Skip to main content

Overview

The Cysmiq API provides programmatic access to your security data, enabling automation, custom integrations, and reporting workflows.

Base URL

All API requests use the following base URL:
Base URL
https://app.cysmiq.com/api/v1
Endpoints include your workspace slug as a path parameter, for example:
Example endpoint
https://app.cysmiq.com/api/v1/{tenant_slug}/vulnerabilities

Authentication

The API uses bearer token authentication. Include your API key in the Authorization header: 
curl https://app.cysmiq.com/api/v1/{tenant_slug}/vulnerabilities \
  -H "Authorization: Bearer YOUR_API_KEY"
API keys require the vulnerabilities:read scope to access vulnerability endpoints. To create an API key, see Managing API keys.

Rate limits

API requests are rate limited to 60 requests per minute per API token. Exceeding this limit returns a 429 Too Many Requests response.

Pagination

List endpoints support cursor-based pagination. Responses include a next_cursor field when more results are available:
Paginated response
{
  "items": [...],
  "next_cursor": "eyJpZCI6MTIzNH0"
}
Pass the cursor value to fetch the next page:
Next page request
curl "https://app.cysmiq.com/api/v1/{tenant_slug}/vulnerabilities?repo=org/repo&cursor=eyJpZCI6MTIzNH0" \
  -H "Authorization: Bearer YOUR_API_KEY"

Errors

The API returns standard HTTP status codes:
StatusDescription
200Success
401Unauthorized - invalid or missing API key
403Forbidden - insufficient permissions or scope
404Not found - resource doesn’t exist
422Validation error - invalid filter values
429Too many requests - rate limit exceeded
500Server error
Error responses include a message:
Error response
{
  "message": "Repository not found."
}
Validation errors include field-specific details:
Validation error
{
  "message": "The given data was invalid.",
  "errors": {
    "repo": ["The repo field is required."]
  }
}