Big News: Socket raises $60M Series C at a $1B valuation to secure software supply chains for AI-driven development.Announcement →

@allthingsapi/ata-cli

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

@allthingsapi/ata-cli

A professional command-line interface (CLI) for API testing, validation, and management. Enables developers to validate OpenAPI specifications, lint API designs, and manage API workflows directly from the terminal with an efficient, developer-friendly exp

npm

Version: 0.1.41

Version published: 8 months ago

Weekly downloads: 9

Maintainers: 1

Weekly downloads

Created: last year

Source

All Things API CLI

🚀 Installation

npm install -g @allthingsapi/ata-cli

✨ Features

ATA CLI brings powerful, modern API management to your terminal:

Authenticate securely with your AllThingsAPI account (ata login).
List and inspect APIs for any team and project, including versions, creators, and descriptions.
Filter APIs by team and project for focused workflows.
View current user and session information at any time (ata whoami).
Manage your session: log out instantly (ata logout).
Seamless updates: keep your CLI up to date with a single command (ata update).
Ready for automation: designed for CI/CD, scripting, and integration into developer workflows.
Export OpenAPI Specs: Download OpenAPI specs for any version package in JSON or YAML format for use in tools like Postman, Swagger, or CI/CD.
Lint OpenAPI Specs: Validate your API specifications against industry best practices using Spectral rules.
Multiple Policy Support: Apply different rulesets to ensure API quality and consistency.
Team Management: View teams you are assigned to and explore their business applications.
Environment Management: Create, list, and delete environments for API testing with team and project scoping.
Collection Testing: Run entire test collections with professional reporting and test result summaries.
Request Execution: Execute individual API requests with environment and global variable support.
Collection Import: Import collections from ATA, Postman, Swagger/OpenAPI formats, or directly from application packages with team, company, or personal scoping.
API Monitoring: Create and manage automated API monitors with scheduling, failure notifications, and detailed run reporting.
Policy Management: List and browse governance policies to enforce API design standards and best practices across your organization.
Application Management: Create and manage applications, versions, and packages with full lifecycle support including OpenAPI integration.
Security Scanning: Comprehensive vulnerability scanning for multiple languages with auto-fix capabilities and multiple output formats.
Extensible foundation: future support for API testing, automation, and export/import workflows.

📖 Usage

Note: You must be logged in (ata login) before using any API commands.

Authenticate

ata login

Show Current User

ata whoami

Display the currently logged-in user's name and email.

List APIs

ata api list --team <TEAM_ID> --project <PROJECT_ID>

List all APIs for a specific team and project, including their versions, creator, description, and type.

Arguments

Option	Description	Required
`--team <TEAM_ID>`	The Team ID to filter APIs	Yes
`--project <PROJECT_ID>`	The Project ID to filter APIs	Yes

Example

ata api list --team 6800dfb0d0f8ec7048505892 --project 6800dfb250a4f6540b38913b

Example Output

┌────────────────────────────────────────────────────────────
│ Name: Customer Management API
│ Description: -
│ Application Type: API_APPLICATION
│ Created By: Shoaib Mehedi
│ Versions:
│   • 1.0 (ub3vc171z): 68275ec4094dd3ec1b66cc85 [DRAFT]
│   • 2.0 (wzuwzztw8): 6828e0577e417388e07af6f2 [DRAFT]
└────────────────────────────────────────────────────────────

Error Handling

If either --team or --project is missing, the CLI will show an error and exit.
You must be logged in (ata login) before using API commands.

🧪 API Testing & Execution

Execute API tests and collections with comprehensive reporting and environment support. Run entire collections or individual requests with professional test result summaries similar to Postman.

Quick Start Examples

# Run an entire collection with all tests
ata run --collection 68078d82e83b814cd6fbec6b

# Run a collection with environment variables
ata run --collection 68078d82e83b814cd6fbec6b --env 6800dfbcd9ba2022c515beaf

# Run a collection and save results to file
ata run --collection 68078d82e83b814cd6fbec6b --report results.json

# Execute a single request
ata execute 68a2ca5acae0c4a58821a5eb

# Execute a request with environment
ata execute 68a2ca5acae0c4a58821a5eb --env 6800dfbcd9ba2022c515beaf

List Collection Requests

ata collection requests <COLLECTION_ID>

Display all requests in a collection with detailed information including request methods, URLs, test information, and timestamps. Perfect for understanding collection contents before execution.

Run Collection

ata run --collection <COLLECTION_ID> [--env <ENV_ID>] [--genv <GLOBAL_ID>] [--report <report.json>]
ata run --collection <COLLECTION_ID> --env <ENV_ID> --genv <GLOBAL_ID> -r <report.json>

Execute Single Request

Execute a specific request from any collection with optional environment and global variable support. Perfect for debugging individual API calls or quick testing.

ata execute <REQUEST_ID> [--env <ENV_ID>] [--genv <GLOBAL_ID>]

Arguments & Flags

For ata run:

Option	Description	Required
`--collection <COLLECTION_ID>`	The collection ID to run	Yes
`--env <ENV_ID>`	(Optional) Environment ID to use for execution	No
`--genv <GLOBAL_ID>`	(Optional) Global ID to use for execution	No
`--report <report.json>`	Save the run report to a local file (JSON)	No
`-r <report.json>`	Shorthand for --report	No

For ata execute:

Option	Description	Required
`<REQUEST_ID>`	The request ID to execute	Yes
`--env <ENV_ID>`	(Optional) Environment ID to use for execution	No
`--genv <GLOBAL_ID>`	(Optional) Global ID to use for execution	No

Examples

# List all requests in a collection
ata collection requests 68a2ca5acae0c4a58821a5e9

# Run a collection with environment and global context
ata run --collection 68078d82e83b814cd6fbec6b --env 6800dfbcd9ba2022c515beaf --genv 6800dfbcd9ba2022c515beaf --report results.json

# Run a collection without environment/global context
ata run --collection 68078d82e83b814cd6fbec6b

# Execute a single request
ata execute 68a2ca5acae0c4a58821a5eb

# Execute with environment variables
ata execute 68a2ca5acae0c4a58821a5eb --env 6800dfbcd9ba2022c515beaf

Note: --env and --genv are mapped internally to the API's envId and globalId parameters for flexible environment and global context support. They are optional; omit them to use default API behavior.

Output

Console:
- Each request is shown with its name, ID, pass/fail status, and test results.
- A visually distinct summary table appears at the end, showing total, passed, and failed requests, with color and bold formatting for clarity.
Report File (JSON):
- If --report or -r is provided, a machine-readable JSON file is saved with the full run details.

Example Console Output

Found 6 requests in collection.
──────────────────────────────────────────────────
Request: New Request [682b01c3f80b20dd07da3804]
Status: ✔ PASSED
──────────────────────────────────────────────────
Request: update [68078d82e83b814cd6fbec6c]
  ✓ Check if request method is PUT
  ✗ Verify status code is 422 for invalid PUT request: Expected 200 to equal 422
  ✗ Check response body is empty: Expected [object Object] to be empty
  ✓ Verify Content-Type header in response
  ✗ Response time is less than 300ms: Expected 469 to be below 300
  ✓ Verify status code for DELETE request returns 200
  ✗ Verify response body is empty for DELETE request: Expected [object Object] to be empty
  ✗ Verify Content-Type header in response: ata.expect(...).to.contain is not a function
  ✗ Verify response time is less than 300ms for DELETE request: Expected 469 to be below 300
  ✗ Verify DELETE request does not return a body: ata.response.body is not a function
Status: ✗ FAILED
──────────────────────────────────────────────────
Request: patch [68078d82e83b814cd6fbec6d]
  ✓ Verify request method is PATCH
  ✓ Verify response status code is 200
  ✓ Verify Content-Type header is present
  ✓ Verify response time is less than 300ms
Status: ✔ PASSED
──────────────────────────────────────────────────
Request: delete [68078d82e83b814cd6fbec6e]
Status: ✔ PASSED
──────────────────────────────────────────────────
Request: getlist [68078d82e83b814cd6fbec6f]
Status: ✔ PASSED
──────────────────────────────────────────────────
Request: add [68078d82e83b814cd6fbec70]
  ✓ Request method should be POST
  ✗ Validate response status code for invalid data: Expected 201 to equal 422
  ✗ Check response body is empty: Expected [object Object] to be empty
  ✓ Ensure Content-Type header is present in response
  ✗ Response time is less than 300ms: Expected 760 to be below 300
Status: ✗ FAILED

=============================================
         Collection Run Summary
=============================================
Total Requests:    6
Passed:            4
Failed:            2

   4 PASSED, 2 FAILED

=============================================
Report saved to results.json

Example Report File (JSON)

{
  "collectionId": "68078d82e83b814cd6fbec6b",
  "runAt": "2025-05-18T20:52:41.099Z",
  "summary": {
    "total": 5,
    "passed": 0,
    "failed": 5
  },
  "results": [
    {
      "name": "update",
      "id": "68078d82e83b814cd6fbec6c",
      "status": "FAILED",
      "testResults": [
        { "name": "Check if request method is PUT", "success": false, "error": "ata.request.method is not a function" }
      ],
      "error": "Test Failures: Check if request method is PUT: ata.request.method is not a function"
    },
    ...
  ]
}

Error Handling

If the collection ID is missing, the CLI will show an error and exit.
If a request fails or returns an unrecognized response, it is marked as FAILED in the summary and report.
If the report file cannot be written, a clear error message is shown.

Competitive Positioning

The ata run command provides a professional, Postman-like summary and reporting experience—ideal for automated testing, CI/CD, and developer workflows.
Output is clear, color-coded, and easy to scan for quick feedback or auditing.

Lint OpenAPI Spec

Validate and lint your OpenAPI specifications against standard and custom policy rules using the Spectral CLI. Supports both remote API specs and local OpenAPI files in JSON and YAML formats.

Usage

# Lint a remote API specification
ata api lint --package <PACKAGE_ID> --policy <POLICY_ID|default>

# Lint a local OpenAPI file
ata api lint --file <FILE_PATH> --policy <POLICY_ID|default>

Arguments

Option	Description	Required
`--package <PACKAGE_ID>`	Package ID containing the OpenAPI spec to lint	Yes (if --file not provided)
`--file <FILE_PATH>`	Path to local OpenAPI file (.json, .yml, .yaml)	Yes (if --package not provided)
`--policy <POLICY_ID>`	Policy ID to validate against (use 'default' for standard OpenAPI rules)	No

Examples

# Validate a remote API spec against standard OpenAPI rules
ata api lint --package 68275ec4094dd3ec1b66cc85 --policy default

# Validate a remote API spec against a specific custom policy
ata api lint --package 68275ec4094dd3ec1b66cc85 --policy 6800dfbffee72cc9c148b38f

# Validate a local JSON file against standard OpenAPI rules
ata api lint --file ./specs/my-api.json --policy default

# Validate a local YAML file against a specific custom policy
ata api lint --file ./specs/petstore.yaml --policy 6800dfbffee72cc9c148b38f

Sample Files

The CLI package includes sample OpenAPI files in the test-specs directory that you can use for testing and reference:

test-specs/sample-openapi.json - A valid OpenAPI specification
test-specs/flawed-openapi.json - An OpenAPI specification with intentional issues for testing linting functionality
test-specs/.spectral.yaml - A sample Spectral configuration file

You can use these files to experiment with the linting functionality:

# Test linting with the included sample files
ata api lint --file ./test-specs/flawed-openapi.json --policy default

Example Output

┌──────────────────────────────────────────────────┐
│ OpenAPI Specification Lint Results               │
├──────────────────────────────────────────────────┤
│ Package ID: 68275ec4094dd3ec1b66cc85              │
│ Policy:     6800dfbffee72cc9c148b38f              │
├──────────────────────────────────────────────────┤
│ Summary                                          │
│   • Total Issues: 1                               │
│   • Errors:       1                               │
│   • Warnings:     0                               │
│   • Info:         0                               │
├──────────────────────────────────────────────────┤
│ Errors                                           │
├──────────────────────────────────────────────────┤
│❌ [6800dfbffee72cc9c148b38f-rule] API must        │
│define security schemes                           │
│   components                                     │
│   at line 130                                    │
│                                                  │
├──────────────────────────────────────────────────┤
│ ❌ Failed: API specification has errors           │
└──────────────────────────────────────────────────┘

Features

Dual Validation Modes:
- Default Mode: Standard OpenAPI (OAS3) validation rules
- Custom Policy Mode: Organization-specific validation rules
Policy-Specific Rules: Different policies validate different aspects of the API:
- Security policies check for proper security definitions
- Response policies validate consistent response structures
- Custom policies for organization-specific requirements
Professional Output:
- Clear categorization of issues by severity
- Detailed location information with precise line numbers
- Well-formatted, boxed output for readability
- Path information for pinpointing exact issue locations
- Color-coded pass/fail indicators
Advanced Implementation:
- Powered by Spectral CLI for reliable validation
- Temporary file management for efficient processing
- Custom rules transformation for policy-specific validation

Error Handling

Missing package ID or file path parameters trigger clear error messages
Either --package or --file must be provided (but not both)
Authentication failures include instructions for login
Network issues provide actionable troubleshooting steps
Invalid OpenAPI specs show detailed validation errors
File access and parsing errors include specific error messages
Debug mode shows additional implementation details (set DEBUG=1)
Non-zero exit code returned when API specification has errors

Technical Details

Based on @stoplight/spectral-cli v6.x
Creates isolated rulesets for each policy ID
Policies are fetched and transformed into Spectral-compatible format
Temporary files are automatically cleaned up after execution
Supports JSON and YAML format detection and parsing
File format is automatically detected based on extension or content
Uses js-yaml for YAML parsing and @stoplight/json for JSON parsing
Properly validates both remote and local OpenAPI specifications

Export OpenAPI Spec

Export the OpenAPI specification for a version package in JSON or YAML format.

Usage

ata api get --package <PACKAGE_ID> --output <openapi.json|openapi.yaml|openapi.yml>

Arguments

Option	Description	Required
`--package <PACKAGE_ID>`	The version package ID to export	Yes
`--output <FILE>`	Output file name (extension determines format)	No

Supported Formats

.json (default): OpenAPI JSON
.yaml or .yml: OpenAPI YAML

Examples

ata api get --package 68275ec4094dd3ec1b66cc85 --output openapi.json   # JSON
ata api get --package 68275ec4094dd3ec1b66cc85 --output openapi.yaml   # YAML
ata api get --package 68275ec4094dd3ec1b66cc85 --output openapi.yml    # YAML

If --output is not specified, the CLI will default to openapi-<PACKAGE_ID>.json.

Error Handling

If --package is missing, the CLI will show an error and exit.
If the OpenAPI spec is not found, you will see a clear error message.
You must be logged in (ata login) before using api get.

Update API Specification

Update an OpenAPI specification for a package by uploading content from a local file.

Usage

ata api update --package <PACKAGE_ID> --file <FILE_PATH>

Options

Option	Description	Required
`--package <PACKAGE_ID>`	Package ID to update	Yes
`--file <FILE_PATH>`	Path to OpenAPI spec file	Yes

Example

ata api update --package abc123 --file ./openapi.json

Features

Supports JSON and YAML formats (.json, .yml, .yaml)
Secure authentication using your ATA credentials
Clear success and error messaging

You must be logged in (ata login) before using this command.

🌍 Environment Management

Create and manage environments for API testing with team and project scoping. Environments store variables and configurations that can be used across collections and requests.

Create Environment

ata env create --name <NAME> --project <PROJECT_ID> --team <TEAM_ID> [options]

Create a new environment with specified configurations.

Options

Option	Description	Required	Default
`--name <NAME>`	Environment name	Yes	-
`--project <PROJECT_ID>`	Project ID	Yes	-
`--team <TEAM_ID>`	Team ID	Yes	-
`--description <TEXT>`	Environment description	No	-
`--type <TYPE>`	Environment type	No	TEAM
`--for <FOR>`	Environment for	No	API_LAB
`--global`	Make environment global	No	false
`--locked`	Lock the environment	No	false
`--no-public`	Make environment private	No	public

Example

# Create a basic environment
ata env create --name "Development" --project 68c97f9b251a3b05ffa18608 --team 68c97f9948483ccaf657c0fe

# Create a global environment with description
ata env create --name "Production" --project 68c97f9b251a3b05ffa18608 --team 68c97f9948483ccaf657c0fe --description "Production environment variables" --global

# Create a locked, private environment
ata env create --name "Staging" --project 68c97f9b251a3b05ffa18608 --team 68c97f9948483ccaf657c0fe --locked --no-public

List Environments

ata env list --project <PROJECT_ID> [options]

List environments for a specific project with optional filtering.

Options

Option	Description	Required
`--project <PROJECT_ID>`	Project ID to list environments for	Yes
`--team <TEAM_ID>`	Filter by team ID	No
`--name <SEARCH_NAME>`	Search by environment name	No
`--global`	Show only global environments	No

Examples

# List all environments for a project
ata env list --project 68c97f9b251a3b05ffa18608

# List environments for a specific project and team
ata env list --project 68c97f9b251a3b05ffa18608 --team 68c97f9948483ccaf657c0fe

# Search for environments by name
ata env list --project 68c97f9b251a3b05ffa18608 --name "dev"

# List only global environments for a project
ata env list --project 68c97f9b251a3b05ffa18608 --global

Delete Environment

ata env delete <ENV_ID> [options]

Delete an environment by its ID.

Options

Option	Description	Required
`--force`	Skip confirmation prompt	No

Examples

# Delete with confirmation
ata env delete 6829abc123def456789

# Delete without confirmation
ata env delete 6829abc123def456789 --force

Get Environment Variables

ata env get <ENV_ID|DATASET_ID> [options]

Retrieve and display environment variables from an environment or dataset.

Options

Option	Description	Required	Default
`--output <FILE>`	Export variables to file	No	-
`--format <FORMAT>`	Output format (json or env)	No	json
`--show-secrets`	Display secret values	No	false

Features

View all variables in an environment or dataset
Hide secret values by default for security
Export to JSON for programmatic use
Export to .env format for direct use in applications
Display variable metadata (type, active status, encryption)

Examples

# Get environment variables (secrets hidden)
ata env get 68cbf3a1608f5fbdf23ff298

# Show all variables including secrets
ata env get 68cbf3a1608f5fbdf23ff298 --show-secrets

# Export to JSON file
ata env get 68cbf3a1608f5fbdf23ff298 --output variables.json

# Export to .env file with secrets
ata env get 68cbf3a1608f5fbdf23ff298 --output .env --format env --show-secrets

# Export for use in application
ata env get 68cbf3a1608f5fbdf23ff298 --output production.env --format env

Example Output

✅ Environment variables retrieved successfully!
──────────────────────────────────────────────
Dataset: Default DataSet
Dataset ID: 68cbf3a1608f5fbdf23ff298
Default: Yes
Global: No
──────────────────────────────────────────────

Variables:
──────────────────────────────────────────────
Name: base_url
Value: https://api.example.com/
Type: DEFAULT
Active: Yes
Encrypted: No

Name: api_key
Value: ******* (secret)
Type: SECRET
Active: Yes
Encrypted: No
──────────────────────────────────────────────

Total variables: 2

📥 Collection Import

Import collections from various sources including ATA, Postman, and Swagger/OpenAPI specifications. Collections can be imported at team, company, or personal levels with public/private visibility options.

Import Collection

ata collection import --project <PROJECT_ID> --from <SOURCE> [options]

Import a collection from supported formats into your ATA project.

Required Options

Option	Description	Values
`--project <PROJECT_ID>`	Target project ID	Project ID string
`--from <SOURCE>`	Import source format	`ATA`, `POSTMAN`, `SWAGGER`

Organization Level (Choose One)

Option	Description
`--team <TEAM_ID>`	Import to team level
`--company <COMPANY_ID>`	Import to company level
`--personal <PERSONAL_ID>`	Import to personal level

Source Options

Option	Description	Required For
`--file <PATH>`	Path to collection file	ATA, Postman, Swagger file
`--url <URL>`	Swagger specification URL	Swagger URL import only
`--public`	Make collection public (default: false)	Optional

Examples

Import ATA Collection

# Import ATA collection to team level
ata collection import --project 688c7a1b03cdbd47222fc9e3 --team 688c63fe5e9ad48f3217e75f --from ATA --file collection.json

# Import ATA collection to company level as public
ata collection import --project 688c7a1b03cdbd47222fc9e3 --company abc123 --from ATA --file collection.json --public

Import Postman Collection

# Import Postman collection to team
ata collection import --project 688c7a1b03cdbd47222fc9e3 --team 688c63fe5e9ad48f3217e75f --from POSTMAN --file postman-collection.json

# Import Postman collection to personal workspace
ata collection import --project 688c7a1b03cdbd47222fc9e3 --personal user123 --from POSTMAN --file my-tests.json

Import Swagger/OpenAPI

# Import from Swagger file
ata collection import --project 688c7a1b03cdbd47222fc9e3 --team 688c63fe5e9ad48f3217e75f --from SWAGGER --file openapi.json

# Import from Swagger URL
ata collection import --project 688c7a1b03cdbd47222fc9e3 --team 688c63fe5e9ad48f3217e75f --from SWAGGER --url https://petstore.swagger.io/v2/swagger.json

# Import Swagger to company level as public
ata collection import --project 688c7a1b03cdbd47222fc9e3 --company abc123 --from SWAGGER --url https://api.example.com/swagger.json --public

Import from Application Package

ata collection import-package <PACKAGE_ID> [options]

Import a collection directly from an application package containing OpenAPI specifications. This command extracts the OpenAPI spec from the package and automatically imports it as a collection.

Arguments

Argument	Description
`<PACKAGE_ID>`	Application package ID containing OpenAPI spec

Options

Option	Description
`--project <PROJECT_ID>`	Override project ID from package
`--team <TEAM_ID>`	Override team ID or import to specific team
`--company <COMPANY_ID>`	Import to company level instead of team
`--personal <PERSONAL_ID>`	Import to personal level instead of team
`--public`	Make collection public (default: false)

Examples

# Import using package's default team and project
ata collection import-package 68cd3244a7e3cf7b6b0e5f1f

# Override the target project
ata collection import-package 68cd3244a7e3cf7b6b0e5f1f --project 6800dfb250a4f6540b38913b

# Import to company level
ata collection import-package 68cd3244a7e3cf7b6b0e5f1f --company 6848011ff1118197c2bf3dd4

# Import as public collection to personal workspace
ata collection import-package 68cd3244a7e3cf7b6b0e5f1f --personal user123 --public

Supported Formats

ATA Collections

Native ATA collection format (JSON)
Preserves all test cases and configurations
Maintains variable references and environments

Postman Collections

Postman Collection v2.0 and v2.1 formats
Automatically converts Postman tests to ATA format
Preserves request configurations and pre/post scripts

Swagger/OpenAPI

OpenAPI 3.0.x specifications
Swagger 2.0 specifications
Import from file (JSON/YAML) or directly from URL
Automatically generates request collections from paths

Application Packages

Extracts OpenAPI specifications from application version packages
Automatically uses package metadata (team, project IDs)
Supports version-specific OpenAPI specs

Features

Multi-level Import: Import to team, company, or personal workspaces
Format Detection: Automatic detection of collection format
Progress Indicators: Visual feedback during import process
Error Handling: Clear error messages for troubleshooting
Public/Private: Control collection visibility
URL Import: Direct import from Swagger URLs without downloading

Output

✓ Collection imported successfully to team 688c63fe5e9ad48f3217e75f
Collection ID: 68d123abc456def789012345

Error Handling

Authentication required - must be logged in via ata login
Project ID validation ensures target exists
File existence checks before upload
Format validation for collection files
Network error handling for URL imports

📊 API Monitoring

Create and manage automated API monitors to continuously test your collections on schedules, receive failure notifications, and track performance over time.

Create Monitor

ata monitor create --project <PROJECT_ID> --team <TEAM_ID> --name <NAME> --collection <COLLECTION_ID> [options]

Create a new API monitor with scheduling and notification configurations.

Required Options

Option	Description
`--project <PROJECT_ID>`	Project ID for the monitor
`--team <TEAM_ID>`	Team ID for the monitor
`--name <NAME>`	Monitor name
`--collection <COLLECTION_ID>`	Collection ID to monitor

Optional Configuration

Option	Description	Default
`--type <TYPE>`	Monitor type (AD_HOC or SCHEDULED)	AD_HOC
`--status <STATUS>`	Initial status (DRAFT or ACTIVE)	DRAFT
`--env <ENV_ID>`	Environment ID(s) to use (can specify multiple)	-
`--global-env <GLOBAL_ENV_ID>`	Global environment ID	-

Scheduling Options

Option	Description	Example
`--frequency <FREQUENCY>`	Execution frequency (DAYS, WEEKS, MONTHS)	WEEKS
`--day <DAY>`	Day of week for weekly execution	MONDAY
`--time <TIME>`	Execution time (HH:MM format)	08:00

Notification Options

Option	Description	Example
`--failure-email <EMAILS>`	Email addresses for failure notifications (comma-separated)	alert@example.com
`--report-email <EMAILS>`	Email addresses for report delivery (comma-separated)	report@example.com
`--retry-option <OPTION>`	Retry option on failure	retryAfterInHour
`--retry-interval <INTERVAL>`	Retry interval	1

Examples

Create a Basic Monitor

ata monitor create --project 68a6ff1aca191aa0c2e2d338 --team 68903049d0c5b7af278a038a --name "Production API Monitor" --collection 68cd1de4de25bda1a6410aa9

Create a Scheduled Monitor with Notifications

ata monitor create \
  --project 68a6ff1aca191aa0c2e2d338 \
  --team 68903049d0c5b7af278a038a \
  --name "Weekly API Health Check" \
  --collection 68cd1de4de25bda1a6410aa9 \
  --type SCHEDULED \
  --status ACTIVE \
  --frequency WEEKS \
  --day MONDAY \
  --time 08:00 \
  --failure-email "alerts@example.com,team@example.com" \
  --report-email "reports@example.com" \
  --env 68b6882d075f76072ec76117

Create Monitor with Multiple Environments

ata monitor create \
  --project 68a6ff1aca191aa0c2e2d338 \
  --team 68903049d0c5b7af278a038a \
  --name "Multi-Env Monitor" \
  --collection 68cd1de4de25bda1a6410aa9 \
  --env 68b6882d075f76072ec76117 \
  --env 68b6882d075f76072ec76118 \
  --global-env 68b6882d075f76072ec76119

List Monitors

ata monitor list --project <PROJECT_ID> [options]

List all monitors for a project with filtering and pagination options.

Options

Option	Description	Default
`--project <PROJECT_ID>`	Project ID (required)	-
`--page <PAGE>`	Page number	1
`--size <SIZE>`	Page size	10
`--search-name <NAME>`	Search by name	-
`--monitor-name <NAME>`	Filter by monitor name	-
`--collection-name <NAME>`	Filter by collection name	-
`--status <STATUS>`	Filter by status (ACTIVE, DRAFT, PAUSED)	-
`--failure-via <VIA>`	Filter by failure notification method	-
`--report-via <VIA>`	Filter by report delivery method	-
`--created-at <DATE>`	Filter by creation date	-

Examples

# List all monitors for a project
ata monitor list --project 68a6ff1aca191aa0c2e2d338

# Filter by status and paginate
ata monitor list --project 68a6ff1aca191aa0c2e2d338 --status ACTIVE --page 2 --size 20

# Search for specific monitors
ata monitor list --project 68a6ff1aca191aa0c2e2d338 --search-name "production"

View Monitor Runs

ata monitor runs <MONITOR_ID>

Get the execution history for a specific monitor, including run status, test results, and performance metrics.

Example

ata monitor runs 68cd1f153ad693e0e260a15d

Output

==============================================
             Monitor Run History
==============================================
Monitor ID: 68cd1f153ad693e0e260a15d
──────────────────────────────────────────────
Summary:
  Total Runs: 24
  ✓ Successful: 20
  ✗ Failed: 4
──────────────────────────────────────────────

Run #1 [Tag: 1758273305009]
Status: ✓ SUCCESS
Date: 1/19/2025, 2:15:05 PM
Requests: 10
Tests: 25 total (23 passed, 2 failed)
Duration: 1250ms

Run #2 [Tag: 1758273304008]
Status: ✗ FAILED
Date: 1/19/2025, 2:00:04 PM
Requests: 10
Tests: 25 total (18 passed, 7 failed)
Duration: 1450ms
Error: Connection timeout

Get Run Details

ata monitor run-details <MONITOR_ID> --tag <TAG> [--output <FILE>]

Get a detailed report for a specific monitor run, including individual request results, test outcomes, and performance metrics.

Options

Option	Description
`--tag <TAG>`	Run tag identifier (required)
`--output <FILE>`	Save detailed report to JSON file

Example

# View run details in console
ata monitor run-details 68cd1f153ad693e0e260a15d --tag 1758273305009

# Save detailed report to file
ata monitor run-details 68cd1f153ad693e0e260a15d --tag 1758273305009 --output report.json

Detailed Report Output

==============================================
          Monitor Run Detailed Report
==============================================
Monitor ID: 68cd1f153ad693e0e260a15d
Run Tag: 1758273305009

📊 Run Summary:
Status: ✓ SUCCESS
Executed At: 1/19/2025, 2:15:05 PM
Duration: 1.3s

📝 Request Statistics:
  Total Requests: 10
  ✓ Successful: 9
  ✗ Failed: 1

🧪 Test Results:
  Total Tests: 25
  ✓ Passed: 23
  ✗ Failed: 2

📋 Test Cases:
  ✓ Check status code is 200
  ✓ Verify response time < 500ms
  ✗ Validate response schema
     Error: Expected property 'id' to be present
  ✓ Check content-type header

📨 Request Details:
  Request #1: GET /api/users
  Method: GET
  URL: https://api.example.com/api/users
  Status Code: 200
  Response Time: 125ms
  Tests:
    ✓ Status code is 200
    ✓ Response time < 500ms

⚡ Performance Metrics:
  Average Response Time: 135ms
  Min Response Time: 89ms
  Max Response Time: 245ms
  P95 Response Time: 210ms

Features

Automated Monitoring: Schedule collections to run automatically at specified intervals
Multi-Environment Support: Test with multiple environments in a single monitor
Failure Notifications: Get email alerts when monitors fail
Report Delivery: Receive regular reports via email
Run History: Track monitor performance over time
Detailed Reporting: Drill down into specific run details
Performance Metrics: Monitor API response times and reliability
Retry Logic: Configure automatic retry on failures

Monitor States

DRAFT: Monitor is configured but not running
ACTIVE: Monitor is actively running on schedule
PAUSED: Monitor is temporarily suspended
FAILED: Monitor encountered an error

🤝 Team Commands

List Teams

ata team list

List all teams assigned to the current user, including team names, IDs, descriptions, and member counts.

Example Output

==============================================
         Available Teams         
==============================================
──────────────────────────────────────────────
Team: Backend Developers [6848011ff1118197c2bf3dd4]
Created: 6/10/2025, 9:55:44 AM
Description: Core development team for API services
Members: 8
Alias: be-dev
──────────────────────────────────────────────

✓ 3 teams retrieved successfully.

List Business Applications for a Team

ata team business-apps <TEAM_ID>

Display all business applications associated with a specific team, including detailed information about each application.

Arguments

Option	Description	Required
`<TEAM_ID>`	The Team ID to get business apps for	Yes

Example

ata team business-apps 6848011ff1118197c2bf3dd4

Example Output

=======================================================
         Business Applications for Team         
=======================================================
──────────────────────────────────────────────────────────
Title: Backend Developers [68480147654d33540dea419f]
Created: 6/10/2025, 9:56:23 AM
Description: 
Type: PUBLIC
Category: TEAM
──────────────────────────────────────────────────────────
Title: Team Business Application [684801208724f47ae6fcbc73]
Created: 6/10/2025, 9:55:44 AM
Description: Default Project
Type: PUBLIC
Category: TEAM
Robustness Tests: 9
Security Tests: 19
──────────────────────────────────────────────────────────

✓ 2 business application(s) retrieved successfully.

📋 Policy Management

List Governance Policies

ata policy list [OPTIONS]

List all governance policies with support for filtering, searching, and pagination. Policies help enforce API design standards and best practices across your organization.

Options

Option	Description	Default
`--page <NUMBER>`	Page number for pagination	1
`--size <NUMBER>`	Number of policies per page	10
`--search <TEXT>`	Search term to filter policies	-
`--type <TYPE>`	Filter by policy type	-
`--status <STATUS>`	Filter by status (ACTIVE, DRAFT, DISABLED, ARCHIVED)	-

Examples

# List all policies with default pagination
ata policy list

# Search for specific policies
ata policy list --search "OWASP"

# Filter by status and use custom pagination
ata policy list --status ACTIVE --page 2 --size 5

# Combine search and filters
ata policy list --search "security" --type API --status DRAFT

Example Output

==============================================
          Governance Policies
==============================================

OWASP Top 10 [6890304962f5aa3c08a9ee01] ● ACTIVE
Documentation [6890304962f5aa3c08a9edfc] ○ DRAFT
Zalando [6890304962f5aa3c08a9ee06] ○ DRAFT
Versioning [6890304962f5aa3c08a9ee05] ○ DRAFT
URL Style Guidelines [6890304962f5aa3c08a9ee04] ○ DRAFT
Spell Check [6890304962f5aa3c08a9ee02] ○ DISABLED
JSON API [6890304962f5aa3c08a9edff] ● ACTIVE
OWASP Top 10 2023 [6890304962f5aa3c08a9ee00] ● ACTIVE
Enforce HTTPs [6890304962f5aa3c08a9edfd] ○ DRAFT
Security Best Practices [6890304962f5aa3c08a9eefe] ⊘ ARCHIVED

Page 1 of 2 (Total: 15 policies)
Use --page 2 to see more results

✓ 10 policy(ies) retrieved successfully.

🏗️ Application Management

Create and manage applications with their versions and packages. This complete lifecycle management enables you to organize APIs, track versions, and integrate OpenAPI specifications.

Create Application

ata app create --project <PROJECT_ID> --team <TEAM_ID> --name <NAME> [options]

Create a new application in your project with configuration for deployment, technology stack, and integration settings.

Examples

# Basic application
ata app create --project 689c0a5b --team 68903049 --name "Payment API"

# Full configuration
ata app create \
  --project 689c0a5b \
  --team 68903049 \
  --name "Payment Gateway API" \
  --description "Secure payment processing service" \
  --tech-stack BACKEND \
  --tech-stack-data EXPRESS_JS \
  --deployment-server SERVERLESS \
  --git-tracking \
  --git-url "https://github.com/myorg/payment-api.git"

Create Application Version

ata app version-create --project <PROJECT_ID> --team <TEAM_ID> --application <APP_ID> --name <VERSION> [options]

Create versions for your applications to track changes and manage different releases.

Examples

# Basic version
ata app version-create \
  --project 689c0a5b \
  --team 68903049 \
  --application 68cd3243a7e3cf \
  --name "1.0.0"

# Version with policies
ata app version-create \
  --project 689c0a5b \
  --team 68903049 \
  --application 68cd3243a7e3cf \
  --name "2.0.0" \
  --status DRAFT \
  --policies "6890304962f5aa3c08a9ee01,6890304962f5aa3c08a9ee02"

Create Version Package

ata app package-create --project <PROJECT_ID> --team <TEAM_ID> --application <APP_ID> --version <VERSION_ID> [options]

Create a package for an application version, optionally including OpenAPI specifications. The package can then be imported as a collection.

Examples

# Basic package
ata app package-create \
  --project 689c0a5b \
  --team 68903049 \
  --application 68cd3243a7e3cf \
  --version 68cd3244a7e3cf

# Package with OpenAPI spec
ata app package-create \
  --project 689c0a5b \
  --team 68903049 \
  --application 68cd3243a7e3cf \
  --version 68cd3244a7e3cf \
  --openapi ./openapi.json

# The created package can be imported as a collection:
# ata collection import-package <PACKAGE_ID>

Publish Version Package

ata app package-publish <PACKAGE_ID> [options]

Publish a version package to make it active and available for deployments and imports. Publishing changes the package status from DRAFT to ACTIVE.

Examples

# Basic publish
ata app package-publish 68cb9143ce4b1689dfcb824c

# Publish with version and git info
ata app package-publish 68cb9143ce4b1689dfcb824c \
  --version "2.0.0" \
  --git-url "https://github.com/myorg/api.git" \
  --branch "main" \
  --tag "v2.0.0"

# Force publish without confirmation
ata app package-publish 68cb9143ce4b1689dfcb824c --force

Workflow Example

# 1. Create an application
ata app create --project PROJECT_ID --team TEAM_ID --name "My API"
# Returns: Application ID

# 2. Create a version
ata app version-create --project PROJECT_ID --team TEAM_ID \
  --application APP_ID --name "1.0.0"
# Returns: Version ID

# 3. Create a package with OpenAPI spec
ata app package-create --project PROJECT_ID --team TEAM_ID \
  --application APP_ID --version VERSION_ID --openapi ./spec.json
# Returns: Package ID

# 4. Publish the package to make it active
ata app package-publish PACKAGE_ID --version "1.0.0"

# 5. Import the package as a collection
ata collection import-package PACKAGE_ID

🔍 Security Vulnerability Scanning

Comprehensive security scanning for your projects across multiple languages and package managers. Automatically detects project type and scans for known vulnerabilities in dependencies.

Quick Start

# Scan current directory
ata scan

# Scan specific directory
ata scan ./backend

# Scan with automatic fixes
ata scan --fix

The scanner automatically detects languages and package managers in your project and performs a comprehensive vulnerability scan.

Scan Options

# Scan specific directory
ata scan --path ./backend

# Filter by severity
ata scan --severity high

# Include dev dependencies
ata scan --include-dev

# Generate different report formats
ata scan --output json --file vulnerability-report.json
ata scan --output html --file report.html
ata scan --output markdown --file SECURITY.md

# CI/CD integration - fail on critical vulnerabilities
ata scan --fail-on critical

# Attempt automatic fixes
ata scan --fix

Example Output

🔍 ATA Vulnerability Scanner

═══════════════════════════════════════
         Project Analysis
═══════════════════════════════════════

Path: /Users/project/api
Languages: javascript, python, ruby
Primary: javascript
Scannable: Yes

Package Managers:
  • javascript: npm (package-lock.json)
  • python: pip (requirements.txt)
  • ruby: bundler (Gemfile.lock)

Starting vulnerability scan...

  Found 4 vulnerabilities with npm-audit
  Found 1 vulnerabilities with pip-audit
  Found 2 vulnerabilities with bundler-audit

═══════════════════════════════════════════════
           Vulnerability Scan Report
═══════════════════════════════════════════════

Scan Summary:
  • Scanned at: 9/20/2025, 2:15:00 AM
  • Total packages: 823
  • Vulnerabilities: 7

Severity Distribution:
  🔴 Critical: 1
  🟠 High: 3
  🟡 Medium: 2
  🔵 Low: 1

CRITICAL (1)
─────────────────────
1. Remote Code Execution
   Package: example-lib@1.2.3
   CVE: CVE-2023-12345
   Fix available: Update to 1.2.4
   Action: Run 'npm audit fix' to automatically install compatible updates

Supported Languages & Package Managers

The scanner automatically detects and scans projects written in the following languages:

JavaScript/TypeScript

Package Managers: npm, yarn, pnpm
Lock Files: package-lock.json, yarn.lock, pnpm-lock.yaml
Scanner: npm-audit, yarn audit, pnpm audit
Package Count: ✅ Supported

Python

Package Managers: pip, poetry, pipenv
Lock Files: requirements.txt, poetry.lock, Pipfile.lock
Scanner: pip-audit, safety
Package Count: ✅ Supported

Ruby

Package Managers: bundler
Lock Files: Gemfile.lock
Scanner: bundler-audit
Package Count: ✅ Supported

Java

Package Managers: Maven, Gradle
Lock Files: pom.xml, build.gradle
Scanner: Maven dependency-check plugin
Package Count: ✅ Supported

Go

Package Managers: go modules
Lock Files: go.sum
Scanner: nancy, gosec
Package Count: ✅ Supported

PHP

Package Managers: composer
Lock Files: composer.lock
Scanner: composer audit
Package Count: ✅ Supported (even without Composer installed)

.NET/C#

Package Managers: NuGet
Lock Files: *.csproj, packages.config
Scanner: dotnet list package --vulnerable
Package Count: ✅ Supported

Rust

Package Managers: cargo
Lock Files: Cargo.lock
Scanner: cargo-audit
Package Count: ✅ Supported (even without cargo-audit installed)

Output Formats

Text: Human-readable console output (default)
JSON: Machine-readable format for automation
HTML: Interactive web report with charts
Markdown: Documentation-ready format
SARIF: Static Analysis Results Interchange Format for IDE integration

CI/CD Integration

# GitHub Actions example
- name: Security Scan
  run: |
    npm install -g @allthingsapi/ata-cli
    ata scan --fail-on high --output sarif --file results.sarif

- name: Upload SARIF
  uses: github/codeql-action/upload-sarif@v2
  with:
    sarif_file: results.sarif

Auto-Fix Capabilities

# Attempt to automatically fix vulnerabilities
ata scan --fix

# Force fixes (may include breaking changes)
ata scan --fix --force

The scanner will:

Identify fixable vulnerabilities
Create backups of lock files
Apply available patches
Show remaining unfixed vulnerabilities

Exit Codes for CI/CD

0: No vulnerabilities found
1: Low/Medium severity vulnerabilities
2: High severity vulnerabilities
3: Critical severity vulnerabilities
4: Scan error

🛠 Other Commands

ata logout — Log out and remove stored login information
ata update — Update ATA CLI to the latest version

🤝 Contributing

Contributions, issues, and feature requests are welcome! Please see the issues page or submit a pull request.

📬 Support

For help or questions, please visit the AllThingsAPI website or contact support.

FAQs

What is @allthingsapi/ata-cli?

Is @allthingsapi/ata-cli popular?

Is @allthingsapi/ata-cli well maintained?

Package last updated on 15 Oct 2025

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install