VersionOps API Reference
Complete API documentation for integrating with VersionOps. All endpoints return JSON and use standard HTTP response codes.
Authentication
VersionOps uses JWT (JSON Web Tokens) for authentication. Include the token in the Authorization header for all authenticated requests.
Authorization Header
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...Login
/api/auth/loginAuthenticate user and receive access token.
Request Body
{
"username": "[email protected]",
"password": "password"
}Response
{
"access_token": "eyJhbGciOiJIUzI1NiIs...",
"token_type": "bearer"
}Service Token Authentication
For agent and machine-to-machine authentication, use service tokens. Create service tokens in Dashboard Settings.
Authorization: Bearer vops_agent_abc123...Token Expiration
Access tokens expire after 24 hours. Refresh by calling the login endpoint again. Service tokens do not expire unless manually revoked.
Public Endpoints
These endpoints do not require authentication.
/api/public/plansReturns list of active subscription plans.
Response
{
"items": [
{
"id": "free",
"name": "Free",
"price": 0,
"features": ["basic_inventory", "up_to_5_hosts"]
},
{
"id": "pro",
"name": "Professional",
"price": 29,
"features": ["unlimited_hosts", "cve_scanning", "notifications"]
}
]
}/api/public/featuresReturns list of available features.
Response
{
"items": [
{
"id": "cve_scanning",
"name": "CVE Scanning",
"description": "Automatic vulnerability detection"
}
]
}/api/configReturns public system configuration (LDAP enabled, SaaS mode, etc).
Response
{
"saas_enabled": true,
"ldap_enabled": false,
"registration_enabled": true
}User Endpoints
All user endpoints require a valid JWT token in the Authorization header.
/api/user/infoReturns current authenticated user information.
Response
{
"id": "user_123",
"email": "[email protected]",
"name": "John Doe",
"organization_id": "org_456",
"role": "admin",
"created_at": "2024-01-15T10:30:00Z"
}/api/user/featuresReturns features available to current user based on their subscription plan.
Response
{
"features": [
"basic_inventory",
"cve_scanning",
"notifications",
"smart_recommendations"
]
}Hosts
Manage and monitor hosts in your infrastructure.
/api/hostsList all hosts in your organization.
Parameters
| Name | Type | Description |
|---|---|---|
page | integer | Page number (default: 1) |
per_page | integer | Items per page (default: 20, max: 100) |
search | string | Search by hostname or IP |
Response
{
"items": [
{
"id": "host_123",
"hostname": "server-01",
"ip_address": "192.168.1.10",
"os": "Ubuntu 22.04",
"last_seen": "2024-01-20T15:30:00Z",
"agent_version": "1.0.5"
}
],
"total": 42,
"page": 1,
"per_page": 20
}/api/hosts/{host_id}Get detailed information about a specific host.
Parameters
| Name | Type | Description |
|---|---|---|
host_id | string | Host ID |
Response
{
"id": "host_123",
"hostname": "server-01",
"ip_address": "192.168.1.10",
"os": "Ubuntu 22.04",
"kernel": "5.15.0-generic",
"last_seen": "2024-01-20T15:30:00Z",
"agent_version": "1.0.5",
"applications_count": 15
}/api/hostsManually create a new host entry.
Request Body
{
"hostname": "server-01",
"ip_address": "192.168.1.10",
"os": "Ubuntu 22.04"
}Response
{
"id": "host_123",
"hostname": "server-01",
"ip_address": "192.168.1.10",
"os": "Ubuntu 22.04",
"created_at": "2024-01-20T15:30:00Z"
}/api/hosts/{host_id}Update host information.
Parameters
| Name | Type | Description |
|---|---|---|
host_id | string | Host ID |
Request Body
{
"hostname": "server-01-updated",
"ip_address": "192.168.1.11"
}/api/hosts/{host_id}Delete a host and all its associated data.
Parameters
| Name | Type | Description |
|---|---|---|
host_id | string | Host ID |
Applications
Track software applications and versions across your infrastructure.
/api/applicationsList all detected applications.
Response
{
"items": [
{
"name": "nginx",
"hosts_count": 12,
"versions": ["1.24.0", "1.23.4"],
"latest_version": "1.25.3"
},
{
"name": "postgresql",
"hosts_count": 5,
"versions": ["15.2", "14.8"],
"latest_version": "16.1"
}
]
}/api/applications/{name}Get detailed information about a specific application.
Parameters
| Name | Type | Description |
|---|---|---|
name | string | Application name |
Response
{
"name": "nginx",
"description": "High-performance web server",
"hosts": [
{
"host_id": "host_123",
"hostname": "web-01",
"version": "1.24.0"
}
],
"latest_version": "1.25.3",
"versions_distribution": {
"1.24.0": 8,
"1.23.4": 4
}
}/api/applications/{name}/statsGet version distribution statistics for an application.
Parameters
| Name | Type | Description |
|---|---|---|
name | string | Application name |
Response
{
"name": "nginx",
"total_hosts": 12,
"versions": {
"1.24.0": { "count": 8, "percentage": 66.7 },
"1.23.4": { "count": 4, "percentage": 33.3 }
},
"outdated_hosts": 4
}/api/applications/{name}/version-recommendationssmart_recommendationsGet smart version upgrade recommendations.
Parameters
| Name | Type | Description |
|---|---|---|
name | string | Application name |
Response
{
"name": "nginx",
"current_version": "1.23.4",
"recommendations": {
"patch": "1.23.5",
"minor": "1.24.0",
"major": "1.25.3"
},
"security_updates": true
}/api/applications/{name}/vulnerabilitiescve_scanningGet known vulnerabilities (CVEs) for an application.
Parameters
| Name | Type | Description |
|---|---|---|
name | string | Application name |
Response
{
"name": "nginx",
"vulnerabilities": [
{
"cve_id": "CVE-2023-12345",
"severity": "HIGH",
"cvss_score": 8.1,
"description": "Buffer overflow vulnerability",
"affected_versions": ["< 1.24.0"],
"fixed_version": "1.24.0"
}
]
}Projects (npm Monitoring)
Manage npm projects and scan dependencies for vulnerabilities. Projects allow you to track npm packages separately from host-based inventory.
/api/projectsList all projects in your organization.
Parameters
| Name | Type | Description |
|---|---|---|
page | integer | Page number (default: 1) |
limit | integer | Items per page (default: 20, max: 100) |
Response
{
"projects": [
{
"id": "proj_abc123",
"name": "my-frontend-app",
"type": "npm",
"description": "React frontend application",
"dependencies_count": 156,
"vulnerabilities": {
"critical": 1,
"high": 2,
"medium": 0,
"low": 0
},
"last_scan_at": "2024-01-20T15:30:00Z",
"created_at": "2024-01-01T00:00:00Z"
}
],
"total": 5,
"page": 1
}/api/projectsCreate a new project for npm dependency tracking.
Request Body
{
"name": "my-frontend-app",
"description": "React frontend application"
}Response
{
"id": "proj_abc123",
"name": "my-frontend-app",
"description": "React frontend application",
"created_at": "2024-01-20T15:30:00Z"
}/api/projects/importCreate a new project and import dependencies in one step. Ideal for importing package.json from a local file.
Request Body
{
"name": "my-frontend-app",
"type": "npm",
"description": "React frontend application",
"dependencies": [
{ "name": "react", "version": "^18.2.0", "is_dev": false },
{ "name": "lodash", "version": "^4.17.21", "is_dev": false },
{ "name": "jest", "version": "^29.0.0", "is_dev": true }
]
}Response
{
"id": "proj_abc123",
"name": "my-frontend-app",
"dependency_count": 3,
"vulnerability_count": 0,
"created_at": "2024-01-20T15:30:00Z"
}/api/projects/{project_id}Get detailed information about a specific project. Note: Dependencies are fetched separately via GET /api/projects/{id}/dependencies.
Parameters
| Name | Type | Description |
|---|---|---|
project_id | string | Project ID |
Response
{
"id": "proj_abc123",
"name": "my-frontend-app",
"type": "npm",
"description": "React frontend application",
"source_url": "https://github.com/example/my-app",
"branch": "main",
"dependencies_count": 156,
"vulnerabilities": {
"critical": 1,
"high": 2,
"medium": 0,
"low": 0,
"total": 3
},
"last_scan_at": "2024-01-20T15:30:00Z",
"created_at": "2024-01-01T00:00:00Z"
}/api/projects/{project_id}Delete a project and all its associated data.
Parameters
| Name | Type | Description |
|---|---|---|
project_id | string | Project ID |
Dependency Import
Recommended: include the lockfile
For accurate CVE matching, include your lockfile vialock_file_text (raw file contents) and lock_file_name(original filename — selects the parser). Supported:package-lock.json, yarn.lock v1, and yarn berry. Without a lockfile, versions are resolved against the npm registry and transitive dependencies are skipped.
/api/projects/{project_id}/import/package-jsonImport dependencies from package.json file. Include package-lock.json for exact versions and transitive dependencies. The import runs in the background.
Parameters
| Name | Type | Description |
|---|---|---|
project_id | string | Project ID |
Request Body
{
"package_json": {
"name": "my-app",
"version": "1.0.0",
"dependencies": {
"react": "^18.2.0",
"lodash": "^4.17.20"
},
"devDependencies": {
"jest": "^29.0.0"
}
},
"lock_file_text": "<raw contents of package-lock.json or yarn.lock>",
"lock_file_name": "package-lock.json"
}Response
{
"status": "importing",
"job_id": "job_abc123",
"message": "Import started in background"
}/api/projects/{project_id}/update-dependenciesRe-import package files and refresh the dependency list. Used by the 'Update Dependencies' button in UI. Triggers a full re-import and CVE scan.
Parameters
| Name | Type | Description |
|---|---|---|
project_id | string | Project ID |
Request Body
{
"package_json": {
"name": "my-app",
"version": "1.0.1",
"dependencies": {
"react": "^18.3.0",
"lodash": "^4.17.21"
}
},
"lock_file_text": "<raw contents of package-lock.json or yarn.lock>",
"lock_file_name": "package-lock.json"
}Response
{
"status": "importing",
"job_id": "job_xyz789",
"message": "Dependency update started in background"
}Dependencies Management
/api/projects/{project_id}/dependenciesList all dependencies in a project with version and vulnerability information.
Parameters
| Name | Type | Description |
|---|---|---|
project_id | string | Project ID |
include_dev | boolean | Include dev dependencies (default: true) |
vulnerable_only | boolean | Only show vulnerable packages (default: false) |
page | integer | Page number (default: 1) |
limit | integer | Items per page (default: 50) |
Response
{
"dependencies": [
{
"id": "dep_abc123",
"package_name": "react",
"declared_version": "^18.2.0",
"resolved_version": "18.2.0",
"latest_version": "18.2.0",
"is_dev_dependency": false,
"vulnerability_count": 0,
"critical_count": 0,
"high_count": 0
}
],
"total": 156,
"page": 1
}/api/projects/{project_id}/dependencies/addManually add a dependency to a project.
Parameters
| Name | Type | Description |
|---|---|---|
project_id | string | Project ID |
Request Body
{
"package_name": "axios",
"version": "1.6.0",
"is_dev_dependency": false
}Response
{
"id": "dep_xyz789",
"package_name": "axios",
"declared_version": "1.6.0",
"latest_version": "1.6.2",
"vulnerability_count": 0
}/api/projects/{project_id}/dependencies/{package_name}Remove a dependency from a project.
Parameters
| Name | Type | Description |
|---|---|---|
project_id | string | Project ID |
package_name | string | Package name (URL encoded if contains special chars) |
Response
{
"message": "Dependency 'axios' removed"
}Vulnerability Scanning
/api/projects/{project_id}/rescancve_scanningRe-scan existing dependencies for new CVE vulnerabilities. Used by the 'Scan Now' button in UI.
Parameters
| Name | Type | Description |
|---|---|---|
project_id | string | Project ID |
Response
{
"project_id": "proj_abc123",
"scan_completed_at": "2024-01-20T15:30:00Z",
"summary": {
"total_dependencies": 156,
"vulnerable_packages": 3,
"critical_vulnerabilities": 1,
"high_vulnerabilities": 2
},
"status": "warning"
}/api/projects/{project_id}/scancve_scanningFull CI/CD scan endpoint. Requires package.json payload. Used for automated scanning from CI/CD pipelines.
Parameters
| Name | Type | Description |
|---|---|---|
project_id | string | Project ID |
Request Body
{
"project_name": "my-app",
"package_json": {
"name": "my-app",
"dependencies": { "lodash": "^4.17.20" }
},
"package_lock": { ... },
"build_number": "123",
"commit_sha": "abc123",
"branch": "main"
}Response
{
"project_id": "proj_abc123",
"scan_completed_at": "2024-01-20T15:30:00Z",
"build_number": "123",
"commit_sha": "abc123",
"summary": {
"total_dependencies": 50,
"vulnerable_packages": 2,
"critical_vulnerabilities": 0,
"high_vulnerabilities": 1
},
"status": "warning"
}/api/projects/{project_id}/vulnerabilitiescve_scanningGet list of vulnerabilities found in project dependencies.
Parameters
| Name | Type | Description |
|---|---|---|
project_id | string | Project ID |
severity | string | Filter by severity (LOW, MEDIUM, HIGH, CRITICAL) |
Response
{
"items": [
{
"id": "GHSA-xxxx-yyyy-zzzz",
"source": "github_advisory",
"severity": "HIGH",
"cvss_score": 7.5,
"package": "lodash",
"affected_versions": "< 4.17.21",
"installed_version": "4.17.20",
"fixed_version": "4.17.21",
"title": "Prototype Pollution in lodash",
"description": "Lodash versions prior to 4.17.21 are vulnerable to prototype pollution..."
}
],
"total": 3
}/api/projects/{project_id}/recommendationssmart_recommendationsGet semver-aware update recommendations for project dependencies.
Parameters
| Name | Type | Description |
|---|---|---|
project_id | string | Project ID |
Response
{
"items": [
{
"package": "lodash",
"current_version": "4.17.20",
"recommendations": {
"patch": "4.17.21",
"minor": null,
"major": null
},
"has_security_fix": true,
"changelog_url": "https://github.com/lodash/lodash/releases/tag/4.17.21"
},
{
"package": "react",
"current_version": "17.0.2",
"recommendations": {
"patch": "17.0.3",
"minor": null,
"major": "18.2.0"
},
"has_security_fix": false
}
]
}CI/CD Integration
CI/CD scans run asynchronously. POST /api/public/cicd/scan queues a scan job and returns a job_id; upload-only pipelines stop here. Pipelines that gate the build poll GET /api/public/cicd/jobs/{job_id}until status is completed, failed, orcancelled, then exit with exit_code(0 ok, 1 CRITICAL found, 2 scan error,3 cancelled).
/api/public/cicd/scanQueue an async dependency scan from CI. Returns a job_id to poll. Use from GitHub Actions, GitLab CI, or Jenkins.
Request Body
{
"project_name": "my-frontend-app",
"package_json": {
"name": "my-app",
"dependencies": { "lodash": "^4.17.20" }
},
"lock_file_text": "<raw contents of package-lock.json or yarn.lock>",
"lock_file_name": "package-lock.json",
"commit_sha": "abc123...",
"branch": "main"
}Response
{
"success": true,
"job_id": "job_abc123",
"project_id": "proj_abc123",
"project_name": "my-frontend-app",
"status": "queued",
"poll_url": "/api/public/cicd/jobs/job_abc123"
}/api/public/cicd/jobs/{job_id}Poll a CI/CD scan job. Returns progress while running, then result + exit_code when terminal. exit_code: 0 = ok, 1 = CRITICAL found, 2 = scan error, 3 = cancelled.
Parameters
| Name | Type | Description |
|---|---|---|
job_id | string | Job ID returned by /api/public/cicd/scan |
Response
{
"job_id": "job_abc123",
"status": "completed",
"progress": { "total": 142, "processed": 142, "percent": 100 },
"exit_code": 1,
"result": {
"vulnerabilities": {
"critical": 1,
"high": 2,
"medium": 4,
"low": 7
},
"details": [
{
"id": "GHSA-xxxx-yyyy-zzzz",
"severity": "CRITICAL",
"package": "lodash",
"fixed_version": "4.17.21"
}
]
}
}Security Scanning (Trivy)
Scan container images, Infrastructure as Code files, and Kubernetes manifests for vulnerabilities and misconfigurations. Powered by Trivy.
/api/trivy/healthCheck Trivy scanner health and availability.
Response
{
"status": "healthy",
"trivy_version": "0.50.0",
"db_updated_at": "2026-03-25T12:00:00Z"
}Container Image Scanning
/api/trivy/scan/containercontainer_scanningScan a container image for vulnerabilities. For private images, matching registry credentials are applied automatically.
Request Body
{
"image": "nginx:1.25",
"severity": "CRITICAL,HIGH,MEDIUM"
}Response
{
"scan_id": "scan_abc123",
"status": "completed",
"image": "nginx:1.25",
"scan_type": "container",
"summary": {
"critical": 2,
"high": 5,
"medium": 12,
"low": 8,
"total": 27
},
"completed_at": "2026-03-26T10:30:00Z"
}/api/trivy/scan/{scan_id}Get detailed results of a specific scan.
Parameters
| Name | Type | Description |
|---|---|---|
scan_id | string | Scan ID |
Response
{
"scan_id": "scan_abc123",
"status": "completed",
"scan_type": "container",
"image": "nginx:1.25",
"summary": {
"critical": 2,
"high": 5,
"medium": 12,
"low": 8,
"total": 27
},
"started_at": "2026-03-26T10:29:00Z",
"completed_at": "2026-03-26T10:30:00Z"
}/api/trivy/scan/{scan_id}/vulnerabilitiesGet list of vulnerabilities found in a scan.
Parameters
| Name | Type | Description |
|---|---|---|
scan_id | string | Scan ID |
severity | string | Filter by severity (CRITICAL, HIGH, MEDIUM, LOW) |
page | integer | Page number (default: 1) |
limit | integer | Items per page (default: 50) |
Response
{
"vulnerabilities": [
{
"vulnerability_id": "CVE-2024-1234",
"severity": "CRITICAL",
"cvss_score": 9.8,
"package_name": "openssl",
"installed_version": "1.1.1k",
"fixed_version": "1.1.1l",
"title": "Buffer overflow in OpenSSL",
"description": "A buffer overflow vulnerability...",
"primary_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1234"
}
],
"total": 27,
"page": 1
}IaC and Kubernetes Scanning
/api/trivy/scan/iaccontainer_scanningScan Infrastructure as Code files for misconfigurations. Supports Terraform, CloudFormation, Dockerfiles, and Helm charts.
Request Body
{
"content": "resource \"aws_s3_bucket\" \"data\" {\n bucket = \"my-bucket\"\n}",
"filename": "main.tf",
"severity": "CRITICAL,HIGH,MEDIUM"
}Response
{
"scan_id": "scan_iac456",
"status": "completed",
"scan_type": "iac",
"summary": {
"critical": 0,
"high": 2,
"medium": 3,
"low": 1,
"total": 6
},
"completed_at": "2026-03-26T10:35:00Z"
}/api/trivy/scan/kubernetescontainer_scanningScan Kubernetes manifests against CIS benchmarks and security best practices.
Request Body
{
"content": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: my-app\n...",
"filename": "deployment.yaml",
"severity": "CRITICAL,HIGH"
}Response
{
"scan_id": "scan_k8s789",
"status": "completed",
"scan_type": "kubernetes",
"summary": {
"critical": 1,
"high": 3,
"medium": 0,
"low": 0,
"total": 4
},
"completed_at": "2026-03-26T10:40:00Z"
}Container Image Management
/api/trivy/imagesList all tracked container images.
Parameters
| Name | Type | Description |
|---|---|---|
page | integer | Page number (default: 1) |
limit | integer | Items per page (default: 20) |
Response
{
"images": [
{
"id": "img_abc123",
"image": "nginx:1.25",
"auto_scan": true,
"scan_interval_hours": 24,
"last_scan_at": "2026-03-26T10:30:00Z",
"vulnerability_summary": {
"critical": 2,
"high": 5,
"medium": 12,
"low": 8
},
"created_at": "2026-03-01T00:00:00Z"
}
],
"total": 5,
"page": 1
}/api/trivy/imagesAdd a container image to tracking. Optionally enable auto-scan.
Request Body
{
"image": "nginx:1.25",
"auto_scan": true,
"scan_interval_hours": 24
}Response
{
"id": "img_abc123",
"image": "nginx:1.25",
"auto_scan": true,
"scan_interval_hours": 24,
"created_at": "2026-03-26T10:00:00Z"
}Scan History & Analytics
/api/trivy/scansGet scan history with filtering.
Parameters
| Name | Type | Description |
|---|---|---|
scan_type | string | Filter by type (container, iac, kubernetes) |
page | integer | Page number (default: 1) |
limit | integer | Items per page (default: 20) |
Response
{
"scans": [
{
"scan_id": "scan_abc123",
"scan_type": "container",
"target": "nginx:1.25",
"status": "completed",
"summary": { "critical": 2, "high": 5, "medium": 12, "low": 8 },
"completed_at": "2026-03-26T10:30:00Z"
}
],
"total": 50,
"page": 1
}/api/trivy/analytics/summaryGet aggregated vulnerability analytics and trends.
Parameters
| Name | Type | Description |
|---|---|---|
days | integer | Time range in days (7, 30, or 90, default: 30) |
Response
{
"total_scans": 150,
"total_vulnerabilities": 342,
"severity_breakdown": {
"critical": 12,
"high": 45,
"medium": 156,
"low": 129
},
"trends": {
"critical": [
{ "date": "2026-03-20", "count": 15 },
{ "date": "2026-03-26", "count": 12 }
]
},
"top_vulnerable_images": [
{ "image": "node:18", "vulnerability_count": 45 }
]
}Container Registries
Manage private container registry credentials for scanning private images. Credentials are encrypted at rest and masked in API responses.
/api/trivy/registriesList all configured container registries.
Response
{
"registries": [
{
"id": "reg_abc123",
"name": "Production ECR",
"registry_type": "ecr",
"url": "123456789.dkr.ecr.us-east-1.amazonaws.com",
"status": "active",
"last_tested_at": "2026-03-26T09:00:00Z",
"created_at": "2026-03-01T00:00:00Z"
}
],
"total": 3
}/api/trivy/registriesAdd registry credentials. Credentials are encrypted at rest.
Request Body
{
"name": "Production ECR",
"registry_type": "ecr",
"url": "123456789.dkr.ecr.us-east-1.amazonaws.com",
"credentials": {
"aws_access_key_id": "AKIAIOSFODNN7EXAMPLE",
"aws_secret_access_key": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
"aws_region": "us-east-1"
}
}Response
{
"id": "reg_abc123",
"name": "Production ECR",
"registry_type": "ecr",
"url": "123456789.dkr.ecr.us-east-1.amazonaws.com",
"status": "active",
"created_at": "2026-03-26T10:00:00Z"
}/api/trivy/registries/{id}Update registry credentials or settings.
Parameters
| Name | Type | Description |
|---|---|---|
id | string | Registry ID |
Request Body
{
"name": "Production ECR (updated)",
"credentials": {
"aws_access_key_id": "AKIANEWKEY...",
"aws_secret_access_key": "newSecretKey...",
"aws_region": "us-east-1"
}
}/api/trivy/registries/{id}Delete registry credentials.
Parameters
| Name | Type | Description |
|---|---|---|
id | string | Registry ID |
/api/trivy/registries/{id}/testTest registry connection with stored credentials.
Parameters
| Name | Type | Description |
|---|---|---|
id | string | Registry ID |
Response
{
"success": true,
"message": "Successfully authenticated to registry",
"response_time_ms": 245
}/api/trivy/registries/typesGet list of supported registry types with configuration templates.
Response
{
"types": [
{
"id": "dockerhub",
"name": "Docker Hub",
"url_template": "https://index.docker.io/v1/",
"auth_type": "basic",
"required_fields": ["username", "password"]
},
{
"id": "ecr",
"name": "AWS ECR",
"url_template": "{account_id}.dkr.ecr.{region}.amazonaws.com",
"auth_type": "ecr",
"required_fields": ["aws_access_key_id", "aws_secret_access_key", "aws_region"]
},
{
"id": "gcr",
"name": "Google Artifact Registry",
"url_template": "{region}-docker.pkg.dev",
"auth_type": "gcr",
"required_fields": ["service_account_json"]
},
{
"id": "acr",
"name": "Azure Container Registry",
"url_template": "{name}.azurecr.io",
"auth_type": "acr",
"required_fields": ["tenant_id", "client_id", "client_secret"]
}
]
}Admin Endpoints
Organization administration endpoints. Require admin or org_admin role.
Service Tokens
/api/admin/service-tokensList all service tokens for agent authentication.
Response
{
"items": [
{
"id": "token_123",
"name": "Production Agents",
"prefix": "vops_agent_abc",
"is_active": true,
"last_used": "2024-01-20T15:30:00Z",
"created_at": "2024-01-01T00:00:00Z"
}
]
}/api/admin/service-tokensCreate a new service token.
Request Body
{
"name": "Production Agents",
"description": "Token for production server agents"
}Response
{
"id": "token_123",
"name": "Production Agents",
"token": "vops_agent_abc123def456...",
"created_at": "2024-01-20T15:30:00Z"
}/api/admin/service-tokens/{id}/toggleEnable or disable a service token.
Parameters
| Name | Type | Description |
|---|---|---|
id | string | Token ID |
/api/admin/service-tokens/{id}Delete a service token.
Parameters
| Name | Type | Description |
|---|---|---|
id | string | Token ID |
Notification Rules
/api/admin/notification-rulesList all notification rules.
Response
{
"items": [
{
"id": "rule_123",
"name": "Critical CVE Alert",
"condition": "cve_severity >= HIGH",
"channels": ["email", "slack"],
"is_active": true
}
]
}/api/admin/notification-rulesCreate a new notification rule.
Request Body
{
"name": "Critical CVE Alert",
"condition": "cve_severity >= HIGH",
"channels": ["email", "slack"],
"recipients": ["[email protected]"]
}Configuration
/api/admin/ldap-configGet LDAP configuration.
/api/admin/ldap-configUpdate LDAP configuration.
Request Body
{
"enabled": true,
"server_url": "ldaps://ldap.example.com:636",
"bind_dn": "cn=admin,dc=example,dc=com",
"bind_password": "password",
"base_dn": "ou=users,dc=example,dc=com"
}/api/admin/ldap-config/testTest LDAP connection.
/api/admin/smtp-configGet SMTP configuration.
/api/admin/smtp-configcustom_smtpUpdate SMTP configuration for email notifications.
Request Body
{
"host": "smtp.example.com",
"port": 587,
"username": "[email protected]",
"password": "password",
"from_address": "[email protected]",
"use_tls": true
}CVE Scanning
/api/vulnerabilitiescve_scanningList all detected vulnerabilities.
/api/admin/cve/scancve_scanningTrigger a manual CVE scan.
/api/admin/cve/scan-historycve_scanningGet CVE scan history.
Scheduler
/api/admin/scheduler/statusGet scheduler status and running jobs.
/api/admin/scheduler-settingsGet scheduler settings.
/api/admin/scheduler-settingsUpdate scheduler settings.
Request Body
{
"cve_scan_interval": 3600,
"version_check_interval": 86400
}/api/admin/scheduler/restartRestart the scheduler.
Superadmin Endpoints
Platform administration endpoints. Require is_superadmin: true on user.
Dashboard
/api/superadmin/statsGet platform-wide statistics.
Response
{
"total_users": 1250,
"total_organizations": 85,
"total_hosts": 3420,
"active_subscriptions": 72
}Users
/api/superadmin/usersList all users across all organizations.
/api/superadmin/users/{id}/toggleEnable or disable a user account.
Parameters
| Name | Type | Description |
|---|---|---|
id | string | User ID |
/api/superadmin/users/{id}Delete a user account.
Parameters
| Name | Type | Description |
|---|---|---|
id | string | User ID |
Organizations
/api/superadmin/organizationsList all organizations.
/api/superadmin/organizations/{id}Update organization settings.
Parameters
| Name | Type | Description |
|---|---|---|
id | string | Organization ID |
/api/superadmin/organizations/{id}Delete an organization and all its data.
Parameters
| Name | Type | Description |
|---|---|---|
id | string | Organization ID |
Plans & Features
/api/superadmin/plansList all subscription plans.
/api/superadmin/plans/{id}Update a subscription plan.
Parameters
| Name | Type | Description |
|---|---|---|
id | string | Plan ID |
/api/superadmin/featuresList all features.
/api/superadmin/featuresCreate a new feature.
Request Body
{
"id": "new_feature",
"name": "New Feature",
"description": "Feature description"
}/api/superadmin/features/{id}Update a feature.
Parameters
| Name | Type | Description |
|---|---|---|
id | string | Feature ID |
/api/superadmin/features/{id}Delete a feature.
Parameters
| Name | Type | Description |
|---|---|---|
id | string | Feature ID |
Templates
/api/superadmin/templatesList application configuration templates.
Parameters
| Name | Type | Description |
|---|---|---|
status | string | Filter by status (draft, published, archived) |
category | string | Filter by category |
/api/superadmin/templatesCreate a new template (draft).
/api/superadmin/templates/{id}/publishPublish a draft template.
Parameters
| Name | Type | Description |
|---|---|---|
id | string | Template ID |
/api/superadmin/templates/{id}/archiveArchive a published template.
Parameters
| Name | Type | Description |
|---|---|---|
id | string | Template ID |
Agent Endpoints
Endpoints for host agents using service tokens. Authenticate with Authorization: Bearer vops_agent_...
/api/agents/registerRegister a new agent and create/update host entry.
Request Body
{
"hostname": "server-01",
"ip_address": "192.168.1.10",
"os": "Ubuntu 22.04",
"agent_version": "1.0.0"
}Response
{
"host_id": "host_123",
"hostname": "server-01",
"status": "registered"
}/api/hosts/{host_id}/collectSubmit collected application data from host.
Parameters
| Name | Type | Description |
|---|---|---|
host_id | string | Host ID returned from registration |
Request Body
{
"applications": [
{"name": "nginx", "version": "1.24.0"},
{"name": "postgresql", "version": "15.2"},
{"name": "redis", "version": "7.2.3"}
]
}Response
{
"status": "success",
"applications_updated": 3,
"timestamp": "2024-01-20T15:30:00Z"
}Error Handling
All errors follow a consistent format with appropriate HTTP status codes.
Error Response Format
{
"detail": "Error message describing what went wrong"
}| Status Code | Meaning | Description |
|---|---|---|
400 | Bad Request | Invalid input or missing required fields |
401 | Unauthorized | Missing or invalid authentication token |
403 | Forbidden | Insufficient permissions for this action |
404 | Not Found | Requested resource does not exist |
422 | Validation Error | Request body validation failed |
429 | Too Many Requests | Rate limit exceeded |
500 | Server Error | Internal server error |
Rate Limiting
API requests are rate limited to ensure fair usage:
- Default: 100 requests/minute per IP
- Auth endpoints: 10 requests/minute
- Agent endpoints: 1000 requests/minute
When rate limited, you will receive a 429 response. The Retry-After header indicates when you can retry.
Pagination
All list endpoints support pagination with consistent parameters and response format.
Request Parameters
| Parameter | Type | Default | Description |
|---|---|---|---|
page | integer | 1 | Page number (1-indexed) |
limit | integer | 20 | Items per page (max: 100). Some endpoints use per_page. |
Response Format
Response keys vary by resource type:
// Projects endpoint
{
"projects": [...],
"total": 150,
"page": 1
}
// Dependencies endpoint
{
"dependencies": [...],
"total": 50,
"page": 1
}
// Other endpoints (hosts, applications, etc.)
{
"items": [...],
"total": 150,
"page": 1
}Example: Fetching Page 2 with 50 items
GET /api/projects?page=2&limit=50