Extend SaaS security and governance with Nudge Security's API

The nature of modern SaaS adoption is highly distributed, from where your workforce is located to who chooses and governs the tools they use. Users are distributed across continents, SaaS administrators can be found in any department, and any employee has the power to extend their organization’s attack surface in just a few clicks. At Nudge Security, our approach has always been to work within the understanding that SaaS is decentralized rather than fighting against this reality. 

‍

We also know that the way organizations secure and govern and consume information about your SaaS estate is also decentralized, with data divided between your identity provider, IT work systems, compliance tools, SSO providers, and beyond. Today, Nudge Security is once again extending our platform to embrace the reality of modern work and empower you to centralize SaaS security and governance with our new public API.

‍

With our API, Nudge Security can be the nexus of your SaaS security and governance ecosystem by enabling you to connect to your other critical tools. Now you can not only maintain a single source of truth in Nudge Security, but also seamlessly connect it to the rest of your stack. 

‍

“Using the Nudge Security API, we’ve been able to speed up security processes and connect data silos for faster, risk-informed decision making,” said GridX Team Lead Security Alei Salem. “We’re excited by the possibilities the API unlocks for our team.”

‍

Watch the tutorial below for a quick introduction, or read on for more examples of how your organization can use our API. 

‍

‍

Centralize security visibility and eliminate data silos.

Searching through multiple systems for information about your SaaS attack surface can slow down your team, lead to data silos, and impede your ability to make effective security and governance decisions. Our API enables you to send Nudge Security data to other tools within your security ecosystem for more complete SaaS attack surface visibility and governance. 

‍

You can retrieve data in Nudge Security about your apps, accounts, security events, fields, user groups, labels, and notifications via our REST API for easy integration with other solutions. (Dig into our API documentation for more granular detail on functionality.)

‍

For example, ingesting all Nudge Security events into your SIEM and SOAR tools via our events endpoint enables you to correlate these events with other datasets, giving you a more complete understanding of what’s happening in your environment and helping your team take action quickly to anything that arises. When Nudge Security identifies a data breach affecting an app in your SaaS supply chain, your team can see and respond to that information from a central location instead of switching between systems. 

‍

You can also send Nudge Security data to your favorite business intelligence tool to report on it alongside the rest of your organization’s security data, giving you a more complete picture of your compliance readiness or progress toward key metrics. 

‍

Streamline SaaS governance with automation. 

When your tools can’t talk to each other, your team is left juggling the manual work of keeping multiple systems up to date. Our API reduces that burden by enabling you to add, update, or delete fields and labels for any app or account within Nudge Security. You can update allowed values for existing fields, such as approval statuses, or create your own custom fields or labels to add additional context. 

‍

For example, let’s say you integrate Nudge Security with a ticketing system like Service Now or Jira. When you complete an application onboarding or approval process tracked in your ticketing system, you can use the API to update the app’s approval status within Nudge Security. You can also easily send Nudge Security notifications to your ticketing system to track any associated work.

‍

With custom fields and labels, you can add your own classifications based on another external source. For example, you could add custom attributes to track renewal dates or identify cost centers to help your organization track and manage license costs. You can query these custom attributes using the API. 

‍

What else can you do with our API? The sky’s the limit.

APIs are meant to be built on, and our API enables you to craft your own solution to any number of use cases. In addition to the common examples described above, here are just a few ideas based on use cases from Nudge Security customers:

‍

• Automate compliance management: Identify all unapproved apps that fall under PCI DSS compliance, or create labels in Nudge Security identifying an app’s compliance scope whenever you add an app to your GRC tool.
• Manage app approvals: Check the approval status of an app before allowing an integration with production systems, or update an approval status in Nudge Security based on an outside system. 
• Strengthen SSO management: Validate whether apps or accounts that have been disabled within Okta have actually been deleted.
• Manage your SaaS attack surface. Find all high-risk OAuth grants from apps that have approval status of “not permitted.”
• Trigger automated workflows: Ingesting Nudge Security data into other tools unlocks unlimited potential for automation. To streamline that effort, you can use events from the Nudge Security API to trigger actions and workflows in third-party tools using no-code automation platforms like Tines, Torq, and Tray.io. 

‍

Getting started is easy.

To get started, simply generate an API token within Settings in Nudge Security. (You can revoke access just as easily—and tokens will expire automatically after four weeks of inactivity.) Learn more about how you can retrieve data or modify fields in Nudge Security in our API documentation in Readme.io, which can be used with multiple programming languages. 

‍

Interested in learning more? 

Find out how else Nudge Security can help you meet your SaaS security and governance goals. Start your free 14-day trial today.