Introduction to D3 Command API

In general, the term API encompasses two main functions: sending data to D3 and calling D3's functions. For sending data and creating events and incidents in D3, Webhook Data Ingestion is available under integrations. If users need to develop a new data schema or a new data source, such as an in-house tool, they can create a Custom Integration and establish a webhook for it. For calling D3's functions, users should refer to the D3 Command API.

The documentation within the D3 Command API will provide comprehensive details about the API endpoints available for use within the D3 SOAR platform. Each endpoint follows a consistent three-part structure: Endpoint URL, Request, and Response.

Endpoint URL - Each API request is made using the POST HTTP request method to a specific endpoint URL.

READER NOTE

The URL of all D3 utility command API endpoints conforms to the following structure: https://<site_url>/api/Command/<endpoint>
For example, the Get Incident API endpoint is as follows: https://d3site.net/MainApp/VSOC/api/Command/GetIncidents

Request - Comprises the following details:

• Authentication: The type of authentication required (API keys or JWT).

• Body Parameters: A table containing parameters that must be included in the request body, with their data types, optionality, and descriptions

• Body Sample Data: The sample data used to illustrate the expected format of the response content.

Response - The response is categorized by HTTP status codes, each reflecting the outcome of the request. See HTTP Status Codes for descriptions of the relevant status codes and error handling procedures.

Rate limiting

D3 API supports a maximum of 50 requests per second.

While only a portion of utility commands is currently documented, we are passionately dedicated to expanding this through our ongoing efforts. D3 offers hundreds of built-in utility commands designed to automate data manipulation, enrichment, and various system actions.