Tuesday, 20 May 2014

API for your SDLC. Сheck your Apps before release!

Good news everyone!
Now we have API, and there are a few words about why to use it and how.
It's not a surprise that cost of fix depends on development stage, and patches for a released software are used to be the most expensive.

And HackApp has not been able to help with it. Today we are happy to present API, which can be scripted into your SDLC.

API is simple and has 3 actions:

  1. Add application , 
  2. Check status,
  3. Get Report .
Also we have a nice web page to explore uploaded apps :)

Add Application

There is a request to upload an app:

curl    --form "file=@%path_to_app_bundle%" https://hackapp.com/api/addapp  --form "secret=%secret_key%" -k

  • %path_to_app_bundle% - path to app file on your filesystem
  • %secret_key% - your API authentication key, how to get it you can read futher.

if everything is ok, you'll get response:

{"action": "add_app", "details": "", "app_hackapp_id": "%app_hackapp_id%", "app_id": "%app_id%", "result": "success"}

  • %app_id% - name of your app.
  • %app_hackapp_id% - app id in HackApp, you will need it, to check status, or get report.

Check status

Request to get status of already added app:

curl    --form "secret=%secret_key%" https://hackapp.com/api/appstatus  --form "app_hackapp_id=%app_hackapp_id%" -k

if everything is fine, you will get:

{"app_status": "done", "app_hackapp_id": "%app_hackapp_id%", "app_id": "%app_id%", "result": "success", "details": ""}

  • "result": "success"  -  your app is analysed and you can get report.

Get report

To get report:

curl    --form "secret=%secret_key%" https://hackapp.com/api/appreport  --form "app_hackapp_id=%app_hackapp_id%" -k

you will get JSON object. There is an explaining example:

{"com.idar.visupay":    # App name
"bugs": {  # Hash Array  where key is bug ID
"ios_ssp": [{"bug_file": "Payload/VISUPAY.app/VISUPAY", 
"bug_details": "", 
"bug_fix": "This can be achieved by specifying the \"--fstack-protector-all\" compiler flag", 
"bug_name": "Stack Smash protection disabled", 
"bug_file_id": "c9dd3255eed4a5a3d6a6ca5e00408e07", 
"bug_false_positive": 0, 
"bug_id": "ios_ssp", 
"bug_desc": "Compilation without stack protection can lead to malicious code execution", 
"bug_level": "medium"}], 
"desc": { # Hash Array with app details
                         "ver": "2.0.001", 
"perms": ["Storage in KeyChain"], 
"min_ios": "4.3", 
"uri": ["fb321971781207651://"], 
"drm": null, 
"store": "appstore" 

Apps' List

To get list:

curl    --form "secret=%secret_key%" https://hackapp.com/api/appreport  --form "app_hackapp_id=%app_hackapp_id%" -k

you will get JSON object. There is an example:

[{"app_status": "done", "app_hackapp_id": "9a7630baf742cc0583ba87aacbf6a9e6", "app_id": "com.idar.visupay"}, {"app_status": "done", "app_hackapp_id": "4bb60e00e7f5c17d891a72f03ccd1bbd", "app_id": "air.ru.mail.games.pokerarena"]}


There is a cute page to represent API activity 

by clicking here you'll get a list of all added apps 

... and there is a special button to get your current API secret key. Sure thing, you can change it, if you think someone else uses it ;)

API is available in PRO version
To enjoy a free trial, please contact info@hackapp.com.


  1. I really love this post I will visit again to read your post in a very short time and I hope you will make more posts like this.
    Best essay writing service

  2. This comment has been removed by the author.

  3. This is really good news, thank you a lot! HackApp is really cool. I am using it all the time while working on my projects at handmadewritings

  4. If you're reading this on an RSS feed like Google Reader (which is going away - alas!) or an email version, you'll want to click over to the full blog to see the changes. Home Electrical Repair Service

  5. for beginners like me need a lot of reading and searching for information on various blogs. and articles that you share a very nice and inspires me . Security Guards