DocumentationAPI reference
The machine-readable OpenAPI description is served at /openapi.json. Import it into Postman, Insomnia, or your API client.
Product & dashboard APIs
Session-authenticated routes power the console: Red Team runs, assessment queueing, policy packs, gateway event ingestion, findings, and exports. For a feature-oriented map (Assurance hub, assessments, tool policy), see Dashboard & assurance. OpenAPI focuses on telemetry below; dashboard contracts follow Next.js route handlers in the repo.
Telemetry
POST /api/v1/telemetry/traces— ingest a trace with spansGET /api/v1/telemetry/traces— list recent traces (session or key-scoped per deployment)POST /api/v1/telemetry/test-connection— verify API key from the onboarding wizard