Download Project Attribution Reports API Guide

Pre-requisites

FOSSA API Token

Generate a FULL access token to use FOSSA's API.

Project locator and revision

You must have a project locator. You can get the list of projects by running this endpoint: Get Projects. In the examples below {revision_idrefers to this revision locator that's needed to run the endpoint successfully.

custom%2BXXXX%2Fhello-world%242024-06-13T00%3A40%3A18Z is an example of a revision locator (that is encoded) such that

custom/XXX refers to beginning of a project locator, typically custom/XXX is the prefix of a project where XXX refers to the organization id. You can find this ID and encode it by going into the project settings.
hello-world is the name of the project in FOSSA
2024-06-13T00%3A40%3A18Z is the revision

Setting the report header (optional)

You can optionally set a custom header by doing so in the UI. Click on "Add Custom Header". Then you'll see settings come up to customize the report header.

On the left side, you will see a button to add a customer header. — On the left side, you will see a button to add a custom header.

CURL Example

Below is an example of how to make this request using curl:

curl -X PUT \
  'https://app.fossa.com/api/projects/{project_locator}' \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer $FOSSA_FULL_ACCESS_API_TOKEN' \
  -d '{
    "reportCustomText": "Test support"
  }'

Endpoints and Parameters

There are some export types in which the report is emailed to you, and some are downloaded to the machine in which you call the endpoint.

1. Plain Text Report (Emailed)

Endpoint: https://app.fossa.com/api/revisions/{revision_id}/attribution/email?format=TXT
Request Method: GET
Status Code: 200 OK
Query Parameters:
- dependencyInfoOptions[]: Specify details to include in the report.
  - Library
  - License
  - CustomTextLicense
  - OtherLicenses
  - Authors
  - Description
  - FullTextLicense
  - Source
  - ProjectUrl
  - PackageDownloadUrl
  - DependencyPaths
  - IssueNotes
- includeProjectLicense: true to include the project license.
- includeLicenseScan: true to include license scan results.
- includeDependencySummary: true to include a summary of dependencies.
- includeDirectDependencies: true to include direct dependencies.
- includeDeepDependencies: true to include deep dependencies.
- includeLicenseList: true to include a list of licenses.
- includeFileMatches: true to include file matches.
- includeLicenseHeaders: true to include license headers.
- includeCopyrightList: true to include a list of copyrights.

2. HTML Report (Download to Machine)

Endpoint: https://app.fossa.com/api/revisions/{revision_id}/attribution/download?download=true&format=HTML
Request Method: GET
Status Code: 200 OK
Query Parameters:
- dependencyInfoOptions[]: Specify details to include in the report.
  - Library
  - License
  - CustomTextLicense
  - OtherLicenses
  - Authors
  - Description
  - FullTextLicense
  - Source
  - ProjectUrl
  - PackageDownloadUrl
  - DependencyPaths
  - IssueNotes
- includeProjectLicense: true to include the project license.
- includeLicenseScan: true to include license scan results.
- includeDependencySummary: true to include a summary of dependencies.
- includeDirectDependencies: true to include direct dependencies.
- includeDeepDependencies: true to include deep dependencies.
- includeLicenseList: true to include a list of licenses.
- includeCopyrightList: true to include a list of copyrights.

3. Markdown Report (Download to Machine)

Endpoint: https://app.fossa.com/api/revisions/{revision_id}/attribution/download?download=true&format=MD
Request Method: GET
Status Code: 200 OK
Query Parameters:
- dependencyInfoOptions[]: Specify details to include in the report.
  - Library
  - License
  - CustomTextLicense
  - OtherLicenses
  - Authors
  - Description
  - FullTextLicense
  - Source
  - ProjectUrl
  - PackageDownloadUrl
  - DependencyPaths
  - IssueNotes
- includeProjectLicense: true to include the project license.
- includeLicenseScan: true to include license scan results.
- includeDependencySummary: true to include a summary of dependencies.
- includeDirectDependencies: true to include direct dependencies.
- includeDeepDependencies: true to include deep dependencies.
- includeLicenseList: true to include a list of licenses.
- includeCopyrightList: true to include a list of copyrights.

4. PDF Report (Emailed)

Endpoint: https://app.fossa.com/api/revisions/{revision_id}/attribution/email?format=PDF
Request Method: GET
Status Code: 200 OK
Query Parameters:
- dependencyInfoOptions[]: Specify details to include in the report.
  - Library
  - License
  - CustomTextLicense
  - OtherLicenses
  - Authors
  - Description
  - FullTextLicense
  - Source
  - ProjectUrl
  - PackageDownloadUrl
  - DependencyPaths
  - IssueNotes
- includeProjectLicense: true to include the project license.
- includeLicenseScan: true to include license scan results.
- includeDependencySummary: true to include a summary of dependencies.
- includeDirectDependencies: true to include direct dependencies.
- includeDeepDependencies: true to include deep dependencies.
- includeLicenseList: true to include a list of licenses.
- includeCopyrightList: true to include a list of copyrights.

5. CSV Report (Download to Machine)

Endpoint: https://app.fossa.com/api/revisions/{revision_id}/attribution/download?download=true&format=CSV
Request Method: GET
Status Code: 200 OK
Query Parameters:
- dependencyInfoOptions[]: Specify details to include in the report.
  - Library
  - License
  - CustomTextLicense
  - OtherLicenses
  - Authors
  - Description
  - FullTextLicense
  - Source
  - ProjectUrl
  - PackageDownloadUrl
  - DependencyPaths
  - IssueNotes
- includeProjectLicense: true to include the project license.
- includeLicenseScan: true to include license scan results.
- includeDependencySummary: true to include a summary of dependencies.
- includeDirectDependencies: true to include direct dependencies.
- includeDeepDependencies: true to include deep dependencies.
- includeFileMatches: true to include file matches.

Example GET Requests

To get a plain text report emailed to you, you would use the following endpoint:

curl -X GET "https://app.fossa.com/api/revisions/{revision_id}/attribution/email?format=TXT&dependencyInfoOptions%5B0%5D=Library&dependencyInfoOptions%5B1%5D=License&dependencyInfoOptions%5B2%5D=CustomTextLicense&dependencyInfoOptions%5B3%5D=OtherLicenses&dependencyInfoOptions%5B4%5D=Authors&dependencyInfoOptions%5B5%5D=Description&dependencyInfoOptions%5B6%5D=FullTextLicense&dependencyInfoOptions%5B7%5D=Source&dependencyInfoOptions%5B8%5D=ProjectUrl&dependencyInfoOptions%5B9%5D=PackageDownloadUrl&dependencyInfoOptions%5B10%5D=DependencyPaths&dependencyInfoOptions%5B11%5D=IssueNotes&includeProjectLicense=true&includeLicenseScan=true&includeDependencySummary=true&includeDirectDependencies=true&includeDeepDependencies=true&includeLicenseList=true&includeFileMatches=true&includeLicenseHeaders=true&includeCopyrightList=true" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $FOSSA_FULL_ACCESS_API_TOKEN"

To download a markdown report directly to your machine, you would use this endpoint:

curl -X GET "<https://app.fossa.com/api/revisions/{revision_id}/attribution/download?download=true&format=MD&dependencyInfoOptions%5B0%5D=Library&dependencyInfoOptions%5B1%5D=License&dependencyInfoOptions%5B2%5D=CustomTextLicense&dependencyInfoOptions%5B3%5D=OtherLicenses&dependencyInfoOptions%5B4%5D=Authors&dependencyInfoOptions%5B5%5D=Description&dependencyInfoOptions%5B6%5D=FullTextLicense&dependencyInfoOptions%5B7%5D=Source&dependencyInfoOptions%5B8%5D=ProjectUrl&dependencyInfoOptions%5B9%5D=PackageDownloadUrl&dependencyInfoOptions%5B10%5D=DependencyPaths&dependencyInfoOptions%5B11%5D=IssueNotes&includeProjectLicense=true&includeLicenseScan=true&includeDependencySummary=true&includeDirectDependencies=true&includeDeepDependencies=true&includeLicenseList=true&includeCopyrightList=true">  
-H "Content-Type: application/json"  
-H "Authorization: Bearer $FOSSA_FULL_ACCESS_API_TOKEN"