Skip to content

Notice

This guide is for the original release of AQtive Guard. For the current AQG SaaS platform, go to the AQtive Guard User Guide.

API client (cs-api) manual

Common Options

  • -k, --api-key <string>: API key, can also be defined using the CRYPTOSENSE_API_KEY environment variable
  • --ca-file <path>: Path to a file containing PEM encoded certificates to be trusted, to override the default CA file. This has no effect if certificate checking is disabled (it is enabled by default).
  • --no-check-certificate: Don’t check remote certificates. This is useful for when AQtive Guard is installed on-premises with self-signed certificates. For security, certificate checking is enabled by default.
  • -u, --api-base-url <url>: Base URL of the API server (for example: https://example.net). If not provided, the client will use the default URL (https://aqtiveguard.sandboxaq.com).
  • --help: Information about all the command-line option

Trace upload and analysis

The cs-api --analyze command uploads a trace to the AQtive Guard API and triggers its analysis.

The following parameters are available:

  • --trace-file <path> (required): Path to a trace file, or to a directory containing exactly one trace file.
  • --project-id <id> or --project-name <name> (required): ID or name of the project to which the trace should be added. See Find the project ID.
  • --slot-name <name>: Name of the slot to which the trace should be added. If no slot exists with the provided name, a new slot will be created. If no slot name is provided, the client will use a default slot in the project.
  • --trace-name <name>: Name for the trace on the server. If not provided, the server will pick a name for that trace.
  • --analyze <profile_id>: Use this option to launch an analysis of the trace after upload. The numeric ID identifies the profile to use during analysis. Use list-profiles to retrieve the IDs of existing profiles.
  • --profile-id (required): Numeric ID of the profile to use during trace analysis. Use the list-profiles command to retrieve the IDs of existing profiles.
  • --trace-id (required): ID of the trace to analyze

For a complete list of options, run ./cs-api upload-trace --help.

Other Use Cases

Upload to a local instance of AQtive Guard

If you’re using AQtive Guard on-premises, use the --api-base-url parameter to point the API client to your local instance.

If you are using self-signed certificates or a custom CA, you can provide a custom CA file with the --ca-file path/to/cabundle.pem option.

HTTP Proxies

If you need to route your request through a proxy, set the http_proxy or https_proxy environment variable to the URL of your proxy endpoint.

Note

Note that, for now, the --no-check-certificate option has no effect on the checking of the proxy certificate: it is always checked.

For more advanced configuration, please refer to the curl documentation.