
Noname Security
API Security- Overview
- Setup
- Data & mappings
- Operations & API
- Changelog
The Noname Security Connector integrates with the Noname Security API security platform. It syncs discovered API endpoints, the sites (hosts) those endpoints belong to, and the security findings detected against them. Findings are split into two models: a finding instance (a specific issue observed on a specific API) and a finding definition (the reusable description of the issue type, including impact, remediation, and OWASP classification). Together these models let Brinqa correlate API-layer vulnerabilities back to the assets they affect.
Data retrieved from Noname Security
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| DynamicCodeFinding | Yes | Dynamic Code Finding |
| DynamicCodeFindingDefinition | Yes | Dynamic Code Finding Definition |
| Site | Yes | Site |
| ApiEndpoint | Yes | Api Endpoint |
Model relationships
For detailed steps on how to view the data retrieved from Noname Security in the Brinqa Platform, see How to view your data.
Connection settings
When setting up a data integration, select Noname Security from the Connector dropdown and provide the following:
| Setting | Required | Default | Description |
|---|---|---|---|
| Server URL | No | — | Noname security server URL |
| Api token | No | — | Noname security api token |
| Page size | No | — | Maximum number of records to get per API request |
| Parallel requests | No | — | Maximum number of parallel API requests |
Authentication
The connector authenticates with a long-lived Bearer API token. The token is supplied as a confidential configuration property and is sent on every request in the Authorization header. There is no separate token-exchange/login call — the configured token is used directly.
Connectivity Test Endpoint
On configuration, the connector validates connectivity by issuing a paged request against the policy findings endpoint:
| Method | URL |
|---|---|
GET | {url}/api/v4/policies/findings?limit=1&offset=0 |
Request Headers
| Header | Value |
|---|---|
Authorization | Bearer {apiToken} |
Accept | application/json |
Request Body
No request body is sent; all requests are GET requests with query parameters.
Sample Response
A successful test/list request returns a JSON envelope:
{
"count": 1,
"entities": [
{
"id": "bd1d2706-f289-4a87-bd21-1093a3a8a1a5",
"title": "Internet-Facing API Receives Sensitive Data in Query Params",
"typeId": "36102"
}
],
"moreEntities": true
}
Response Fields
| Field | Description |
|---|---|
count | Number of entities returned in this page. |
entities | Array of records (findings or API endpoints, depending on the endpoint). |
moreEntities | Whether additional pages are available. |
Token Usage in Subsequent Requests
The same Bearer token is attached to the Authorization header of every subsequent paged request (/api/v4/findings, /api/v4/findings/{id}, /api/v3/apis). Paging is performed with limit and offset query parameters; multiple pages are fetched in parallel up to the configured parallelism level.
Sync Behavior
The connector supports incremental (delta) syncs. It maintains a sync token between runs and applies it as an incremental timestamp filter, so each run re-processes only the records that changed after the previous sync. The initial run retrieves the complete data set; later runs are incremental. The specific timestamp field applied to each object is documented under that object's Sync Duration Parameter.
How to obtain Noname Security credentials
Generate a Noname Security API token
For the Noname Security connector to use the Noname Management API, you must provide an API token. Only Noname Security Administrators can generate tokens for themselves. You cannot generate a token for other users, even if they have the Admin role.
To generate a token, follow these steps:
-
Login to your Noname Security portal as an administrator.
-
Navigate to Settings > User Management.
-
Click The Users tab and then click Generate API Token.

Your API token displays. You cannot view the token again after this. Copy and save it to a safe and secure location.
Note: If you do not have the permissions to create a token, contact your Noname Security administrator. For additional information, see Noname Security documentation.
Attribute mappings
Expand the sections below to view the mappings between the source and the Brinqa data model attributes:
DynamicCodeFinding
| Source Field Name | SDM Attribute |
|---|---|
derived | TARGETS |
| derived from normalized status | STATUS_CATEGORY |
FindingResource.apiId | API_ID |
FindingResource.comments[].message | COMMENTS |
FindingResource.description | DESCRIPTION |
FindingResource.detectionTime | FIRST_FOUND |
FindingResource.evidence[] | RESULTS |
FindingResource.host | HOSTNAMES |
FindingResource.id | UID |
FindingResource.lastUpdate | SOURCE_LAST_MODIFIED |
FindingResource.method | METHOD |
FindingResource.path | PATH |
FindingResource.resourceGroupName | RESOURCE_GROUP_NAME |
FindingResource.status | SOURCE_STATUS |
FindingResource.status (normalized) | STATUS |
FindingResource.tickets[].alias | TICKETS |
FindingResource.title | NAME |
FindingResource.triggeredOn | TRIGGERED_ON |
FindingResource.typeId | TYPE |
FindingResource.url | URL |
DynamicCodeFindingDefinition
| Source Field Name | SDM Attribute |
|---|---|
| derived from normalized severity | SEVERITY_SCORE |
FindingResource.description | DESCRIPTION |
FindingResource.impact | IMPACT |
FindingResource.investigate | INVESTIGATE |
FindingResource.module | MODULE |
FindingResource.owaspTags | TAGS |
FindingResource.remediation | RECOMMENDATION |
FindingResource.severity | SOURCE_SEVERITY |
FindingResource.severity (normalized) | SEVERITY |
FindingResource.title | NAME |
FindingResource.typeId | UID |
Site
| Source Field Name | SDM Attribute |
|---|---|
ApiEndpointResource.host | UID |
ApiEndpointResource.host | NAME |
| constant Web Application | CATEGORIES |
ApiEndpoint
| Source Field Name | SDM Attribute |
|---|---|
ApiEndpointResource.accountId | ACCOUNT_ID |
ApiEndpointResource.AIRIDs | AIR_IDS |
ApiEndpointResource.apiGateway | API_GATEWAY |
ApiEndpointResource.apiType | API_TYPE |
ApiEndpointResource.applications | APPLICATIONS |
ApiEndpointResource.auth | AUTH |
ApiEndpointResource.backendServer | BACKEND_SERVER |
ApiEndpointResource.cloudEntitiesTagList | CLOUD_ENTITIES_TAG_LIST |
ApiEndpointResource.dataTypesIds | DATA_TYPES_IDS |
ApiEndpointResource.datatypeTags | DATA_TYPE_TAGS |
ApiEndpointResource.distinctUsers | DISTINCT_USERS |
ApiEndpointResource.host | HOST |
ApiEndpointResource.id | UID |
ApiEndpointResource.internetFacing | INTERNET_FACING |
ApiEndpointResource.lastSeen | LAST_SEEN |
ApiEndpointResource.lastUpdate | SOURCE_LAST_MODIFIED |
ApiEndpointResource.loadBalancer | LOAD_BALANCER |
ApiEndpointResource.method | SUPPORTED_METHODS |
ApiEndpointResource.openapiFileNames | APM_NUMBERS |
ApiEndpointResource.openapiSpecState | OPENAPI_SPEC_STATE |
ApiEndpointResource.owner | OWNER |
ApiEndpointResource.path | PATH |
ApiEndpointResource.recentlyUpdated | RECENTLY_UPDATED |
ApiEndpointResource.requestDatatypes | REQUEST_DATATYPES |
ApiEndpointResource.requestDatatypeTags | REQUEST_TAGS |
ApiEndpointResource.resourceGroupName | RESOURCE_GROUP_NAME |
ApiEndpointResource.responseDatatypes | RESPONSE_DATATYPES |
ApiEndpointResource.responseDatatypeTags | RESPONSE_TAGS |
ApiEndpointResource.sources | SOURCES |
ApiEndpointResource.tags | TAGS |
ApiEndpointResource.targetHost | TARGET_HOST |
ApiEndpointResource.targetServers | TARGET_SERVERS |
| constant API Endpoint | CATEGORIES |
| host + path | ENDPOINT |
host + path (or apiName when present) | NAME |
Operations & API
Expand each connector object to see its operation options, delta-sync behavior, and the API it uses. See connector operation options for how to apply operation options (keys and values are case-sensitive).
DynamicCodeFinding
Operation options
This object does not support any operation options.
Delta sync
Supported.
API
- Type: REST endpoint · Endpoint:
GET /api/v4/findings - Default filters:
severity,status(from operation options);lastUpdateStartDateon incremental sync
DynamicCodeFindingDefinition
Operation options
This object does not support any operation options.
Delta sync
Supported.
API
- Type: REST endpoint · Endpoint:
GET /api/v4/findings - Default filters:
lastUpdateStartDateon incremental sync
Site
Operation options
This object does not support any operation options.
Delta sync
Supported.
API
- Type: REST endpoint · Endpoint:
GET /api/v3/apis
ApiEndpoint
Operation options
This object does not support any operation options.
Delta sync
Supported.
API
- Type: REST endpoint · Endpoint:
GET /api/v3/apis - Default filters:
host,path(from operation options; default to empty string)
Changelog
The Noname Security connector has undergone the following changes:
| Version | Description | Migration Steps |
|---|---|---|
| 3.0.3 | Improvements - Hardened data synchronization against intermittent network interruptions. Premature connection and "end of chunk" errors encountered while reading API responses are now retried automatically, and other error conditions are surfaced with clearer messages, reducing failed or partial sync runs. | N/A |
| 3.0.2 | New Features - Api Endpoint assets now include APM numbers, populated from the associated OpenAPI specification file names, giving you additional context to correlate endpoints with their API management records. | N/A |
| 3.0.1 | Bug Fixes - Dynamic Code Finding comments and tickets are now de-duplicated, and entries with no message or alias are no longer included. This prevents duplicate and empty values from appearing on findings. | N/A |
| 3.0.0 | Overview The Noname Security connector integrates with the Noname Security platform to synchronize API endpoint and site assets along with dynamic code findings and their definitions. Category: Api Security Models | N/A |