Security Journey provides Program Administrators access to a RESTful API; this can be used to generate custom reports within a BI tool or pull reporting metrics into your Learning Managment System (LMS) building management reports.

Generating an API Key

You must be a Security Journey Admin to have access to the API key generator. Keep in mind, if you are already using the v2 API and have an API key, the existing keys will work with the v3 API.

To generate a new API Key you will go to More > Admin > Settings > API. Follow the steps below:

Name your key

Click Generate
Copy the key and store it in a safe place
Click "Done"

If you don't click "Done" the key will not be saved and will be invalid. You should see this screen if the API Key was generated successfully.

Use this API key to authenticate against the v3 API by providing it in the Authorization header as a bearer token.

For example: Authorization: Bearer {my API token}

API Documentation

The v3 API route is: https://my.securityjourney.com/api/v3/public-reporting/{endpoint}

The available endpoints are:

Function	Endpoint
Users progress in their levels and paths	/api/v3/public-reporting/enrollments
Users Details	/api/v3/public-reporting/users
Users progress in assignments	/api/v3/public-reporting/assignments
Users lesson attempt data (lessons started & completed)	/api/v3/public-reporting/lesson-attempts
Users progress in their paths	/api/v3/public-reporting/progress

Our v3 API has improved query and filtering parameters, such as text search, status filtering, date range filtering, include/exclude archived users, etc.

Example Responses

Optional Fields: company, jobRole, securityChampion (as seen below) will be included in the API response if they are uploaded to the Security Journey Platform. See article Learner Attributes for more details.

GET https://my.securityjourney.com/api/v3/public-reporting/enrollments

{
"user": {
"email": "blackhat@securityjourney.com",
"firstName": "The cake",
"lastName": "is a lie!",
"totalPoints": 0,
"company": "Bob Dole",
"jobRole": "HAxoR Extr3me",
"securityChampion": "false",
"archived": true,
"archivedAt": "2024-03-25T15:26:32.907864Z"
},
"levelEnrollment": {
"levelName": "Foundational",
"levelType": "level",
"status": "in_progress",
"totalLessons": 7,
"passedLessons": 0,
"pointsEarned": 0,
"updatedAt": "2024-03-21T20:26:46.371061Z",
"createdAt": "2024-03-21T20:26:46.371061Z"
},
"pathEnrollment": {
"pathName": "HackEDU: OWASP API Top 10",
"status": "not_started",
"pathArchived": true,
"pathArchivedAt": "2023-01-11T23:38:01.601754Z",
"updatedAt": "2024-03-21T20:26:46.371061Z",
"createdAt": "2024-03-21T20:26:46.371061Z"
}

GET https://my.securityjourney.com/api/v3/public-reporting/users

{
"email": "blackhat@securityjourney.com",
"firstName": "The cake",
"lastName": "is a lie!",
"totalPoints": 0,
"company": "Bob Dole",
"jobRole": "HAxoR Extr3me",
"securityChampion": "false",
"archived": true,
"archivedAt": "2024-03-25T15:26:32.907864Z"
}

GET https://my.securityjourney.com/api/v3/public-reporting/assignments

{

"user": {

"email": "blackhat@securityjourney.com",

"firstName": "The cake",

"lastName": "is a lie!",

"totalPoints": 0,

"company": "Bob Dole",

"jobRole": "HAxoR Extr3me",

"securityChampion": "false",

"archived": true,

"archivedAt": "2024-03-25T15:26:32.907864Z"

"pathName": "HackEDU: OWASP API Top 10",

"levelName": "Foundational",

"status": "not_started",

"requiredLessons": 7,

"requiredLessonsPassed": 0,

"lessonsPassed": 0,

"allLessons": 7,

"startedAt": "2024-03-21T20:26:46.371061Z",

"lastEngagement": "2024-03-21T20:26:46.371061Z",

"createdAt": "2024-03-21T20:26:46.371061Z",

"updatedAt": "2024-07-12T10:54:49.217408Z",

"timeSpent": "0h0m0s",

"pathArchived": true,

"pathArchivedAt": "2024-03-25T15:26:32.907864Z"

{
"user": {
"email": "blackhat@securityjourney.com",
"firstName": "The cake",
"lastName": "is a lie!",
"totalPoints": 0,
"company": "Bob Dole",
"jobRole": "HAxoR Extr3me",
"securityChampion": "false",
"archived": true,
"archivedAt": "2024-03-25T15:26:32.907864Z"
},
"assignmentName": "2024 Training for Business Learners",
"pathName": "Foundational: Business Learner",
"dueDate": "2024-09-30T04:00:00Z",
"passedLessons": 0,
"totalLessons": 0,
"status": "not_started"
}

GET https://my.securityjourney.com/api/v3/public-reporting/lesson-attempts

{
"user": {
"email": "blackhat@securityjourney.com",
"firstName": "The cake",
"lastName": "is a lie!",
"totalPoints": 16069,
"archived": true,
"archivedAt": "2023-12-15T19:49:55.539130Z",
"timeSpent": "4h52m25.000000s"
},
"lessonName": "Introduction to Security Journey!",
"difficulty": "basic",
"length": "12m",
"status": "passed",
"questions": 1,
"correctAnswers": 1,
"watchedVideo": "not watched",
"readTranscript": "not read",
"startedAt": "2022-05-05T19:47:46Z",
"createdAt": "2022-05-05T19:47:46Z",
"updatedAt": "2022-05-05T19:47:58Z",
"timeSpent": "0h9m50.000000s"
}

GET https://my.securityjourney.com/api/v3/public-reporting/progress

{
"user": {
"email": "blackhat@securityjourney.com",
"firstName": "The cake",
"lastName": "is a lie!",
"totalPoints": 0,
"company": "Bob Dole",
"jobRole": "HAxoR Extr3me",
"securityChampion": "false",
"archived": true,
"archivedAt": "2024-03-25T15:26:32.907864Z"
},
"pathName": "HackEDU: OWASP API Top 10",
"levelName": "Foundational",
"status": "not_started",
"requiredLessons": 7,
"requiredLessonsPassed": 0,
"lessonsPassed": 0,
"allLessons": 7,
"startedAt": "2024-03-21T20:26:46.371061Z",
"lastEngagement": "2024-03-21T20:26:46.371061Z",
"createdAt": "2024-03-21T20:26:46.371061Z",
"updatedAt": "2024-07-12T10:54:49.217408Z",
"timeSpent": "0h0m0s",
"pathArchived": true,
"pathArchivedAt": "2024-03-25T15:26:32.907864Z"
},

Additionally, we've included links to our postman collection, swagger documentation. These files contain more detailed sample requests and responses:

public_reporting.swagger.json

Security Journey Reporting.postman_collection.json

Security Journey API v2

Using Security Journey with a Learning Management System (LMS)