Introduction
Welcome to the reference for the INFIMA API. Use this API to access results on your Security Awareness Training Program.
Authentication
To authorize, use this code:
# With shell, you can just pass the correct header with each request
curl "api_endpoint_here"
-H "X-API-Key: YOUR_API_KEY"
Make sure to replace
YOUR_API_KEY
with your API key.
INFIMA uses API keys to allow access to the API. You can register a new key in the INFIMA Partner Dashboard.
INFIMA expects for the API key to be included in all API requests to the server in a header that looks like the following:
X-API-Key: YOUR_API_KEY
Partner
Get Partner
curl "https://app.infimasecapis.com/v1/partner"
-H "X-API-Key: YOUR_API_KEY"
The above command returns JSON structured like this:
{
"partner_name": "Partner Co",
"created_date": "2010-02-04T18:37:01Z",
"admins": [
{
"id": "521f055b-e0cf-5bcd-9ce0-a412d194d544",
"email": "john.doe@partner.co",
"role": "Administrator",
"created_date": "2010-10-17T17:37:54Z"
},
{
"id": "28c114e8-28a9-5b70-bca6-5d0edeb7dbc8",
"email": "jane.doe@partner.co",
"role": "User",
"created_date": "2010-07-27T15:43:17Z"
}
]
}
This API retrieves data for a partner. A partner manages Security Awareness Training for multiple clients.
Request
Header | Type | Required |
---|---|---|
X-API-KEY |
String | Required |
Response
On success, the HTTP status code in the response header is 200 OK and the response body contains a partner object in JSON format.
Client
Get Clients
curl "https://app.infimasecapis.com/v1/clients?limit={limit}&offset={offset}"
-H "X-API-Key: YOUR_API_KEY"
The above command returns JSON structured like this:
{
"items": [
{
"id": 1,
"client_name": "Client 1",
"phishing_click_rate_total": 25.0,
"phishing_click_rate_last_year": 25.0,
"training_on_track_rate": 33.3333,
"user_count": 500,
"created_date": "2010-02-04T18:37:01Z"
},
{
"id": 2,
"client_name": "Client 2",
"phishing_click_rate_total": 40.0,
"phishing_click_rate_last_year": 40.0,
"training_on_track_rate": 33.3333,
"user_count": 2000,
"created_date": "2010-04-01T18:17:13Z"
}
],
"limit": 2,
"offset": 0,
"total": 20
}
This API retrieves data for all clients associated with an INFIMA account. A client is a company that is subscribed to INFIMA Services.
Request
Header | Type | Required |
---|---|---|
X-API-KEY |
String | Required |
Query Parameter | Description | Type | Required |
---|---|---|---|
limit |
Maximum number of objects to return. Default 20. Minimum 1. Maximum 50. | Integer | Optional |
offset |
The index of the first object to return. Default: 0 (the first object). | Integer | Optional |
Response
On success, the HTTP status code in the response header is 200 OK and the response body contains an array of Client objects (wrapped in a paging object) in JSON format.
User
Get Users
curl "https://app.infimasecapis.com/v1/clients/{client_id}/users"
-H "X-API-Key: YOUR_API_KEY"
The above command returns JSON structured like this:
{
"items": [
{
"id": "521226a6-1f4f-520d-aedb-205cf50990d5",
"email": "joe@companya.com",
"first_name": "Joe",
"last_name": "Doe",
"department": "HR",
"created_date": "2010-01-01T00:00:00Z",
"phishing_click_rate_total": 20.0,
"phishing_click_rate_last_year": 20.0,
"training_on_track": false,
"next_course": "Phishing",
"courses_behind": 2
},
{
"id": "8cc9bfd4-0da6-59de-b5f5-f28e2779a828",
"email": "john.doe@companya.com",
"first_name": "John",
"last_name": "Doe",
"department": "Engineering",
"created_date": "2010-01-27T15:37:06Z",
"phishing_click_rate_total": 50.0,
"phishing_click_rate_last_year": 50.0,
"training_on_track": true,
"next_course": "",
"courses_behind": 0
}
],
"limit": 2,
"offset": 0,
"total": 5
}
This API retrieves data for all users for a given client.
Request
Header | Type | Required |
---|---|---|
Authorization |
String | Required |
Path Parameter | Description | Type | Required |
---|---|---|---|
client_id |
The id of the client to return users for | Integer | Required |
Query Parameter | Description | Type | Required |
---|---|---|---|
limit |
Maximum number of objects to return. Default 20. Minimum 1. Maximum 50. | Integer | Optional |
offset |
The index of the first object to return. Default: 0 (the first object). | Integer | Optional |
Response
On success, the HTTP status code in the response header is 200 OK and the response body contains an array of User objects (wrapped in a paging object) in JSON format.
Get User Training Results
curl "https://app.infimasecapis.com/v1/users/{user_id}/training"
-H "X-API-Key: YOUR_API_KEY"
The above command returns JSON structured like this:
{
"items": [
{
"order": 1,
"course_name": "Safe Web Usage",
"passed": true,
"passed_date": "2010-06-07T18:36:17Z"
},
{
"order": 2,
"course_name": "Phishing and Safe Email Use",
"passed": false,
"passed_date": "0001-01-01T00:00:00Z"
},
{
"order": 3,
"course_name": "Securing Your Electronic Data and Devices",
"passed": true,
"passed_date": "2010-04-15T21:11:04Z"
},
{
"order": 4,
"course_name": "Introduction to Social Engineering",
"passed": true,
"passed_date": "2010-04-15T21:11:04Z"
}
],
"limit": 20,
"offset": 0,
"total": 4
}
This API retrieves training data for a specific user.
Request
Header | Type | Required |
---|---|---|
Authorization |
String | Required |
Path Parameter | Description | Type | Required |
---|---|---|---|
user_id |
The id of the user | String | Required |
Query Parameter | Description | Type | Required |
---|---|---|---|
limit |
Maximum number of objects to return. Default 20. Minimum 1. Maximum 50. | Integer | Optional |
offset |
The index of the first object to return. Default: 0 (the first object). | Integer | Optional |
Response
On success, the HTTP status code in the response header is 200 OK and the response body contains an array of TrainingResults objects (wrapped in a paging object) in JSON format.
Get User Phishing Results
curl "https://app.infimasecapis.com/v1/users/{user_id}/phishing"
-H "X-API-Key: YOUR_API_KEY"
The above command returns JSON structured like this:
{
"items": [
{
"status": "Clicked",
"status_date": "2010-12-11T17:45:04Z"
},
{
"status": "Opened",
"status_date": "2010-12-11T17:45:04Z"
},
{
"status": "Clicked",
"status_date": "2010-12-11T17:45:04Z"
},
{
"status": "Opened",
"status_date": "2010-12-11T17:45:04Z"
},
{
"status": "Sent",
"status_date": "2010-12-11T17:45:04Z"
},
{
"status": "Sent",
"status_date": "2010-12-11T17:45:04Z"
},
{
"status": "Clicked",
"status_date": "2010-12-09T20:51:50Z"
},
{
"status": "Clicked",
"status_date": "2010-09-12T00:00:00Z"
},
{
"status": "Opened",
"status_date": "2010-09-12T00:00:00Z"
}
],
"limit": 20,
"offset": 0,
"total": 9
}
This API retrieves training data for a specific user.
Request
Header | Type | Required |
---|---|---|
Authorization |
String | Required |
Path Parameter | Description | Type | Required |
---|---|---|---|
user_id |
The id of the user | String | Required |
Query Parameter | Description | Type | Required |
---|---|---|---|
limit |
Maximum number of objects to return. Default 20. Minimum 1. Maximum 50. | Integer | Optional |
offset |
The index of the first object to return. Default: 0 (the first object). | Integer | Optional |
Response
On success, the HTTP status code in the response header is 200 OK and the response body contains an array of PhishingResults objects (wrapped in a paging object) in JSON format.
Objects
PartnerObject
Key | Description | Type |
---|---|---|
partner_name | The partner's name | String |
created_date | The date the partner was created. Timestamps are returned in ISO 8601 format as Coordinated Universal Time (UTC) with a zero offset: YYYY-MM-DDTHH:MM:SSZ. | Timestamp |
admins | The admins at the partner. | Array[AdminObject] |
ClientObject
Key | Description | Type |
---|---|---|
id | The client's id | Integer |
client_name | The client's name | String |
created_date | The date the client was created. Timestamps are returned in ISO 8601 format as Coordinated Universal Time (UTC) with a zero offset: YYYY-MM-DDTHH:MM:SSZ. | Timestamp |
user_count | The number of users at the client. | Integer |
phishing_click_rate | The phishing click rate for the entire client. Values range from 0 - 100. | Float |
training_on_track_rate | The percentage of users at a client who are On-Track. Values range from 0 - 100. | Float |
UserObject
Key | Description | Type |
---|---|---|
id | The user's id | String |
The user's email address | String | |
first_name | The user's first name | String |
last_name | The user's last_name | String |
department | The user's department | String |
created_date | The date the user was created. Timestamps are returned in ISO 8601 format as Coordinated Universal Time (UTC) with a zero offset: YYYY-MM-DDTHH:MM:SSZ. | Timestamp |
phishing_click_rate | The percentage of phishing attacks the user has clicked on. Values range from 0 - 100 | Float |
training_on_track | The user's training status. True if user is caught up on all courses. | Boolean |
next_course | The name of the next course for the user to complete. | String |
courses_behind | The number of courses the user needs to complete to be On-Track | Integer |
AdminObject
Key | Description | Type |
---|---|---|
id | The user's id | String |
The user's email address | String | |
role | The user's role. Either User or Administrator. | String |
first_name | The user's first name | String |
last_name | The user's last name | String |
created_date | The date the admin was created. Timestamps are returned in ISO 8601 format as Coordinated Universal Time (UTC) with a zero offset: YYYY-MM-DDTHH:MM:SSZ. | Timestamp |
TrainingResultsObject
Key | Description | Type |
---|---|---|
order | The order of the course. Begins with course 1. | Integer |
course_name | The course name | String |
completed | Has the user completed the course | Boolean |
completed_date | The date the user completed the course. Timestamps are returned in ISO 8601 format as Coordinated Universal Time (UTC) with a zero offset: YYYY-MM-DDTHH:MM:SSZ. | Timestamp |
PhishingResultsObject
Key | Description | Type |
---|---|---|
status | The status of the simulated phish event. Values can be Sent, Opened, Clicked. | String |
status_date | The date the status event occurred. For example, when was the phish sent. Timestamps are returned in ISO 8601 format as Coordinated Universal Time (UTC) with a zero offset: YYYY-MM-DDTHH:MM:SSZ. | Timestamp |
PagingObject
Key | Description | Type |
---|---|---|
items | The requested data | Array[Object] |
limit | The maximum number of objects returned | Integer |
offset | The offset of the items returned | Integer |
total | The total number of items available to return | Integer |
Errors
The INFIMA API uses the following error codes:
Error Code | Meaning |
---|---|
400 | Bad Request -- Your request is invalid. |
401 | Unauthorized -- Your API key is wrong. |
429 | Too Many Requests -- You've made too many requests for a given time period. |
500 | Internal Server Error -- We had a problem with our server. Try again later. |
503 | Service Unavailable -- We're temporarily offline for maintenance. Please try again later. |