GlobalSuite® API | GlobalSuite Solutions

Welcome to the GlobalSuite® API, the GRC solution to optimize risk, security, continuity, audit, and compliance processes in your business.

By using the APIs, you can integrate GlobalSuite® with other applications, tools, or systems in your corporate ecosystem. For example:

You can automate the import of assets from other tools.
Synchronize information to export it to another tool for management.
Export records to store them in a repository or data lake (EDL).

You can consult the GlobalSuite® API through the documentation repository GlobalSuite® API. You can also perform tests directly to verify the operations it provides, including reading, writing, modifying, or deleting data.

NOTE: If you want to start using the GlobalSuite® APIs, please contact your provider.

There are demo environments available that can be requested to review and perform integration tests on the available APIs:

Europe:

URL (API documentation):
- https://demo-eu.globalsuitesolutions.com/docs
URL (API integration):
- https://demo-eu.globalsuitesolutions.com/v1

Latam:

URL (API documentation):
- https://demo-la.globalsuitesolutions.com/docs
URL (API integration):
- https://demo-la.globalsuitesolutions.com/v1

Enable API Key

The GlobalSuite® APIs are used securely, preventing unauthorized use. To do this, it is necessary to create an API Key or token that allows authenticated calls.

These API Keys are generated with a specific validity period (a date range) specified by the client or integrator. Before or after the specified dates, the API Key will not be valid, and calls to the endpoints will return the following error message 403:

image2021-9-2_11-38-45.png?version=1&modificationDate=1633944215000&cacheVersion=1&api=v2

Subentities

If multiple Subentities are enabled in GlobalSuite®, a specific API Key must be generated for each entity you want to integrate with a proprietary or third-party tool or service.

In GlobalSuite®, the configuration is common at the company level for all entities, but the data and records are specific to each one. Therefore, if you want to integrate an information repository with a section of the tool (for example, Inventory of Items), an API Key must be created for each entity, as the items registered with that API Key will be created in the entity it is configured for.

NOTE: If multiple entities are not available, it will not be necessary to define multiple keys.

Best practices and tips

Make sure to use a single API Key per application or integration performed.
Periodically change the API Key used for greater security.

Using the API Documentation

In the GlobalSuite® API documentation, the different items or models that can be consumed automatically are shown.

Each of these resources is a symbolic representation of a business domain object in GlobalSuite®. For example, a Service, an Employee, etc.

image2021-7-5_10-40-22.png?version=1&modificationDate=1633944215000&cacheVersion=1&api=v2&width=859

For each of the models, it is possible to consult the endpoints or GET, PUT, POST, and DELETE operations that are allowed:

image2021-7-5_10-54-17.png?version=1&modificationDate=1633944215000&cacheVersion=1&api=v2&width=862

These endpoints correspond to the basic CRUD operations (Create, Read, Update, and Delete):

GET: Endpoint to retrieve one or more models to consult, allowing filtering of these queries.
POST: Endpoint to create a new record for a specific model.
PUT: Endpoint to modify or update some of the values or fields of the model.
DELETE: Endpoint to delete a specific record of the model.

The documentation for each of these endpoints includes the parameters, mandatory or optional, that can be included in each call:

image2021-7-5_10-52-42.png?version=1&modificationDate=1633944215000&cacheVersion=1&api=v2&width=862

Also, in the explorer itself, examples of responses provided in each case are shown, including correct responses or error messages if applicable.

Using a REST client

To make calls to the GlobalSuite® API, it is possible to use different clients that make HTTP calls to the GlobalSuite® server. Both simple calls and more complex processes can be performed using tools like cURL or Postman.

image2021-7-5_10-8-40.png?version=1&modificationDate=1633944215000&cacheVersion=1&api=v2&width=1188

Rate Limit

To avoid performance issues or brute force attacks such as DDoS or similar, a rate limit mechanism has been implemented, which restricts the number of API calls that can be made within a time period.

This limit is general, so the total number of calls made with the same API Key is taken into account, even if they are calls to different endpoints or records.

Currently, this limit is 180 calls per minute.

If this limit is exceeded, subsequent calls will return the error message 429 "Too Many Attempts" to indicate that the rate limit has been exceeded, and it will be necessary to wait to continue using it.

image2022-4-13_13-26-12.png?version=8&modificationDate=1693487682000&cacheVersion=1&api=v2&width=291

Help: Reference Documentation

Before using the GlobalSUITE® APIs, we recommend familiarizing yourself with the GlobalSuite® User Manual, as there is a strong relationship between the business logic and the API.
If you have any questions or possible issues with any of the available endpoints in the GlobalSuite® API Documentation, you can contact our Customer Support Center.
Use the GlobalSuite® API documentation to find references for the latest available version of the REST API.

GlobalSUITE® Security Certification (CSWA)

As part of the continuous improvement cycle in our development processes used in GlobalSuite®, we have conducted an external validation through a security audit of Ethical Hacking.

This verification has been carried out according to the standards OWASP Top Ten 2017 and API Security Top 10 2019, integrating the controls proposed by both standards into our verification and compliance processes.

This audit process has certified the security and resilience of GlobalSUITE®, resulting in the CSWA certificate, in our SaaS and On-Premise environments.

unnamed.png?version=1&modificationDate=1633944215000&cacheVersion=1&api=v2&height=250

API Versioning

As part of the maintenance and service of the APIs offered by GlobalSuite®, version management and change control are included.

The API is always offered in its most updated version ( Current), which will remain valid until a product evolution occurs that involves a Breaking Change.

This breaking change is an update that modifies the structure of calls and/or responses of some of the offered endpoints.

If this situation occurs, the previous version will move to a Deprecated state but will remain accessible until another breaking change occurs, allowing adaptations (if necessary) to maintain the integrations performed.

GlobalSuite® version updates will be notified within the tool after an update and can be consulted at any time in the GlobalSuite® Changelog.

List of GlobalSuite® API Versions

Version	Publication	Status	Description
v0	October 2021	Deprecated	Initial version of the API. Available Inventory API
v1	April 2022	Current	Normalization of endpoints and PUT/POST verbs Available Controls API
	April 2023		Available Tickets API
	July 2023		Available Users API
	December 2023		Available Risk Analysis API