Automate application lifecycle management by creating, updating, and deleting applications programmatically via the Cortex Cloud public API endpoints.
The Cortex Cloud public API for applications enables programmatic management of the application inventory, creating, retrieving, updating, and deleting applications that group assets by business context. The application API automates workflows, enabling security teams to integrate application lifecycle management into CI/CD pipelines, infrastructure-as-code provisioning, and organizational onboarding automation.
Note
The application public API does not execute scans, enforce policies, or create issues. Scanning, policy enforcement, and issue creation are performed by their respective subsystems (Unified Application Security policies, scanner orchestration).
Core achievements
Automated application provisioning: Creating applications programmatically eliminates manual console interaction and enables consistent, repeatable application definitions across environments
Business context synchronization: Updating application metadata (owners, compliance, criticality) through the API ensures the Cortex Cloud inventory reflects current organizational structures without manual drift
Posture visibility at scale: Retrieving application-level issue summaries and insights through the API enables integration with external dashboards, reporting tools, and executive briefing systems
Inventory lifecycle management: Deleting deprecated applications through the API maintains inventory hygiene and prevents stale business context from distorting posture metrics
Supported API operations
The Cortex Cloud application public API supports the following operations:
Operation | Method | Endpoint | Description |
|---|---|---|---|
Create application |
|
| Create a new application with a name, business criticality, asset selection criteria, and ownership metadata. |
List applications |
|
| Retrieve all applications with pagination support. |
Get application by ID |
|
| Retrieve a specific application by the unique application identifier. |
Update application |
|
| Update the metadata of an existing application (business criticality, description, owners, compliance). |
Delete application |
|
| Delete an application by the unique application identifier. |
Get configuration |
|
| Retrieve the application settings configuration for the tenant. |
Get issue summary |
|
| Retrieve the issue count summary by issue type for a specific application. |
Get insights |
|
| Retrieve insights data by issue category and item type for a specific application. |
Operational considerations
When designing your automated workflows, keep the following API behaviors in mind:
Updating asset boundaries: The API update operation (
PUT) strictly modifies metadata. It does not support modifying the application's name or its asset selection criteria. To alter these fields, you must delete the existing application and create a new oneData retention on deletion: Deleting an application via the API (
DELETE) only removes the business context grouping. The underlying assets (repositories, packages, IaC resources) and their detected security issues remain in your inventory, but are no longer associated with the deleted application
Technical API Reference
For comprehensive technical details, including request body schemas, status codes, and JSON response examples, refer to the Application API documentation.