Using Postman client to execute VMware AppDefense Partner API

Using Postman client to execute VMware AppDefense Partner API

VMware AppDefense provides a RESTful HTTP API for reading and modifying data via the cloud management console. The AppDefense API uses JSON for all requests and replies and uses the GET, PUT, POST, and DELETE HTTP verbs. All requests are over TLS / HTTPS and the AppDefense server presents a CA-signed TLS certificate.

All API requests require an authorized client. Clients obtain an API key for AppDefense in the AppDefense UI at The API key is currently a JSON Web Token (JWT), however, clients should treat API keys as opaque tokens that might be changed to a non-JWT token at some future date without notice. To authenticate, the client should include their API token in the Authorization HTTP header as a "Bearer" token. API tokens do not currently expire, but they can be manually revoked by the customer via the AppDefense UI. If an API token is incorrect or expired, the AppDefense API will return a 403 Forbidden response.

Now let’s try to query the alarms in an Org using Postman –

Step 1 - Navigate to the "Integrations" tab under settings and select “Provision new API Key”


Step 2 – Copy the endpoint URL & API Key

Step 3 – Open Postman client and under ‘Authorization’ tab select type ‘Bearer Token’ and paste API key in the Token field.

Step 4 – Use the endpoint URL and the method specified for an API to query the cloud management console. In the below screenshot I have used the API to pull all the active alarms in my Org.


Similarly, if you want to list the scopes in your org you execute



Hope this quick how to use Partner API helps you in your day to day administration of AppDefense!

How to locate the Partner REST API Documentation :

Happy AppDefending!

The AppDefense Architect Team.

Version history
Revision #:
1 of 1
Last update:
‎10-24-2019 04:14 AM
Updated by: