> ## Documentation Index
> Fetch the complete documentation index at: https://docs.cysmiq.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Introduction

> Programmatic access to Cysmiq for automation and integrations.

## Overview

The Cysmiq API provides programmatic access to your security data, enabling automation, custom integrations, and reporting workflows.

## Base URL

All API requests use the following base URL:

```text Base URL theme={null}
https://app.cysmiq.com/api/v1
```

Most endpoints include your workspace slug as a path parameter, for example:

```text Example endpoint theme={null}
https://app.cysmiq.com/api/v1/{tenant_slug}/vulnerabilities
```

The tenant discovery endpoint is not workspace-scoped:

```text Tenant list endpoint theme={null}
https://app.cysmiq.com/api/v1/tenants
```

## Authentication

The API uses bearer token authentication. Include your API key in the `Authorization` header:

<CodeGroup>
  ```bash cURL theme={null}
  curl https://app.cysmiq.com/api/v1/{tenant_slug}/vulnerabilities \
    -H "Authorization: Bearer YOUR_API_KEY"
  ```

  ```python Python theme={null}
  import requests

  response = requests.get(
      "https://app.cysmiq.com/api/v1/{tenant_slug}/vulnerabilities",
      headers={"Authorization": "Bearer YOUR_API_KEY"}
  )
  ```

  ```javascript JavaScript theme={null}
  const response = await fetch(
    "https://app.cysmiq.com/api/v1/{tenant_slug}/vulnerabilities",
    { headers: { "Authorization": "Bearer YOUR_API_KEY" } }
  );
  ```
</CodeGroup>

API keys require the scope that matches the endpoint. For example, vulnerability endpoints require `vulnerabilities:read`, application endpoints require `applications:read`, and the tenant list endpoint requires `tenants:read`. To create an API key, see [Managing API keys](/guides/api-keys).

## Rate limits

API requests are rate limited to **60 requests per minute** per API token. Exceeding this limit returns a `429 Too Many Requests` response.

## Pagination

List endpoints support cursor-based pagination. Responses include a `next_cursor` field when more results are available:

```json Paginated response theme={null}
{
  "items": [...],
  "next_cursor": "eyJpZCI6MTIzNH0"
}
```

Pass the cursor value to fetch the next page:

```bash Next page request theme={null}
curl "https://app.cysmiq.com/api/v1/{tenant_slug}/vulnerabilities?repo=org/repo&cursor=eyJpZCI6MTIzNH0" \
  -H "Authorization: Bearer YOUR_API_KEY"
```

## Errors

The API returns standard HTTP status codes:

| Status | Description                                   |
| ------ | --------------------------------------------- |
| 200    | Success                                       |
| 401    | Unauthorized - invalid or missing API key     |
| 403    | Forbidden - insufficient permissions or scope |
| 404    | Not found - resource does not exist           |
| 422    | Validation error - invalid filter values      |
| 429    | Too many requests - rate limit exceeded       |
| 500    | Server error                                  |

Error responses include a message:

```json Error response theme={null}
{
  "message": "Repository not found."
}
```

Validation errors include field-specific details:

```json Validation error theme={null}
{
  "message": "The given data was invalid.",
  "errors": {
    "repo": ["The repo field is required."]
  }
}
```

## Related docs

* [API keys](/security-access/api-keys): understanding API key types and scopes
* [Managing API keys](/guides/api-keys): creating and rotating keys
