# Get TOE ID Rating source: https://developer.mastercard.com/riskrecon-api/documentation/testing/toe-samples/get-toe-rating-smpl/index.md Allows you to retrieve cybersecurity and privacy ratings for a specific Target of Evaluation (TOE). ## Pre-requisites {#pre-requisites} Refer to the [Get Toe ID Rating](https://developer.mastercard.com/riskrecon-api/documentation/use-cases/portfolio-management/portfolio/get-toe-rating/index.md) use case. ## Request URL for the Sandbox environment {#request-url-for-the-sandbox-environment} ```bash GET https://api.sandbox.riskrecon.com/v1/toes/{toe_id}/ratings ``` ## Request URL for the Production environment {#request-url-for-the-production-environment} ```bash GET https://api.riskrecon.com/v1/toes/{toe_id}/ratings ``` ## Test Cases {#test-cases} ### Test Case: Success - Get TOE ID rating {#test-case-success---get-toe-id-rating} **Request** Here is an example of a request made using a `curl` command. ```bash curl -X 'GET' \ 'https://api.sandbox.riskrecon.com/v1/toes/30c9a286-2d9c-4c57-828d-9b503a14cf39/ratings?risk_dimensions%5B%5D=cyber¤t_rating_only=true&page=1&per_page=20' \ -H 'accept: application/json' \ -H 'Authorization: Bearer valid_JWT_token' ``` **Response** get: ```json { "data": [ { "attributes": { "updated_at": "2022-03-14 19:24:58", "analysis_id": "8510277", "security_domain_ratings": [ { "security_domain": "data_loss", "risk_dimension": "cyber", "display_name": "Breach Events", "trend": 7.7, "rating_numeric": 9.9, "rating": "a", "rated": true }, { "security_domain": "dns_security", "risk_dimension": "cyber", "display_name": "DNS Security", "trend": 0.5, "rating_numeric": 9.9, "rating": "a", "rated": true }, { "security_domain": "email_security", "risk_dimension": "cyber", "display_name": "Email Security", "trend": 4.4, "rating_numeric": 7.7, "rating": "b", "rated": true }, { "security_domain": "network_filtering", "risk_dimension": "cyber", "display_name": "Network Filtering", "trend": 7.4, "rating_numeric": 9.1, "rating": "a", "rated": true }, { "security_domain": "software_patching", "risk_dimension": "cyber", "display_name": "Software Patching", "trend": -4.8, "rating_numeric": 3.6, "rating": "f", "rated": true }, { "security_domain": "system_hosting", "risk_dimension": "cyber", "display_name": "System Hosting", "trend": 4.8, "rating_numeric": 6, "rating": "c", "rated": true }, { "security_domain": "threat_intell", "risk_dimension": "cyber", "display_name": "System Reputation", "trend": -6.5, "rating_numeric": 2.6, "rating": "f", "rated": true }, { "security_domain": "web_app_security", "risk_dimension": "cyber", "display_name": "Application Security", "trend": -2.6, "rating_numeric": 5.2, "rating": "d", "rated": true }, { "security_domain": "web_encryption", "risk_dimension": "cyber", "display_name": "Web Encryption", "trend": 4, "rating_numeric": 9.2, "rating": "a", "rated": true } ], "security_criteria_ratings": [ { "security_criteria": "config_web_cms_authentication", "security_domain": "web_app_security", "risk_dimension": "cyber", "display_name": "CMS Authentication", "trend": -4.9, "rating_numeric": 3.2, "rating": "f", "rated": true }, { "security_criteria": "defensibility_hosting_providers", "security_domain": "defensibility", "risk_dimension": "cyber", "display_name": "Hosting Fragmentation", "trend": null, "rating_numeric": null, "rating": null, "rated": false }, { "security_criteria": "dns_hosting_providers", "security_domain": "dns_security", "risk_dimension": "cyber", "display_name": "DNS Hosting", "trend": null, "rating_numeric": null, "rating": null, "rated": false }, { "security_criteria": "email_authentication", "security_domain": "email_security", "risk_dimension": "cyber", "display_name": "Email Authentication (SPF or DKIM)", "trend": 5.6, "rating_numeric": 7.2, "rating": "b", "rated": true }, { "security_criteria": "email_encryption_enabled", "security_domain": "email_security", "risk_dimension": "cyber", "display_name": "Email Encryption (STARTTLS)", "trend": 2.4, "rating_numeric": 4.6, "rating": "d", "rated": true }, { "security_criteria": "email_hosting_providers", "security_domain": "email_security", "risk_dimension": "cyber", "display_name": "Email Hosting Providers", "trend": null, "rating_numeric": null, "rating": null, "rated": false }, { "security_criteria": "hosting_countries", "security_domain": "system_hosting", "risk_dimension": "cyber", "display_name": "Hosting Geolocations", "trend": null, "rating_numeric": null, "rating": null, "rated": false }, { "security_criteria": "iot_devices", "security_domain": "network_filtering", "risk_dimension": "cyber", "display_name": "IOT Devices", "trend": -0.5, "rating_numeric": 6.9, "rating": "c", "rated": true }, { "security_criteria": "patching_app_server", "security_domain": "software_patching", "risk_dimension": "cyber", "display_name": "Application Server Patching", "trend": -2.6, "rating_numeric": 2.4, "rating": "f", "rated": true }, { "security_criteria": "patching_web_cms", "security_domain": "software_patching", "risk_dimension": "cyber", "display_name": "CMS Patching", "trend": 6.3, "rating_numeric": 9.7, "rating": "a", "rated": true }, { "security_criteria": "patching_web_server", "security_domain": "software_patching", "risk_dimension": "cyber", "display_name": "Web Server Patching", "trend": 0.6, "rating_numeric": 7, "rating": "b", "rated": true }, { "security_criteria": "shared_hosting", "security_domain": "defensibility", "risk_dimension": "cyber", "display_name": "Cotenant IP Hosting", "trend": 0.6, "rating_numeric": 6.2, "rating": "c", "rated": true }, { "security_criteria": "threat_intel_alert_external", "security_domain": "web_app_security", "risk_dimension": "cyber", "display_name": "External Threat Intelligence", "trend": null, "rating_numeric": null, "rating": null, "rated": false }, { "security_criteria": "threatintel_botnet_host", "security_domain": "threat_intell", "risk_dimension": "cyber", "display_name": "Botnet Hosts", "trend": -0.9, "rating_numeric": 2.4, "rating": "f", "rated": true }, { "security_criteria": "threatintel_cc_server", "security_domain": "threat_intell", "risk_dimension": "cyber", "display_name": "Command and Control Servers", "trend": -4.6, "rating_numeric": 4.7, "rating": "d", "rated": true }, { "security_criteria": "threatintel_hostile_host_hacking", "security_domain": "threat_intell", "risk_dimension": "cyber", "display_name": "Hostile-Hosts: Hacking", "trend": 4.1, "rating_numeric": 7.2, "rating": "b", "rated": true }, { "security_criteria": "threatintel_hostile_host_scanning", "security_domain": "threat_intell", "risk_dimension": "cyber", "display_name": "Hostile-Hosts: Scanning", "trend": -2.4, "rating_numeric": 1.2, "rating": "f", "rated": true }, { "security_criteria": "threatintel_other", "security_domain": "threat_intell", "risk_dimension": "cyber", "display_name": "Other Blacklisted Hosts", "trend": -5.5, "rating_numeric": 1.8, "rating": "f", "rated": true }, { "security_criteria": "threatintel_phishing_site", "security_domain": "threat_intell", "risk_dimension": "cyber", "display_name": "Phishing Sites", "trend": -5.7, "rating_numeric": 3.2, "rating": "f", "rated": true }, { "security_criteria": "threatintel_spamming_host", "security_domain": "threat_intell", "risk_dimension": "cyber", "display_name": "Spamming Hosts", "trend": -6.6, "rating_numeric": 3.2, "rating": "f", "rated": true }, { "security_criteria": "unsafe_network_services", "security_domain": "network_filtering", "risk_dimension": "cyber", "display_name": "Unsafe Network Services", "trend": 3.7, "rating_numeric": 7.1, "rating": "b", "rated": true }, { "security_criteria": "web_encryption_date_expire", "security_domain": "web_encryption", "risk_dimension": "cyber", "display_name": "Certificate Expiration Date", "trend": -0.7, "rating_numeric": 7.7, "rating": "b", "rated": true }, { "security_criteria": "web_encryption_date_valid", "security_domain": "web_encryption", "risk_dimension": "cyber", "display_name": "Certificate Valid Date", "trend": 3.8, "rating_numeric": 8.6, "rating": "a", "rated": true }, { "security_criteria": "web_encryption_hash", "security_domain": "web_encryption", "risk_dimension": "cyber", "display_name": "Encryption Hash Algorithm", "trend": -3.5, "rating_numeric": 5.4, "rating": "d", "rated": true }, { "security_criteria": "web_encryption_key_length", "security_domain": "web_encryption", "risk_dimension": "cyber", "display_name": "Encryption Key Length", "trend": 5.7, "rating_numeric": 7.7, "rating": "b", "rated": true }, { "security_criteria": "web_encryption_protocol", "security_domain": "web_encryption", "risk_dimension": "cyber", "display_name": "Encryption Protocols", "trend": -0.9, "rating_numeric": 6.3, "rating": "c", "rated": true }, { "security_criteria": "web_encryption_subject", "security_domain": "web_encryption", "risk_dimension": "cyber", "display_name": "Certificate Subject", "trend": -3.4, "rating_numeric": 6.6, "rating": "c", "rated": true }, { "security_criteria": "web_http_security_headers", "security_domain": "web_app_security", "risk_dimension": "cyber", "display_name": "HTTP Security Headers", "trend": 8.3, "rating_numeric": 9.9, "rating": "a", "rated": true } ], "privacy_rating_numeric": null, "cyber_rating_numeric": 8.1, "cyber_trend": -0.1, "privacy_trend": null, "cyber_rating": "b", "privacy_rating": null }, "id": "8510277", "type": "analysis" } ], "meta": { "current_page": 1, "next_page": null, "prev_page": null, "total_count": 1, "total_pages": 1 } } ``` ### Test Case: Fail - Invalid JSON Web Token {#test-case-fail---invalid-json-web-token} **Request** Here is an example of a request made with an incorrect JSON Web Token using a `curl` command. ```bash curl -X 'GET' \ 'https://api.sandbox.riskrecon.com/v1/toes/30c9a286-2d9c-4c57-828d-9b503a14cf39/ratings' \ -H 'accept: application/json' \ -H 'Authorization: Bearer invalid_JWT_token' ``` **Response** HTTP Error Response 401 ```json { "Errors": { "Error": [ { "Description": "Unauthorized request", "Details": "Invalid JWT", "ReasonCode": "UNAUTHORIZED", "Recoverable": false, "Source": "RISKRECON_API" } ] } } ```