Skip to content
Contact us
  • There are no suggestions because the search field is empty.

Security Journey Reporting API v3

Use our Reporting API to send learner data to other tools such a business intelligence and data visualization programs.

Security Journey Reporting API v3 

Security Journey provides Program Administrators access to a RESTful API; this can be used to generate custom reports within a BI tool or pull reporting metrics into your Learning Managment System (LMS) building management reports.

Generating an API Key

You must be a Security Journey Admin to have access to the API key generator. Keep in mind, if you are already using the v2 API and have an API key, the existing keys will work with the v3 API.

To generate a new API Key you will go to More > Admin > Settings > API. Follow the steps below:

  • Name your key

  • Click Generate
  • Copy the key and store it in a safe place
  • Click "Done"

If you don't click "Done" the key will not be saved and will be invalid. You should see this screen if the API Key was generated successfully.

Use this API key to authenticate against the v3 API by providing it in the Authorization header as a bearer token.

For example: Authorization: Bearer {my API token}

API Documentation

The v3 API route is: https://my.securityjourney.com/api/v3/public-reporting/{endpoint}

The available endpoints are:

Function Endpoint
Users progress in their levels and current paths /api/v3/public-reporting/enrollments
Users Details

/api/v3/public-reporting/users
Users progress in assignments 

/api/v3/public-reporting/assignments
Users lesson attempt data (lessons started & completed) /api/v3/public-reporting/lesson-attempts
Users progress in their paths

/api/v3/public-reporting/progress
Users Champion Passport activity details

/api/v3/public-reporting/activities
User Assessment data 

/svc/public-reporting/assessments

Our v3 API has improved query and filtering parameters, such as text search, status filtering, date range filtering, include/exclude archived users, etc.

*June 2025 Update: We've increased the row limit to 10,000 and added data to the response that tells you how many rows there are and which rows your request has returned.

Connecting to the Security Journey API from Power BI

When connecting to the Security Journey API in Power BI, it’s important to use the correct API endpoints to avoid authentication errors.

Why the Standard URLs Don’t Work

Our standard API URLs use an HTTP 302 redirect. While this is fine in most browsers and development tools, Power BI’s Web connector does not automatically follow redirects for authenticated API calls.

If you try connecting to the standard endpoint, you may encounter:

"We couldn't authenticate with the credentials provided. Please try again."

This happens because Power BI attempts to authenticate before following the redirect, which causes the request to fail.

Solution:

Use /svc/public-reporting Endpoints

Instead of the standard URL structure, use the direct “svc” path, which bypasses the redirect and allows Power BI to authenticate correctly.

Example:

Incorrect (will cause a 302 redirect)

https://my.securityjourney.com/api/v3/public-reporting/enrollments

Correct (direct endpoint)

https://my.securityjourney.com/svc/public-reporting/enrollments

Example Responses

Optional Fields: company, jobRole, securityChampion (as seen below) will be included in the API response if they are uploaded to the Security Journey Platform. See article Learner Attributes for more details.

GET https://my.securityjourney.com/api/v3/public-reporting/enrollments

{

"enrollments":[

{

"user":{

"email":"john_smith@securityjourney.com",

"firstName":"John",

"lastName":"Smith",

"totalPoints":0,

"securityChampion":"f",

"archived":true,

"archivedAt":"2024-04-09T13:45:43.355836Z"

},

"levelEnrollment":{

"levelName":"Foundational",

"levelType":"level",

"status":"in_progress",

"totalLessons":7,

"passedLessons":0,

"pointsEarned":0,

"updatedAt":"2024-01-22T13:46:24.193Z",

"createdAt":"2024-01-22T13:46:24.193Z"

},

"pathEnrollment":{

"pathName":"HackEDU: OWASP API Top 10",

"status":""

}

}

GET https://my.securityjourney.com/api/v3/public-reporting/users

{

"email":"john_smith@securityjourney.com",

"firstName":"John",

"lastName":"Smith",

"totalPoints":0,

"securityChampion":"f",

"archived":true,

"archivedAt":"2023-12-15T19:48:33.630916Z"

}

GET https://my.securityjourney.com/api/v3/public-reporting/assignments

{

"assignments":[

{

"user":{

"email":"john_smith@securityjourney.com",

"firstName":"John",

"lastName":"Smith",

"totalPoints":2767,

"company":"SecurityJourney",

"jobRole":"Sr. Devops Engineer",

"businessUnit":"DevOps",

"team":"DevOps",

"securityChampion":"false",

"timeSpent":"49h1m50.000000s"

},

"assignmentName":"Annual Compliance Training",

"pathName":"Content Engineering 2024",

"dueDate":"2025-05-30T23:59:59Z",

"passedLessons":0,

"totalLessons":14,

"status":"overdue"

}

GET https://my.securityjourney.com/api/v3/public-reporting/lesson-attempts

{

"user":{

"email":"john_smith@securityjourney.com",

"firstName":"John",

"lastName":"Smith",

"totalPoints":16069,

"securityChampion":"f",

"archived":true,

"archivedAt":"2023-12-15T19:49:55.539130Z",

"timeSpent":"4h52m25.000000s"

},

"lessonName":"Ruby Static Code Analysis",

"difficulty":"advanced",

"length":"9m",

"status":"passed",

"questions":10,

"correctAnswers":8,

"watchedVideo":"watched",

"readTranscript":"not read",

"startedAt":"2023-02-24T21:07:45.715429Z",

"createdAt":"2023-02-24T21:07:45.567756Z",

"updatedAt":"2023-02-24T21:14:52.087774Z"

}

GET https://my.securityjourney.com/api/v3/public-reporting/progress

{

"user":{

"email":"john_smith@securityjourney.com",

"firstName":"John",

"lastName":"Smith",

"totalPoints":0,

"company":"Security Journey",

"jobRole":"Web Developer",

"securityChampion":"false",

"archived":true,

"archivedAt":"2024-11-13T19:12:31.140936Z"

},

"pathName":"HackEDU: OWASP API Top 10",

"levelName":"Foundational",

"status":"not_started",

"requiredLessons":7,

"requiredLessonsPassed":0,

"lessonsPassed":0,

"allLessons":7,

"startedAt":"2024-03-21T20:26:46.371061Z",

"lastEngagement":"2024-03-21T20:26:46.371061Z",

"createdAt":"2024-03-21T20:26:46.371061Z",

"updatedAt":"2024-07-12T10:54:49.217408Z",

"timeSpent":"0h0m0s",

"pathArchived":true,

"pathArchivedAt":"2024-11-13T19:12:31.140936Z"

}

GET https://my.securityjourney.com/api/v3/public-reporting/activities

{

"activities":[

{

"user":{

"email":"john_smith@securityjourney.com",

"firstName":"John",

"lastName":"Smith",

"totalPoints":16069,

"archived":true,

"archivedAt":"2023-12-15T19:49:55.539130Z",

"timeSpent":"4h52m25.000000s"

},

"text":"Teach by delivering a presentation or talk for my group",

"description":"Presentation about side channel attacks. Explains what a side channel attack is, gives some examples, and gives examples relevant to AWS. Provides a technical explanation of how a side channel attack like spectre can work.",

"points":3,

"status":"in_progress",

"levelName":"Professional",

"createdAt":"2023-06-16T18:35:52.208612Z",

"updatedAt":"2023-06-22T18:55:32.418682Z"

}

GET https://my.securityjourney.com/svc/public-reporting/assessments

{

"assessmentName":"Engineering assessment",

"userGivenName":"John",

"userFamilyName":"Smith",

"userEmail":"john_smith@securityjourney.com",

"programmingLanguage":"javascript",

"status":"completed",

"scorePercentage":30,

"completionDate":"2025-02-11T15:29:36.305519Z",

"dueDate":"2025-02-12T14:37:57.873Z",

"proficiencyScore":"Foundational",

"timeSpentSeconds":403769

}

Note: "status" : "abandoned" means that the user has switched paths. In the Platform UI, it will be displayed as "paused."

If you would like to review our postman collection or swagger documentation, please email support@securityjourney.com and we can send you the files directly.