginx", "x transaction" "0000 4baa6e30943a485f", "vary" "origin, access control request method, access control request headers", "strict transport security" "max age=31536000 ; includesubdomains" }, "reason" "", "json body" { "items" \[], "nextanchor" "next page ref" } } ] list organizations retrieve a list of organizations associated with the specified withsecure elements endpoint security organization, including the organization itself endpoint url /organizations/v1/organizations method get input argument name type required description organizationid string optional uuid of an organization if organizationid is missing, default organization of authenticated client is used anchor string optional anchor pointing to the page that should be retrieved if the parameter is missing or equal to default value then endpoint returns first page type string optional filter by organization type matches all organizations of this type limit number optional the size of the single batch value defines upper bound for number of items, that are sent in single response however it doesn't guarantee, that response will contain exact number of items if next page exist client that reads all items matching query parameters should depend only on nextanchor property, which contain link to next result client can stop iteration when nextanchor is missing in response output parameter type description status code number http status code of the response reason string response reason phrase items array output field items name string name of the resource id string unique identifier type string type of the resource example \[ { "status code" 200, "response headers" { "date" "wed, 04 sep 2024 11 10 18 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "server" "nginx", "x transaction" "0000 dccdc640d48c4c10", "vary" "origin, access control request method, access control request headers", "strict transport security" "max age=31536000 ; includesubdomains" }, "reason" "", "json body" { "items" \[] } } ] query devices executes a query to retrieve information about the organization's devices within withsecure elements endpoint security endpoint url /devices/v1/devices method get input argument name type required description anchor string optional anchor pointing to the page that should be retrieved if the parameter is missing or equal to default value then endpoint returns first page organizationid string optional uuid of an organization if organizationid is missing, default organization of authenticated client is used deviceid string optional uuid of a device type string optional filter by device type matches all devices of this type if type is missing, all types of devices are included in response state string optional filter by device state matches all devices of this state if state is missing, only active devices are included in response name string optional filter devices by device name (exact match) serialnumber string optional filter devices by device serial number (exact match) online boolean optional filter devices by online state label string optional filter by single label matches all devices that contains at least this label clientversion string optional filter devices by client version (exact match) protectionstatusoverview string optional filter devices by protection status overview patchoverallstate string optional filter devices by protection status overview publicipaddress string optional public ip address of the device organizationname string optional name of organization (company or partner) osname string optional name of the operating system that is installed on the device activedirectorygroup string optional name of the active directory group subscriptionkey string optional filter by subscription key that device registered with only devices in given subscription key are returned required format is xxxx xxxx xxxx xxxx xxxx where x is either a digit or an uppercase letter count string optional name of the property to use in aggregation when count parameter is provided and accept header is set to application/vnd withsecure aggr+json then response contains aggregation data devices matching query parameters are grouped and counted by selected property values count and histogram parameters can't be used together in a single query histogram string optional name of the property to use in histogram type aggregation when histogram parameter is provided and accept header is set to application/vnd withsecure aggr+json then response contains aggregation data in the histogram form aggregation data is returned for every date from last 30 days devices matching query parameters are grouped and counted by selected property values count and histogram parameters can't be used together in a single query limit number optional the size of the single batch value defines upper bound for number of items, that are sent in single response however it doesn't guarantee, that response will contain exact number of items if next page exist client that reads all items matching query parameters should depend only on nextanchor property, which contain link to next result client can stop iteration when nextanchor is missing in response headers object optional http headers for the request accept string optional parameter for query devices output parameter type description status code number http status code of the response reason string response reason phrase items array output field items file name string name of the resource file string output field file example \[ { "status code" 200, "response headers" { "date" "wed, 11 sep 2024 08 43 53 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "server" "nginx", "x transaction" "0000 62bdff98fa4c42f1", "vary" "origin, access control request method, access control request headers", "strict transport security" "max age=31536000 ; includesubdomains" }, "reason" "", "json body" { "items" \[] } } ] query epp, edr and collaboration security events executes a search query against epp, edr, and collaboration protection security events in withsecure elements endpoint security, returning results in json includes events from child companies for partners endpoint url /security events/v1/security events method post input argument name type required description headers object required http headers for the request content type string required http header that defines format of request body accept string required htp header defines expected format of response body client should use header application/vnd withsecure aggr+json to receive aggregated results security events grouped and counted by selected property data body object optional response data organizationid string optional id of an organization if organizationid is missing, default organization of authenticated client is used persistencetimestampstart string optional lower bound for persistence timestamp in the returned security events minimum allowed value is 2022 08 01t00 00 01z persistencetimestampend string optional upper, exclusive bound for persistence timestamp in the returned security events engine array optional parameter for query epp, edr and collaboration security events enginegroup array optional engine that triggered event severity array optional event's severity targetid string optional id of event's target either id of device or e mail address when parameter is present response contains all events related to epp device or office 365 entity acknowledged boolean optional filter security events by acknowledgement status if parameter is missing then response contains all events count string optional name of property to use in aggregation all security events matching filter parameters are grouped and counted by selected property this parameter is required when client sends request with http header accept= application/vnd withsecure aggr+json anchor string optional anchor pointing to the page that should be retrieved if the parameter is missing or equal to default value then endpoint returns first page order string optional sorting order exclusivestart boolean optional if equals true, then persistencetimestampstart is used as exclusive lower bound otherwise, persistencetimestampstart is inclusive limit number optional the size of the single batch min 1 to max 200 value defines upper bound for number of items, that are sent in single response however it doesn't guarantee, that response will contain exact number of items if next page exist client that reads all items matching query parameters should depend only on nextanchor property, which contain link to next result client can stop iteration when nextanchor is missing in response output parameter type description status code number http status code of the response reason string response reason phrase items array output field items id string unique identifier action string output field action engine string output field engine severity string output field severity servertimestamp string output field servertimestamp persistencetimestamp string output field persistencetimestamp eventtransactionid string unique identifier clienttimestamp string output field clienttimestamp acknowledged boolean output field acknowledged organization object output field organization id string unique identifier name string name of the resource target object output field target name string name of the resource id string unique identifier device object output field device id string unique identifier name string name of the resource username string name of the resource details object output field details profilename string name of the resource path string output field path example \[ { "status code" 200, "response headers" { "date" "mon, 09 sep 2024 10 44 48 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "server" "nginx", "x transaction" "0000 c460567a9f914407", "vary" "origin, access control request method, access control request headers", "strict transport security" "max age=31536000 ; includesubdomains" }, "reason" "ok", "json body" { "items" \[], "nextanchor" "link to next page" } } ] read list of security events retrieve a list of security events within a specified time frame for a given organization, including hierarchical data if requested with a partner organizationid endpoint url /security events/v1/security events method get input argument name type required description organizationid string optional uuid of an organization if organizationid is missing, default organization of authenticated client is used engine array optional filter by engines that triggered event persistencetimestampstart string optional lower bound for persistence timestamp in the returned security events minimum allowed value is 2022 08 01t00 00 01z persistencetimestampend string optional upper, exclusive bound for persistence timestamp in the returned security events servertimestampstart string optional lower bound for server timestamp in the returned security events servertimestampend string optional upper, exclusive bound for server timestamp in the returned security events severity string optional filter by event's severities anchor string optional anchor pointing to the page that should be retrieved if the parameter is missing or equal to default value then endpoint returns first page order string optional sorting order exclusivestart boolean optional if equals "true", then persistencetimestampstart and servertimestampstart are used as exclusive lower bound otherwise, persistencetimestampstart and servertimestampstart are inclusive limit number optional the size of the single batch min 1 to max 200 value defines upper bound for number of items, that are sent in single response however it doesn't guarantee, that response will contain exact number of items if next page exist client that reads all items matching query parameters should depend only on nextanchor property, which contain link to next result client can stop iteration when nextanchor is missing in response output parameter type description status code number http status code of the response items array output field items id string unique identifier servertimestamp string output field servertimestamp clienttimestamp string output field clienttimestamp persistencetimestamp string output field persistencetimestamp engine string output field engine severity string output field severity action string output field action organization object output field organization id string unique identifier name string name of the resource device object output field device id string unique identifier name string name of the resource winsaddress string output field winsaddress eventtransactionid string unique identifier username string name of the resource nextanchor string output field nextanchor example \[ { "status code" 200, "response headers" { "date" "mon, 09 sep 2024 10 44 48 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "server" "nginx", "x transaction" "0000 c460567a9f914407", "vary" "origin, access control request method, access control request headers", "strict transport security" "max age=31536000 ; includesubdomains" }, "reason" "", "json body" { "items" \[], "nextanchor" "string" } } ] trigger new remote operation on devices initiates a specified operation on active devices within the client's organization using their uuids provided in the request body endpoint url /devices/v1/operations method post input argument name type required description operation string required type of an operation to execute message string optional for isolatefromnetwork and showmessage operations constraint > max 512 characters consentmessage string optional for collectdiagnosticfile operation constraint > max 512 characters profileid number optional for assignprofile operation feature string optional for turnonfeature operation turnontimeout number optional for turnonfeature operation must be between 5 and 1440 debug logging also turns off automatically with the device restart targets array required list of targets (device identifiers) on which operation will be execute min items= 1 and max items =5 output parameter type description status code number http status code of the response reason string response reason phrase multistatus array status value target string output field target status number status value operationid number unique identifier transactionid string unique identifier example \[ { "status code" 207, "response headers" { "date" "mon, 09 sep 2024 07 12 50 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "server" "nginx", "x transaction" "0000 cac6b1b18e344010", "vary" "origin, access control request method, access control request headers", "strict transport security" "max age=31536000 ; includesubdomains" }, "reason" "ok", "json body" { "multistatus" \[], "transactionid" "0000 abcdef 1234" } } ] update devices modify the state or subscription of specified devices in withsecure elements endpoint security requires a 'targets' json body endpoint url /devices/v1/devices method patch input argument name type required description state string optional device state to be changed to targets array required list of targets (device identifiers) on which state will be changed min items 1 max items 5 subscriptionkey string optional key of the subscription to which the devices will be moved output parameter type description status code number http status code of the response reason string response reason phrase multistatus array status value target string output field target status number status value transactionid string unique identifier example \[ { "status code" 207, "response headers" { "date" "mon, 09 sep 2024 07 12 50 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "server" "nginx", "x transaction" "0000 cac6b1b18e344010", "vary" "origin, access control request method, access control request headers", "strict transport security" "max age=31536000 ; includesubdomains" }, "reason" "ok", "json body" { "multistatus" \[], "transactionid" "0000 abcdef 1234" } } ] update status of incidents updates the status of specified incidents in withsecure elements endpoint security using target identifiers and a new status value endpoint url /incidents/v1/incidents method post input argument name type required description targets array required list of incident ids to update min items 1 max items 1 status string required status of the incident resolution string optional resolution of incident that property is required when status of incident is 'closed' output parameter type description status code number http status code of the response reason string response reason phrase multistatus array status value target string output field target status number status value transactionid string unique identifier example \[ { "status code" 200, "reason" "ok", "json body" { "multistatus" \[], "transactionid" "0000 d1467e4907a54c87" } } ] response headers header description example connection http response header connection keep alive content type the media type of the resource application/json date the date and time at which the message was originated mon, 09 sep 2024 10 35 40 gmt server information about the software used by the origin server nginx strict transport security http response header strict transport security max age=31536000 ; includesubdomains transfer encoding http response header transfer encoding chunked vary http response header vary origin, access control request method, access control request headers x transaction http response header x transaction 0000 dccdc640d48c4c10 notes withsecure elements endpoint security api reference documentation https //connect withsecure com/api reference/elements