Share PCI scan

/api/2.0/fo/scan/pci/?action=share

[GET]  [POST]

Share (export) a finished PCI scan to Qualys PCI Merchant where you can generate reports required to prove your PCI compliance. The PCI Merchant account to be used must be already defined as a PCI account link using the Qualys user interface

Permissions - Any user with scan permissions (Manager, Unit Manager or Scanner) can share a PCI scan with one of their own PCI Merchant accounts and obtain share status. The user’s Qualys account must allow access to the PCI scan and must have a link to the target PCI Merchant account.

Share restriction - The following share restriction applies to all users. One PCI scan can be shared (exported) to one PCI Merchant subscription one time only, assuming the share request is successful. (Note: If a particular scan has been exported to any PCI account in the same PCI Merchant subscription as your PCI account, the scan can’t be exported.) If a share request fails for some reason, it's possible to submit another share request for the same PCI scan and PCI Merchant account.

Input Parameters

Parameter

Description

action=share

(Required)

echo_request={0|1}

(Optional) Specify 1 to view (echo) input parameters in the XML output. By default these are not included.

scan_ref={value}

(Required) The scan reference of a finished PCI scan. The scan status of this scan must be “Finished”.

merchant_username={value}

(Required) The user name of the PCI Merchant account that the PCI scan will be exported to. The API user’s Qualys account must have a PCI account link already defined for this target PCI Merchant account.

Sample - Share PCI scan

API request

curl -s -H "X-Requested-With: curl demo 2" -D headers.15 -b

"QualysSession=38255848108d68a2feaf9ee664ca78a7; path=/api; secure" -d

"action=share&merchant_username=manager1@qualys&scan_ref=scan/1281646610.5720"

"https://qualysapi.qualys.com/api/2.0/fo/scan/pci/"

 

Response when request to share PCI scan is successful:

XML output

<?xml version="1.0" encoding="UTF-8" ?>

<!DOCTYPE SIMPLE_RETURN SYSTEM "https://qualysapi.qualys.com/api/2.0/simple_return.dtd">

<SIMPLE_RETURN>

  <RESPONSE>

    <DATETIME>2018-01-17T00:50:39Z</DATETIME>

    <TEXT>Requested share of scan to PCI</TEXT>

    <ITEM_LIST>

      <ITEM>

        <KEY>scan_ref</KEY>

        <VALUE>scan/1281646610.5720</VALUE>

      </ITEM>

      <ITEM>

        <KEY>merchant_username</KEY>

        <VALUE>manager1@qualys</VALUE>

      </ITEM>

    </ITEM_LIST>

  </RESPONSE>

</SIMPLE_RETURN>

 

Response when PCI scan has already been shared:

XML output

<?xml version="1.0" encoding="UTF-8" ?>

<!DOCTYPE SIMPLE_RETURN SYSTEM "https://qualysapi.qualys.com/api/2.0/simple_return.dtd">

<SIMPLE_RETURN>

  <RESPONSE>

    <DATETIME>2018-01-04T14:54:01Z</DATETIME>

    <CODE>999</CODE>

    <TEXT>This scan has already been shared with the Merchant account.</TEXT>

  </RESPONSE>

</SIMPLE_RETURN>

DTD

<platform API server>/api/2.0/simple_return.dtd