API Integration
Spider is designed API first.
- The frontend is headless
- All APIs used by the UIs are accessible and documented in the OpenAPI doc
- You can build new tools, integrate with or extend Spider using its API
Service Accounts management
To interact with Spider APIs, it is recommended to create Service Accounts, and to share with them access to data as you would for users.
- Service Account creation
- Listing Service Accounts
- Adding Service Accounts to Teams
- Sharing agents access to Service Accounts
- Setting extra permissions to Service Accounts
Using the API
Authenticate the Service Account
Spider Service Accounts API connection offers OAuth2 client-credentials
way for connection.
You may use either:
Basic Auth + application/x-www-form-urlencoded
request body
POST /customer/v1/sessions/for/service-account
Authorization: Basic ...
Content-Type: application/x-www-form-urlencoded
Accept: application.json
grant_type=client_credentials
application/x-www-form-urlencoded
request body only
POST /customer/v1/sessions/for/service-account
Content-Type: application/x-www-form-urlencoded
Accept: application.json
grant_type = client_credentials
&client_id = ...
&client_secret=...
application/json
request body
POST /customer/v1/sessions/for/service-account
Content-Type: application/json
Accept: application/json
{
"grant_type": "client_credentials",
"client_id": "...",
"client_secret": "..."
}
Response
The response is in JSON, and contains:
- the JWT to reuse when calling the API,
- its TTL
{
"access_token": "{sa_access_token}",
"token_type": "Bearer",
"expires_in": 5400
}
When using wrong credentials, an error is returned.
The account is locked after a few consecutive unsuccessful attempts.
Select a team
Often, the service account will access Whisperer through a team, in the same way as users.
For this, you need to exchange the service account token for a team token.
GET /teams/v1/teams/{id}/user-token/
Authorization: Bearer {sa_access_token}
Accept: application/json
- Replace {id} your team's id
- Replace {access_token} with the JWT fetched before
The response is in JSON, and contains:
- the team scoped JWT,
{
"token": "{team_access_token}"
}
Search for HTTP communications (for instance)
You may now, for instance, search for erroneous HTTP communications.
POST /web-read/v1/http-com/_search
Authorization: Bearer {team_access_token}
Content-Type: application/json
Accept: application/json
{
"size":20,
"whisperers":["qCC4TpvyThic6FVAYf2VTw"],
"startDate":"2025-05-31T10:00:00.000Z",
"stopDate":"2025-05-31T10:20:00.000Z",
"query":"stats.statusCode:500",
"sort": [{"key":"req.start","order":"desc"}]
}
The result will be a collection of items:
- How many items were found: 607
- The array of the first items
- The query to send as is to get the next page
aggs
is null as no aggregation query was made
- To use aggregation, send a
aggs
field in the request, using Elasticsearch DSL - Look at queries sent by the UI to get samples
{
"total": 607,
"aggs": null,
"items": [{
"@id": "qCC4TpvyThic6FVAYf2VTw.hosts-6997d99564-xq9gp.485758.10.42.0.122-36604-10.42.0.138-3000.3885872403.HTTP.2"
}],
"nextPage": {
"@type": "SearchAction",
"query": {
"size": 20,
"whisperers": ["qCC4TpvyThic6FVAYf2VTw"],
"startDate": "2025-05-31T10:00:00.000Z",
"stopDate": "2025-05-31T10:20:00.000Z",
"query": "stats.statusCode:500",
"sort": [{ "key": "req.start", "order": "desc" }],
"next": [
1748729513.6748428,
"qCC4TpvyThic6FVAYf2VTw.hosts-6997d99564-xq9gp.485758.10.42.0.1-41628-10.42.0.138-3000.210121981.HTTP.0"
]
}
}
}
Getting the payload
You may then want to retrieve the inner payload of communications.
You can ask for response body like this (res):
POST GET /web-read/v1/http-com/{id}/res/body/
Authorization: Bearer {team_access_token}
Use req
to get the request.
By default, the body will be sent with the same headers as captured for Content-Type
and Content-Encoding
.
Only Transfer-Encoding
is not reproduced.
Check the OpenAPI to know what other options you have.
There are tens and more of APIs exposed by Spider to access data and manage its configuration.
Check the OpenAPI to know more, or ask for help / training.
Spider resources model
Here is a simplified view of Spider resources and their links.
To help you with your exploration.