The following is an example of how you can use the Security Awareness Training API written in PHP.
<?php
/*
* This script shows how to authenticate and get an access token, then use the access token to retrieve a campaign, and that campaign's results.
*
* This program assumes that you will have results for your first campaign to show. If not, you should modify to use a campaign ID for a campaign that does have results/stats to display.
* You will need to adjust the values for the following constants:
*
* API_URL - change 'phishline_example' to the value for your instance. Usually, this is 'phishline_yourcompanyname'.
* AUTH_NAME - This will be the user account which has been given API access.
* AUTH_PW - The password for AUTH_NAME.
* AUTH_API_KEY - the API key will be created by your administrator in from 'System' -> 'API Keys' menu item.
*
*/
namespace Barracuda\PhishLine\API;
if (file_exists('.example.env.php')) {
print("Loading authentication constants from .example.env.php...\n");
// set the 4 required constants from .example.env.php.
require_once('.example.env.php');
} else {
print("Loading default authentication constants...\n");
// Otherwise, change the constants here.
define('API_URL', 'https://api.phishline.com/phishline_example/rest/');
define('AUTH_NAME', 'MyTestUser');
define('AUTH_PW', 'MyTestPassword');
define('AUTH_SSO_TYPE', '');
define('AUTH_SSO_CONFIG_ID', '');
define('AUTH_API_KEY', 'example-abcd-1234-defg-abcdabcd12345678');
}
// Do not change these items.
const AUTH_ENDPOINT = 'authenticate';
const CAMPAIGN_ENDPOINT = 'campaigns';
const CAMPAIGN_RESULTS_ENDPOINT = 'campaignresults';
// Begin the API calls, and print retrieved data to screen.
ApiUseExample::go();
// exit the program.
exit;
/**
* ApiUseExample - example for authentication and usage of campaign related stat endpoints for PhishLine API.
*
*/
class ApiUseExample {
/**
* go - run the example to retrieve an access token, all campaigns, a single campaign, stats and results from a single campaign.
*
* @static
* @access public
* @return void
*/
public static function go() {
print ("Step 1: get an access token.\n");
$access_token = ApiUseExample::getAccessToken();
print("Step 2: get all the campaigns.\n");
$all_campaigns = ApiUseExample::getCampaigns($access_token);
print_r($all_campaigns);
print("Step 3: Get a single campaign ID from the previous call.\n");
$campaign_id = $all_campaigns['data'][0]['id'];
print("\tExample campaign ID is: ".$campaign_id."\n");
print("Step 4. get a single campaign by id. For example purposes only.
\t You could just use the campaign_id from Step 3, and skip right to step 5.
\t This is just an example of using the endpoint to retrieve a single result if you know the campaign ID you want.\n");
$single_campaign = ApiUseExample::getCampaigns($access_token, $campaign_id);
print_r($single_campaign);
print("Step 5. get all raw results for a single campaign.\n");
$single_campaign_raw_stats = ApiUseExample::getCampaignResults($access_token, $campaign_id);
print_r($single_campaign_raw_stats);
print("\n\nExample complete!\n\n");
} // End function go
/**
* getAccessToken - get an access token from the authenticate endpoint.
*
* @static
* @access public
* @return string the access token
*/
public static function getAccessToken() {
$ch = curl_init();
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_URL, API_URL.AUTH_ENDPOINT);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
'Content-Type: application/json; charset=utf-8',
]);
$json_array = [
'api_key' => AUTH_API_KEY,
'bof_ticket_pw' => AUTH_PW,
'bof_ticket_user' => AUTH_NAME,
'sso' => AUTH_SSO_TYPE,
'bof_sso_config_id' => AUTH_SSO_CONFIG_ID,
];
$body = json_encode($json_array);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
$response = curl_exec($ch);
if (!$response) {
die('Error: "' . curl_error($ch) . '" - Code: ' . curl_errno($ch));
}
$vals = json_decode($response, TRUE);
if (isset($vals['data']['access_token'])) {
print("Access token created successfully: ". $vals['data']['access_token'] . "\n");
curl_close($ch);
return $vals['data']['access_token'];
} else {
echo 'HTTP Status Code: ' . curl_getinfo($ch, CURLINFO_HTTP_CODE) . PHP_EOL;
echo 'Response Body: ' . $response . PHP_EOL;
print("ERROR: Something went wrong in ".__FUNCTION__.". Response was: \n");
curl_close($ch);
die;
}
} // End function getAccessToken
/**
* getCampaigns - get all campaigns in your instance, or a single campaign if campaign_id is passed.
*
* @param string $access_token (required) The access token acquired from the authenticate endpoint.
* @param int $campaign_id (optional) The campaign ID. If no campaign ID is passed, all results are retrieved.
* @static
* @access public
* @return array results transformed to an associative array
*/
public static function getCampaigns($access_token, $campaign_id=NULL) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
// add the campaign_id to the endpoint if present. If not, we retrieve all campaigns.
if ($campaign_id != NULL) {
curl_setopt($ch, CURLOPT_URL, API_URL.CAMPAIGN_ENDPOINT.'/'.intval($campaign_id));
} else {
curl_setopt($ch, CURLOPT_URL, API_URL.CAMPAIGN_ENDPOINT);
}
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
'Content-Type: application/json; charset=utf-8',
'Authorization: Bearer '.$access_token,
]);
$response = curl_exec($ch);
if (!$response) {
die('Error: "' . curl_error($ch) . '" - Code: ' . curl_errno($ch));
}
$vals = json_decode($response, TRUE);
if (isset($vals['data'][0]['id'])) {
print("Campaigns found. Returning all campaigns.\n");
curl_close($ch);
return $vals;
} else {
echo 'HTTP Status Code: ' . curl_getinfo($ch, CURLINFO_HTTP_CODE) . PHP_EOL;
echo 'Response Body: ' . $response . PHP_EOL;
print("ERROR: Something went wrong in ".__FUNCTION__."\n");
curl_close($ch);
die;
}
} // End function getCampaigns
/**
* getCampaignResults - get raw results of your campaign.
*
* @param string $access_token (required) The access token acquired from the authenticate endpoint.
* @param int $campaign_id (required) The campaign ID.
* @static
* @access public
* @return array results transformed to an associative array
*/
public static function getCampaignResults($access_token, $campaign_id) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_URL, API_URL.CAMPAIGN_RESULTS_ENDPOINT.'/'.intval($campaign_id));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
'Content-Type: application/json; charset=utf-8',
'Authorization: Bearer '.$access_token,
]);
$response = curl_exec($ch);
if (!$response) {
die('Error: "' . curl_error($ch) . '" - Code: ' . curl_errno($ch));
}
$vals = json_decode($response, TRUE);
if (isset($vals['data'][0])) {
print("Campaign Results found. This is all raw results.\n");
curl_close($ch);
return $vals;
} else {
echo 'HTTP Status Code: ' . curl_getinfo($ch, CURLINFO_HTTP_CODE) . PHP_EOL;
echo 'Response Body: ' . $response . PHP_EOL;
print("ERROR: Something went wrong in ".__FUNCTION__."\n");
curl_close($ch);
die;
}
} // End function getCampaignResults
} // End class ApiUseExample