API Reference¶
SentriKat provides a comprehensive REST API for all operations.
Base URL¶
Authentication¶
All API requests require authentication via Bearer token.
Getting a Token¶
curl -X POST https://sentrikat.example.com/api/auth/login \
-H "Content-Type: application/json" \
-d '{"username": "admin", "password": "your-password"}'
Response:
Using the Token¶
Include the token in all requests:
curl https://sentrikat.example.com/api/products \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..."
API Sections¶
-
Authentication
Login, logout, token management.
-
Products
CRUD operations for software inventory.
-
Vulnerabilities
Query and manage vulnerability matches.
-
Sync
KEV and EPSS synchronization.
-
Agent
Agent inventory submission.
-
Webhooks
Outgoing webhook configuration.
-
KB Sync
Community knowledge base push/pull.
Common Patterns¶
Pagination¶
List endpoints support pagination:
Response includes pagination metadata:
Filtering¶
Most list endpoints support filtering:
GET /api/products?vendor=Microsoft&criticality=5
GET /api/vulnerabilities?priority=critical&ransomware=true
Sorting¶
Sort results with sort and order:
Error Handling¶
Errors return appropriate HTTP status codes:
| Code | Meaning |
|---|---|
| 400 | Bad Request - Invalid parameters |
| 401 | Unauthorized - Missing/invalid token |
| 403 | Forbidden - Insufficient permissions |
| 404 | Not Found - Resource doesn't exist |
| 429 | Too Many Requests - Rate limited |
| 500 | Server Error - Contact support |
Error response format:
{
"error": "validation_error",
"message": "Invalid vendor name",
"details": {
"field": "vendor",
"constraint": "required"
}
}
Rate Limiting¶
API requests are rate limited:
| Endpoint | Limit |
|---|---|
| Auth endpoints | 10/minute |
| Agent endpoints | 60/minute |
| All other | 100/minute |
Rate limit headers:
OpenAPI Specification¶
Interactive API documentation available at:
Download OpenAPI spec: