Question about OpenCRE API stability for WSTG → CRE mapping

[Nik-ui]

Hi OpenCRE team,

I am currently contributing to the OWASP Web Security Testing Guide (WSTG) project and working on mapping WSTG test IDs (e.g. WSTG-INPV-04) to corresponding CRE IDs.

While investigating, I found that the site uses the following endpoint:

https://opencre.org/rest/v1/text_search?text=WSTG-INPV-04

This endpoint returns structured JSON including CRE mappings via linked documents.

Before relying on this in an automated workflow, I wanted to ask:

• Is this endpoint considered stable and safe to use programmatically?
• Is there a preferred or officially supported API for resolving WSTG IDs to CRE mappings?

I would like to ensure the implementation aligns with OpenCRE’s intended usage and won’t break if internal APIs change.

Thanks in advance!

[northdpole]

Hey, it's great that you're doing this. If you want to only get a number of CREs related to a WSTG so you can link back, you can use the stable links here:
https://www.opencre.org/rest/v1/standard/OWASP%20Web%20Security%20Testing%20Guide%20(WSTG)?section=WSTG-BUSL-09
and to see the full WSTG you can use this link https://www.opencre.org/rest/v1/standard/OWASP%20Web%20Security%20Testing%20Guide%20(WSTG)

The text_search endpoint is stable as in we don't expect it to change in the immediate future but you're still essentially doing a db lookup with a regexp. If you want any other functionality please let us know and we'd be happy to prioritise

[Nik-ui]

Hey, it's great that you're doing this. If you want to only get a number of CREs related to a WSTG so you can link back, you can use the stable links here: https://www.opencre.org/rest/v1/standard/OWASP%20Web%20Security%20Testing%20Guide%20(WSTG)?section=WSTG-BUSL-09 and to see the full WSTG you can use this link https://www.opencre.org/rest/v1/standard/OWASP%20Web%20Security%20Testing%20Guide%20(WSTG)

The text_search endpoint is stable as in we don't expect it to change in the immediate future but you're still essentially doing a db lookup with a regexp. If you want any other functionality please let us know and we'd be happy to prioritise

@northdpole Thanks for sharing these links , that’s really helpful.

Using the stable section links for mapping WSTG to CREs is exactly what I was looking for, and it should make linking much more reliable. I also appreciate the clarification on the text_search endpoint, good to know it’s stable for now even if it’s essentially a regex-based lookup.

If I run into any gaps or need additional functionality, I will definitely reach out. Thanks again for the support.