ICT-Governance-Framework-Application

CASB App Catalog API

Overview

The Cloud App Security (CASB) App Catalog API is a comprehensive solution for managing cloud application governance through a dynamic, interactive platform. It empowers employees with self-service capabilities while providing IT administrators with powerful management and analytics tools.

Key Features

For Employees

For IT Administrators

Architecture

Components

┌─────────────────────────────────────────────────────────────┐
│                    CASB App Catalog API                      │
├─────────────────────────────────────────────────────────────┤
│                                                              │
│  ┌──────────────────┐        ┌──────────────────┐         │
│  │ Employee-Facing  │        │ Admin-Facing     │         │
│  │ Endpoints (8)    │        │ Endpoints (9)    │         │
│  └──────────────────┘        └──────────────────┘         │
│           │                           │                     │
│           └───────────┬───────────────┘                     │
│                       │                                     │
│           ┌───────────▼───────────┐                        │
│           │  Compliance           │                        │
│           │  Validation Service   │                        │
│           └───────────┬───────────┘                        │
│                       │                                     │
│           ┌───────────▼───────────┐                        │
│           │  PostgreSQL Database  │                        │
│           │  (13 tables)          │                        │
│           └───────────────────────┘                        │
└─────────────────────────────────────────────────────────────┘

Technology Stack

Installation

Prerequisites

Setup

  1. Install dependencies:
    cd ict-governance-framework
    npm install
    
  2. Set up database:
    psql $DATABASE_URL -f db-casb-app-catalog-schema.sql
    
  3. Configure environment variables (in .env):
    DATABASE_URL=postgresql://username:password@localhost:5432/ict_governance_framework
    PORT=4000
    
  4. Start the server:
    npm run server
    

Usage

Running Tests

# Run unit tests
npm run test-casb

# Run integration tests (requires server running)
npm run test-casb-integration

API Endpoints

Employee-Facing Endpoints

Method Endpoint Description
GET /api/casb/catalog/me Get personalized app catalog
GET /api/casb/catalog/:appId Get app details with compliance info
POST /api/casb/catalog/:appId/request-approval Request app approval
POST /api/casb/catalog/report-shadow-app Report shadow IT
GET /api/casb/catalog/me/compliance Check compliance status
POST /api/casb/catalog/:appId/acknowledge-policy Acknowledge policy
GET /api/casb/notifications/me Get user notifications
POST /api/casb/feedback/apps/:appId Submit app feedback

Admin-Facing Endpoints

Method Endpoint Description
GET /api/casb/admin/catalog View all applications
POST /api/casb/admin/catalog Add new application
PUT /api/casb/admin/catalog/:appId Update application
DELETE /api/casb/admin/catalog/:appId Remove application
GET /api/casb/admin/app-requests View approval requests
PUT /api/casb/admin/app-requests/:requestId Process request
GET /api/casb/admin/app-usage-analytics Get usage analytics
GET /api/casb/admin/shadow-it-reports View shadow IT reports
POST /api/casb/admin/policy-updates/broadcast Broadcast policy update

See API Documentation for detailed endpoint documentation.

Database Schema

The API uses a comprehensive PostgreSQL schema with 13 tables:

Core Tables

User Interaction Tables

Supporting Tables

Examples

Get Personalized Catalog (Employee)

const axios = require('axios');

const response = await axios.get('http://localhost:4000/api/casb/catalog/me', {
  headers: {
    'x-user-id': 'user-123',
    'x-user-role': 'Employee',
    'x-user-department': 'Marketing'
  }
});

console.log(response.data.apps);

Request App Approval (Employee)

const response = await axios.post(
  'http://localhost:4000/api/casb/catalog/app-002/request-approval',
  {
    businessJustification: 'Need for team collaboration',
    department: 'Marketing',
    estimatedUsers: 5,
    urgency: 'Medium'
  },
  {
    headers: {
      'x-user-id': 'user-123',
      'Authorization': 'Bearer your-jwt-token'
    }
  }
);

console.log(response.data.data.requestId);

Get Usage Analytics (Admin)

const response = await axios.get(
  'http://localhost:4000/api/casb/admin/app-usage-analytics',
  {
    headers: {
      'x-user-id': 'admin-123',
      'x-user-role': 'Administrator'
    }
  }
);

console.log(response.data.analytics);

Security Considerations

Authentication & Authorization

Data Protection

Best Practices

  1. Always use HTTPS in production
  2. Implement proper JWT token validation
  3. Use environment variables for sensitive configuration
  4. Regularly update dependencies
  5. Monitor API usage and anomalies

Integration with Microsoft Defender Cloud App Security

The API integrates with Microsoft Defender Cloud App Security for:

Configuration in services/compliance-validation-service.js:

{
  cloudAppSecurityEndpoint: process.env.CLOUD_APP_SECURITY_API_ENDPOINT,
  apiKey: process.env.CLOUD_APP_SECURITY_API_KEY,
  tenantId: process.env.AZURE_TENANT_ID
}

Monitoring & Maintenance

Health Check

curl http://localhost:4000/api/health

Response includes CASB service status:

{
  "status": "ok",
  "services": {
    "casbAppCatalog": "enabled",
    ...
  }
}

Maintenance Tasks

  1. Update Analytics (recommended: daily):
    SELECT casb_update_usage_analytics();
    
  2. Review Shadow IT Reports (recommended: weekly)
  3. Check for New Vulnerabilities (recommended: daily)
  4. Update Compliance Status (recommended: weekly)

Troubleshooting

Common Issues

Issue: API returns 500 errors

Issue: Compliance validation fails

Issue: Tests fail

Contributing

  1. Create a feature branch
  2. Make your changes
  3. Add/update tests
  4. Run tests: npm run test-casb
  5. Submit a pull request

License

This API is part of the Multi-Cloud Multi-Tenant ICT Governance Framework, released under the MIT License.

Support

Changelog

Version 1.0.0 (2024-01-15)

Roadmap

Planned Features


Last Updated: 2024-01-15
API Version: 1.0.0
Maintainers: ICT Governance Team