REST API Endpoints¶
Complete reference for all CertifyClouds REST API endpoints.
Authentication¶
Login¶
Response:
Logout¶
Get Current User¶
Health & System¶
Health Check¶
No authentication required.
License Status¶
No authentication required.
Identity Info¶
Returns current Azure identity information.
Discovery¶
Start Scan¶
POST /api/assets/discovery/scan
Authorization: Bearer {token}
Content-Type: application/json
{
"mode": "full" | "delta" | "force",
"subscriptions": ["sub-id-1", "sub-id-2"] // optional
}
Get Scan Status¶
Get Scan Results¶
List Scans¶
Query params: limit, offset
List Assets¶
Query params: - type: secret, key, certificate - status: healthy, warning, critical, expired - vault: vault name filter - subscription: subscription ID
Get Asset Details¶
List Vaults¶
Compliance¶
Get Score¶
Response:
{
"score": 87.5,
"passed": 42,
"failed": 6,
"total": 48,
"bySeverity": {
"critical": 0,
"high": 2,
"medium": 3,
"low": 1
}
}
List Violations¶
Query params: severity, framework, limit, offset
Evaluate Compliance¶
List Frameworks¶
Get Framework Details¶
Alerts¶
List Rules¶
Create Rule¶
POST /alerts/rules
Authorization: Bearer {token}
Content-Type: application/json
{
"name": "Expiring Secrets Alert",
"alertType": "secret_expiring",
"thresholdDays": 30,
"deliveryMethod": "email",
"deliveryMode": "digest",
"recipients": ["team@company.com"],
"enabled": true
}
Update Rule¶
PUT /alerts/rules/{rule_id}
Authorization: Bearer {token}
Content-Type: application/json
{
"thresholdDays": 14,
"enabled": false
}
Delete Rule¶
Test Rule¶
Get History¶
Query params: start_date, end_date, status
Subscriptions¶
List Subscriptions¶
Add Subscription¶
POST /subscriptions
Authorization: Bearer {token}
Content-Type: application/json
{
"subscriptionId": "12345678-1234-1234-1234-123456789012",
"name": "Production"
}
Remove Subscription¶
Test Connection¶
Audit¶
List Entries¶
Query params: - start_date: ISO 8601 date - end_date: ISO 8601 date - event_type: event type filter - actor: actor filter - limit, offset: pagination
Export Entries¶
Query params: format (json, csv, pdf), start_date, end_date
Rotation (PRO)¶
Run Discovery¶
List Apps¶
Get Matches¶
Rotate Secret¶
POST /api/automation/rotation/rotate
Authorization: Bearer {token}
Content-Type: application/json
{
"appId": "12345678-1234-1234-1234-123456789012",
"secretId": "secret-key-id",
"expiryDays": 365,
"updateKeyVaults": true
}
Get History¶
Sync (PRO)¶
List Records¶
Create Record¶
POST /api/automation/sync/records
Authorization: Bearer {token}
Content-Type: application/json
{
"sourceVault": "kv-production",
"sourceSecret": "api-key",
"targetProvider": "aws",
"targetService": "secretsmanager",
"targetName": "certifyclouds/api-key",
"targetRegion": "us-east-1",
"scheduleHours": 6,
"enabled": true
}
Trigger Sync¶
Get Status¶
Configure Provider¶
POST /api/automation/sync/providers/{provider}
Authorization: Bearer {token}
Content-Type: application/json
{
"accessKeyId": "AKIA...",
"secretAccessKey": "...",
"region": "us-east-1"
}
Dependencies (PRO)¶
List Dependencies¶
Get Blast Radius¶
Full-Stack Rotation¶
POST /api/assets/dependencies/rotate/{secret_id}
Authorization: Bearer {token}
Content-Type: application/json
{
"includeResources": ["resource-id-1", "resource-id-2"],
"skipVerification": false
}
Users (PRO)¶
List Users¶
Create User¶
POST /auth/users
Authorization: Bearer {token}
Content-Type: application/json
{
"username": "jsmith",
"email": "jsmith@company.com",
"password": "SecurePassword123!",
"role": "user"
}
Update User¶
PUT /auth/users/{user_id}
Authorization: Bearer {token}
Content-Type: application/json
{
"email": "john.smith@company.com",
"role": "admin"
}
Delete User¶
Unlock User¶
B2C Registry (PRO)¶
List Tenants¶
Register Tenant¶
POST /b2c/tenants
Authorization: Bearer {token}
Content-Type: application/json
{
"tenantId": "12345678-...",
"tenantDomain": "company.onmicrosoft.com",
"displayName": "Production B2C",
"clientId": "...",
"clientSecret": "...",
"autoDiscover": true,
"discoveryIntervalHours": 24
}