Bulk Import API
The Bulk Import API is designed for external systems that manage large volumes of assets and need to push them into VSEC — including full parent-child hierarchies — without overwriting or duplicating what’s already there.
When an external system submits an import, VSEC stores the proposed asset tree as a pending review request. No assets are created or modified until a VSEC user reviews the proposal in the Asset Manager UI and explicitly accepts it. This gives teams full control over what enters their inventory, even when imports are automated.
Base URL: https://<your-vsec-domain>/api/v1/asset-manager
When to use this API
Use the Bulk Import API when:
- An external tool (e.g. a Jira integration, SBOM system, or PLM tool) needs to push assets into VSEC on a schedule or in bulk
- Your assets have existing hierarchies (Vehicles with nested Components and Features) that must be preserved
- Some of the assets being imported may already exist in VSEC and should be updated, not duplicated
- You want VSEC users to review proposed changes before they take effect
Authentication
Authorization: Bearer <your_provider_token>Generate a provider token in Asset Manager → Settings → Providers. See Enrichment → Custom Enrichment Providers.
How It Works
The external system calls one endpoint: POST /enrichment/import. This stores the proposed asset tree in VSEC and returns a uuid. The import then appears in the Asset Manager UI under Generator Results, where a VSEC user can review the proposed hierarchy, see which assets already exist, and accept or discard the import.
External system VSEC user
────────────── ─────────
POST /enrichment/import → Reviews in Asset Manager UI
(submits asset tree) → Accepts (assets created / updated)
→ Discards (nothing written)VSEC automatically detects which assets in the import already exist (matched by name + type + parent) and flags them. When the user accepts, existing assets are updated and new ones are created — no duplicates.
Submitting an Import
POST /enrichment/import
Headers:
Authorization: Bearer <your_provider_token>
Content-Type: application/jsonRequest body:
{
"source": "jira-integration",
"provider": "your-tool-name",
"assets": [
{
"assetName": "PF 2026",
"type": "Vehicle",
"description": "Optional description",
"properties": [
{ "name": "Vehicle Line", "value": "PF" },
{ "name": "Model Year", "value": "2026" },
{ "name": "Product ID", "value": "SP1" }
],
"subAssets": [
{
"assetName": "PAM",
"type": "Component",
"description": "",
"properties": [
{ "name": "Supplier", "value": "Valeo 0048" }
],
"subAssets": []
}
]
}
]
}Body fields:
| Field | Required | Description |
|---|---|---|
source | No | Label for the originating system (e.g. "jira", "plm-tool") — stored with the request for traceability |
provider | No | Your integration name — stored with the request |
assets | Yes | Array of root asset nodes. Each node can contain subAssets recursively to any depth. |
Asset node fields:
| Field | Required | Description |
|---|---|---|
assetName | Yes | Display name of the asset |
type | Yes | Asset type name — must match an existing type in VSEC (e.g. Vehicle, Component, Feature) |
description | No | Free-text description |
properties | No | Array of { "name": "...", "value": "..." } — property names must match existing properties in VSEC |
subAssets | No | Child asset nodes (same structure, recursive) |
Response 200:
{
"uuid": "550e8400-e29b-41d4-a716-446655440000",
"message": "Import stored for review",
"status": "pending",
"existingAssetsDetected": true,
"existingAssetSummary": [
{ "assetName": "PF 2026", "type": "Vehicle" },
{ "assetName": "PAM", "type": "Component" }
]
}uuid— Unique identifier for this import request.existingAssetsDetected—trueif any asset in the submitted tree matches an asset already in VSEC (matched by name + type + parent). When the user accepts, those assets will be updated rather than duplicated.existingAssetSummary— List of assets that will be updated on accept. Only present whenexistingAssetsDetectedistrue.
Response 400: Invalid or missing body, or empty assets array.
Response 403: Authentication failed or missing permission.
multipart/form-data request with a PDF or JSON file under the key file. PDFs are parsed using the same field-extraction logic as the in-app PDF import.What Happens After Import
Once submitted, the import appears in the Generator Results tab in Asset Manager. The reviewing user will see:
- The proposed asset tree with names, types, and properties
- Which assets already exist and will be updated vs. created fresh
- The ability to accept the full import, accept individual root assets, or discard entirely
When accepted:
- New assets are created and linked into the hierarchy
- Existing matched assets have their properties updated
- Parent-child links are created or preserved
When discarded:
- Nothing is written to the inventory
- The request is marked as discarded
Properties
Property names in the import payload are matched by name against the properties defined in your VSEC workspace. The following default properties are always available:
| Name | Notes |
|---|---|
Product Owner | Text — responsible person |
Keywords | Tags — matched against threat intelligence |
Interfaces | Multi-select — valid values: Wi-Fi, Bluetooth, Cellular, CAN, GPS, USB, JTAG, LIN, RF, Automotive Ethernet, FlexRay |
Product ID | Text |
Vehicle Line | Text |
Model Year | Text |
You can also send property names matching any custom properties defined in Asset Manager → Configuration → Properties. Unknown property names are currently ignored without error.
Error Codes
| Code | Meaning |
|---|---|
400 | Invalid or missing body, or empty assets array |
403 | Authentication failed or missing permission |
404 | UUID not found or not associated with your token |