API Overview

Infracast provides a comprehensive REST API for programmatic access to all platform features.

Base URL

Environment	URL
Production	https://api.infracast.io
Development	https://dev.infracast.io
Self-hosted	https://your-domain.com

Authentication

All API requests require a Bearer token:

curl -H "Authorization: Bearer YOUR_API_TOKEN" \
  https://api.infracast.io/api/v1/tenants/my-tenant/nodes

See Authentication for details on obtaining tokens.

API Versioning

The API is versioned via URL path:

/api/v1/...   # Current stable version

Breaking changes will increment the version. Deprecation notices are provided 6 months before removal.

Common Patterns

Request Format

• Content-Type: application/json
• Method: GET (read), POST (create), PUT (update), DELETE (remove)

Response Format

All responses follow a consistent structure:

{
  "data": { ... },          // Response payload
  "meta": {                 // Metadata (optional)
    "total": 142,
    "page": 1,
    "per_page": 50
  },
  "error": null             // Error details (if any)
}

Error Responses

Errors include a code and message:

{
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Invalid or expired token",
    "details": null
  }
}

HTTP Status	Error Code	Description
400	BAD_REQUEST	Invalid request body or parameters
401	UNAUTHORIZED	Missing or invalid token
403	FORBIDDEN	Insufficient permissions
404	NOT_FOUND	Resource doesn't exist
429	RATE_LIMITED	Too many requests
500	INTERNAL_ERROR	Server error

Pagination

List endpoints support pagination:

# Get page 2 with 100 items per page
GET /api/v1/tenants/{tenant}/nodes?page=2&per_page=100

Response includes pagination metadata:

{
  "items": [...],
  "total": 5420,
  "page": 2,
  "per_page": 100,
  "total_pages": 55
}

Filtering

Most list endpoints support filtering:

# Filter nodes by type and region
GET /api/v1/tenants/{tenant}/nodes?types=aws.ec2.instance&region=us-east-1

# Filter findings by severity
GET /api/v1/tenants/{tenant}/findings?severity=HIGH,CRITICAL

Sorting

Sort results using sort parameter:

# Sort by created_at descending
GET /api/v1/tenants/{tenant}/nodes?sort=-created_at

# Sort by name ascending
GET /api/v1/tenants/{tenant}/nodes?sort=name

Rate Limiting

Plan	Requests/minute	Burst
Free	60	10
Pro	300	50
Enterprise	1000	100

Rate limit headers are included in responses:

X-RateLimit-Limit: 300
X-RateLimit-Remaining: 287
X-RateLimit-Reset: 1710432000

When rate limited, you'll receive:

{
  "error": {
    "code": "RATE_LIMITED",
    "message": "Rate limit exceeded. Retry after 45 seconds.",
    "retry_after": 45
  }
}

Quick Reference

Health & Status

Endpoint	Method	Description
/healthz	GET	Health check (no auth)
/api/v1/status	GET	API status with DB connection

Authentication

Endpoint	Method	Description
/api/v1/auth/token	POST	Get access token
/api/v1/auth/refresh	POST	Refresh expired token
/api/v1/auth/me	GET	Current user info

Tenants

Endpoint	Method	Description
/api/v1/tenants	GET	List tenants
/api/v1/tenants	POST	Create tenant
/api/v1/tenants/{id}	GET	Get tenant
/api/v1/tenants/{id}	PUT	Update tenant
/api/v1/tenants/{id}	DELETE	Delete tenant

Nodes

Endpoint	Method	Description
/api/v1/tenants/{t}/nodes	GET	List nodes
/api/v1/tenants/{t}/nodes/{id}	GET	Get node
/api/v1/tenants/{t}/nodes	POST	Create node
/api/v1/tenants/{t}/nodes/{id}	DELETE	Delete node

Edges

Endpoint	Method	Description
/api/v1/tenants/{t}/edges	GET	List edges
/api/v1/tenants/{t}/edges	POST	Create edge
/api/v1/tenants/{t}/edges/{id}	DELETE	Delete edge

Findings

Endpoint	Method	Description
/api/v1/tenants/{t}/findings	GET	List findings
/api/v1/tenants/{t}/findings/{id}	GET	Get finding
/api/v1/tenants/{t}/findings/{id}/accept	POST	Accept risk
/api/v1/tenants/{t}/findings/{id}/resolve	POST	Mark resolved

Discovery Jobs

Endpoint	Method	Description
/api/v1/tenants/{t}/jobs	GET	List jobs
/api/v1/tenants/{t}/jobs	POST	Create job
/api/v1/tenants/{t}/jobs/{id}	GET	Get job
/api/v1/tenants/{t}/jobs/{id}/start	POST	Start job
/api/v1/tenants/{t}/jobs/{id}/cancel	POST	Cancel job

Compliance

Endpoint	Method	Description
/api/v1/tenants/{t}/compliance/summary	GET	Compliance overview
/api/v1/tenants/{t}/compliance/frameworks	GET	Framework scores
/api/v1/tenants/{t}/compliance/controls	GET	Control status

Reports

Endpoint	Method	Description
/api/v1/tenants/{t}/reports	GET	List reports
/api/v1/tenants/{t}/reports/generate	POST	Generate report
/api/v1/tenants/{t}/reports/{id}/download	GET	Download report

Path Tracer

Endpoint	Method	Description
/api/v1/tenants/{t}/pathtracer/trace	POST	Trace network path

SDKs & Libraries

Official SDKs

• Python: pip install infracast (PyPI)
• Go: go get github.com/azgardtek/infracast-go
• JavaScript/TypeScript: npm install @infracast/sdk

Example: Python SDK

from infracast import InfracastClient

client = InfracastClient(
    api_url="https://api.infracast.io",
    api_token="your-token"
)

# List nodes
nodes = client.nodes.list(
    tenant="my-tenant",
    types=["aws.ec2.instance"],
    region="us-east-1"
)

# Get compliance summary
summary = client.compliance.summary(tenant="my-tenant")
print(f"Overall score: {summary.score}%")

# Trace path
result = client.pathtracer.trace(
    tenant="my-tenant",
    source_node_id="aws:us-east-1:aws.ec2.instance:web-01",
    destination_cidr="0.0.0.0/0",
    port=443,
    protocol="tcp"
)
print(f"Reachable: {result.reachable}")

OpenAPI Specification

The full OpenAPI 3.0 spec is available at:

https://api.infracast.io/api/v1/openapi.yaml

Import into Postman, Insomnia, or your favorite API tool.

Webhooks

Configure webhooks to receive real-time notifications:

POST /api/v1/tenants/{tenant}/webhooks
{
  "url": "https://your-app.com/infracast-webhook",
  "events": ["finding.created", "job.completed"],
  "secret": "your-webhook-secret"
}

See Webhooks for event types and payload formats.