Thank you for your reply.

I’m able to pull data via the API, but I noticed that not all records are returned.

For example, in the Generative AI category, I see 127 records on the portal, but the API only returns 8–9 records.
Also, not all users are returned either.

Do I need to implement pagination?
If so, how exactly should it be done?

Here are the URLs I used:

• https://{mcas_domain}.portal.cloudappsecurity.com/api/v1/discovery/discovered_apps/

• https://{mcas_domain}.portal.cloudappsecurity.com/api/v1/discovery/users/

And here is the script I used:

import requests
import pandas as pd

# 🔐 Token and domain info
access_token = "....."
mcas_domain = "<......>"

headers = {
'Authorization': f'Token {access_token}',
'Content-Type': 'application/json'
}

# 🔄 API URL: discovered_apps
api_url = f"https://{mcas_domain}.portal.cloudappsecurity.com/api/v1/discovery/discovered_apps/"
all_data = []

while api_url:
resp = requests.get(api_url, headers=headers)
print("Status code:", resp.status_code)

if resp.status_code != 200:
print("Error:", resp.text)
break

data = resp.json()
print("Number of records on page:", len(data.get("data", [])))
all_data.extend(data.get("data", []))
api_url = data.get("nextLink")

df = pd.json_normalize(all_data)

# 💾 Save to CSV
df.to_csv("discovered_apps.csv", index=False)
print("✅ discovered_apps.csv file created.")

hi @v-achippa

Thanks. I currently call /api/v1/discovery/discovered_apps to collect the appIds, then use those appIds together with a single streamId to call /api/v1/discovery/app_users for each appId. However, I only ever get a maximum of ~101 rows.

Based on your guidance, here’s the plan I will follow:

• GET https://{your-domain}.portal.cloudappsecurity.com/api/discovery/streams/
  Header: Authorization: <your_token>
  → First, I’ll fetch all streamIds from here.
• For each streamId, I’ll call /api/v1/discovery/discovered_apps.
• I’ll implement pagination by reading hasNext and nextQueryFilters from the response, and for the next request I’ll send them back in the body under queryFilters (repeat until the last page).
• After that, for each appId I’ll call /api/v1/discovery/app_users/ using the same pagination logic, iterating across all streams.

I’d like to confirm two details:

1. When moving to the next page, should the request body field indeed be queryFilters (i.e., pass the response’s nextQueryFilters back as raw JSON, without quotes)?
2. Is the per-page limit of ~100/101 a hard cap, or can it be increased? (We consistently see 101.)

Thanks again for the guidance

Hi @gulce,

Yes, you should pass the nextQueryFilters object back in the request body under filters exactly as JSON, do not wrap it in the quotes.
And the 100/101 rows per page is a fixed limit and it cannot be increased, so pagination is required to get all results.

Thanks and regards,

Anjan Kumar Chippa

Hi @v-achippa 

Testing Cloud Discovery – app_users API with Postman

Endpoint

POST https://<TENANT>.portal.cloudappsecurity.com/api/v1/discovery/app_users/

Headers

Authorization: Token <ACCESS_TOKEN> Content-Type: application/json

Request body I used

Works either flat or wrapped in filters. The wrapped form is the “official” one.

1. A) Wrapped in filters (recommended)

{"filters": {"streamId": "......................","appId": 11394,"timeframe": 90},"sortField": "trafficTotalBytes","sortDirection": "desc" }

1. B) Flat (also worked for me)

{"streamId": "......................","appId": 11394,"timeframe": 90,"sortField": "trafficTotalBytes","sortDirection": "desc" }

Response (summary)

{"total": 101,"hasNext": false,"data": [ ...users... ] }

• With these filters I get 101 users and hasNext: false.
• Sorting by trafficTotalBytes desc works and mirrors the Top 100 users view in the portal (https://security.microsoft.com/cloudapps/discover).
• The portal caps the visual list at 100 for that view, but the API returns all matches for the filter/page. In my case, there’s no next page, so hasNext is false.

Have you personally managed to fetch page 2+ from POST /api/v1/discovery/app_users? When the response returns hasNext: true with a nextQueryFilters object, do you paste that object verbatim inside filters for the next request (i.e., { "filters": <nextQueryFilters> }), rather than sending a top-level nextQueryFilters (which throws “Invalid filter params”)? If yes, could you share a minimal working body (redact IDs) and whether nextQueryFilters contained skip/page or a different token? Also, is the page size fixed (~101) or can it be increased?

Hi @gulce,

Yes when hasNext: true is returned, you need to take the nextQueryFilters object from the response and paste it in the verbatim inside filters for the next request, like for example
{
"filters": { ...nextQueryFilters... },
"streamId": "<streamId>",
"appId": <appId>,
"limit": 100
}
Do not send the nextQueryFilters as a top level field because that will fail.
And the page size is fixed at 100/101, it cannot be increased. The only way to get all results is to keep looping with hasNext or nextQueryFilters until there are no more pages.

Thanks and regards,

Anjan Kumar Chippa

Hi @gulce,

As we haven’t heard back from you, we wanted to kindly follow up to check if the solution I have provided for the issue worked? or let us know if you need any further assistance.

Thanks and regards,

Anjan Kumar Chippa

Hi @gulce,

We wanted to kindly follow up to check if the solution I have provided for the issue worked? or let us know if you need any further assistance.

Thanks and regards,

Anjan Kumar Chippa

Hi @gulce,

As we haven’t heard back from you, we wanted to kindly follow up to check if the solution I have provided for the issue worked? or let us know if you need any further assistance.

Thanks and regards,

Anjan Kumar Chippa