The Cloud App Security (CASB) App Catalog API is a comprehensive solution for managing cloud application governance through a dynamic, interactive platform. It empowers employees with self-service capabilities while providing IT administrators with powerful management and analytics tools.
┌─────────────────────────────────────────────────────────────┐
│ CASB App Catalog API │
├─────────────────────────────────────────────────────────────┤
│ │
│ ┌──────────────────┐ ┌──────────────────┐ │
│ │ Employee-Facing │ │ Admin-Facing │ │
│ │ Endpoints (8) │ │ Endpoints (9) │ │
│ └──────────────────┘ └──────────────────┘ │
│ │ │ │
│ └───────────┬───────────────┘ │
│ │ │
│ ┌───────────▼───────────┐ │
│ │ Compliance │ │
│ │ Validation Service │ │
│ └───────────┬───────────┘ │
│ │ │
│ ┌───────────▼───────────┐ │
│ │ PostgreSQL Database │ │
│ │ (13 tables) │ │
│ └───────────────────────┘ │
└─────────────────────────────────────────────────────────────┘
cd ict-governance-framework
npm install
psql $DATABASE_URL -f db-casb-app-catalog-schema.sql
.env):
DATABASE_URL=postgresql://username:password@localhost:5432/ict_governance_framework
PORT=4000
npm run server
# Run unit tests
npm run test-casb
# Run integration tests (requires server running)
npm run test-casb-integration
| Method | Endpoint | Description |
|---|---|---|
| GET | /api/casb/catalog/me |
Get personalized app catalog |
| GET | /api/casb/catalog/:appId |
Get app details with compliance info |
| POST | /api/casb/catalog/:appId/request-approval |
Request app approval |
| POST | /api/casb/catalog/report-shadow-app |
Report shadow IT |
| GET | /api/casb/catalog/me/compliance |
Check compliance status |
| POST | /api/casb/catalog/:appId/acknowledge-policy |
Acknowledge policy |
| GET | /api/casb/notifications/me |
Get user notifications |
| POST | /api/casb/feedback/apps/:appId |
Submit app feedback |
| Method | Endpoint | Description |
|---|---|---|
| GET | /api/casb/admin/catalog |
View all applications |
| POST | /api/casb/admin/catalog |
Add new application |
| PUT | /api/casb/admin/catalog/:appId |
Update application |
| DELETE | /api/casb/admin/catalog/:appId |
Remove application |
| GET | /api/casb/admin/app-requests |
View approval requests |
| PUT | /api/casb/admin/app-requests/:requestId |
Process request |
| GET | /api/casb/admin/app-usage-analytics |
Get usage analytics |
| GET | /api/casb/admin/shadow-it-reports |
View shadow IT reports |
| POST | /api/casb/admin/policy-updates/broadcast |
Broadcast policy update |
See API Documentation for detailed endpoint documentation.
The API uses a comprehensive PostgreSQL schema with 13 tables:
casb_app_catalog - Application informationcasb_app_compliance - Compliance certificationscasb_app_vulnerabilities - Security vulnerabilitiescasb_app_policies - Usage policiescasb_user_app_usage - User application usage trackingcasb_app_requests - Approval requestscasb_shadow_it_reports - Shadow IT reportscasb_policy_acknowledgments - Policy acknowledgmentscasb_app_feedback - User feedback and ratingscasb_app_guidelines - Usage guidelinescasb_app_policy_mapping - App-policy relationshipscasb_user_notifications - User notificationscasb_policy_broadcasts - Policy update broadcastscasb_app_usage_analytics - Analytics dataconst axios = require('axios');
const response = await axios.get('http://localhost:4000/api/casb/catalog/me', {
headers: {
'x-user-id': 'user-123',
'x-user-role': 'Employee',
'x-user-department': 'Marketing'
}
});
console.log(response.data.apps);
const response = await axios.post(
'http://localhost:4000/api/casb/catalog/app-002/request-approval',
{
businessJustification: 'Need for team collaboration',
department: 'Marketing',
estimatedUsers: 5,
urgency: 'Medium'
},
{
headers: {
'x-user-id': 'user-123',
'Authorization': 'Bearer your-jwt-token'
}
}
);
console.log(response.data.data.requestId);
const response = await axios.get(
'http://localhost:4000/api/casb/admin/app-usage-analytics',
{
headers: {
'x-user-id': 'admin-123',
'x-user-role': 'Administrator'
}
}
);
console.log(response.data.analytics);
The API integrates with Microsoft Defender Cloud App Security for:
Configuration in services/compliance-validation-service.js:
{
cloudAppSecurityEndpoint: process.env.CLOUD_APP_SECURITY_API_ENDPOINT,
apiKey: process.env.CLOUD_APP_SECURITY_API_KEY,
tenantId: process.env.AZURE_TENANT_ID
}
curl http://localhost:4000/api/health
Response includes CASB service status:
{
"status": "ok",
"services": {
"casbAppCatalog": "enabled",
...
}
}
SELECT casb_update_usage_analytics();
Issue: API returns 500 errors
Issue: Compliance validation fails
Issue: Tests fail
npm installnpm run test-casbThis API is part of the Multi-Cloud Multi-Tenant ICT Governance Framework, released under the MIT License.
Last Updated: 2024-01-15
API Version: 1.0.0
Maintainers: ICT Governance Team