Skip to content

KB Sync API

The Knowledge Base (KB) Sync API allows PRO installations to push locally discovered CPE mappings and pull published mappings from the central server. This creates a community-driven knowledge base that improves vulnerability matching accuracy over time.

The server also maintains the complete NVD CPE dictionary (~50K entries) as a baseline.

Authentication

KB Sync endpoints use a custom authentication scheme based on the signed license data:

Authorization: Bearer <first 64 chars of signed_data>
X-Installation-ID: SK-INST-XXXXXXXXXX
X-Edition: professional
  • Authorization: First 64 characters of the base64-encoded signed license
  • X-Installation-ID: The installation's unique ID
  • X-Edition: Must be professional for push operations

Push Mappings

Submit locally discovered CPE mappings from a PRO installation.

POST /api/v1/kb/mappings/push
Authorization: Bearer <token>
X-Installation-ID: SK-INST-XXXXXXXXXX
X-Edition: professional
Content-Type: application/json

Request Body

{
  "installation_id": "SK-INST-XXXXXXXXXX",
  "mappings": [
    {
      "vendor_pattern": "apache software foundation",
      "product_pattern": "http server",
      "cpe_vendor": "apache",
      "cpe_product": "http_server",
      "confidence": 0.85
    },
    {
      "vendor_pattern": "microsoft corporation",
      "product_pattern": "visual studio code",
      "cpe_vendor": "microsoft",
      "cpe_product": "visual_studio_code",
      "confidence": 0.90
    }
  ]
}
Field Type Required Description
installation_id string Yes Installation ID (must match header)
mappings array Yes List of mapping items (max 500)
mappings[].vendor_pattern string Yes Vendor name pattern to match
mappings[].product_pattern string Yes Product name pattern to match
mappings[].cpe_vendor string Yes Corresponding CPE vendor
mappings[].cpe_product string Yes Corresponding CPE product
mappings[].confidence float No Confidence score 0.0-1.0 (capped at 0.90 for community)

Response

{
  "status": "accepted",
  "accepted": 2,
  "message": "2 mappings accepted"
}

Security Model

  • Mappings are stored with is_published=false by default
  • A mapping is automatically published when 3 or more independent installations confirm the same vendor/product pair
  • Confidence scores from community contributions are capped at 0.90
  • Each subsequent push from a new installation increments the contribution_count

Pull Mappings

Download published mappings from the central KB. Available to all licensed installations.

GET /api/v1/kb/mappings/pull
Authorization: Bearer <token>
X-Installation-ID: SK-INST-XXXXXXXXXX

Query Parameters

Parameter Type Default Description
since ISO 8601 datetime None Only return mappings updated after this timestamp
source string all Filter by source: community, nvd, curated, or all
limit integer 50000 Maximum number of entries to return
offset integer 0 Pagination offset

Response

{
  "mappings": [
    {
      "vendor_pattern": "apache software foundation",
      "product_pattern": "http server",
      "cpe_vendor": "apache",
      "cpe_product": "http_server",
      "confidence": 0.85,
      "source": "community",
      "updated_at": "2026-02-10T12:00:00Z"
    },
    {
      "vendor_pattern": "microsoft",
      "product_pattern": "windows_10",
      "cpe_vendor": "microsoft",
      "cpe_product": "windows_10",
      "confidence": 1.0,
      "source": "nvd",
      "updated_at": "2026-02-09T03:00:00Z"
    }
  ],
  "total": 52341,
  "has_more": true
}

Incremental Sync

For efficient syncing, use the since parameter with the updated_at timestamp of the last received mapping:

# First sync — get everything
curl -H "Authorization: Bearer $TOKEN" \
     -H "X-Installation-ID: $INST_ID" \
     "https://portal.sentrikat.com/api/v1/kb/mappings/pull"

# Subsequent syncs — only changes
curl -H "Authorization: Bearer $TOKEN" \
     -H "X-Installation-ID: $INST_ID" \
     "https://portal.sentrikat.com/api/v1/kb/mappings/pull?since=2026-02-10T12:00:00Z"

Mapping Sources

Source Description Confidence Published
nvd NVD CPE dictionary (~50K entries) 1.0 Always
community Submitted by PRO installations 0.0-0.90 After 3+ confirmations
curated Manually verified by SentriKat team 0.0-1.0 Always

Rate Limits

Endpoint Limit
POST /api/v1/kb/mappings/push 1 request per installation per hour
GET /api/v1/kb/mappings/pull 1 request per installation per hour

Note

Rate limits are per installation ID, not per IP. The limit is intentionally generous since the on-premise service syncs in bulk rather than making frequent small requests.

Error Codes

Code Description
200 Success
400 Invalid request body or exceeds 500 mapping limit
401 Invalid or missing authentication
403 License is not PRO edition (push only) or license is expired
429 Rate limit exceeded