Downloading Contrast agents via CURL

  • Updated


How to download the latest Contrast agents via CURL commands from the Contrast UI.


  1. Create a new user that will have limited permissions (default permissions to start)
  2. Login as the new user --> click on profile --> "Your account" and gather the following:
    • Organization ID
    • API Key
    • Authorization Header
  3. Logout as the new user
  4. Login as admin and restrict the user to:
    • Organization Role: Edit (can do very little, like add notifications and view a few things but not much)
    • Application Access Group: <none> (can see no applications, servers or vuln)
    • API Only: <check> (can get into the website at all)
  5. Construct the CURL command using the information gathered:
curl http://<TeamServer FQDN>/Contrast/api/ng/<Organization ID>/agents/default/<language>\
-H API-Key:<API KEY> \
-H Authorization:<Authorization Header> \

Example for the Java agent:

curl \
-H API-Key:8BLqHXPqUnTj1SO9 \
-H Authorization:R3VybmV5OlZUM1kxNjhFSzQwRU8yVDk= \

Example for the Java agent from Maven repo:

curl '' -Lo contrast.jar

Powershell example for the .NET Framework Agent:

Invoke-WebRequest -Method "POST" -Headers @{'Authorization'='R3VybmV5OlZUM1kxNjhFSzQwRU8yVDk='; 'API-Key' = '8BLqHXPqUnTj1SO9'} -ContentType 'application/json' -Uri "" -UseBasicParsing -Outfile


org_id: UUID of the organization
-OJ: Filename is provided by the server and saved to folder





Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request