Every finding, asset, scan result, and remediation ticket is accessible via REST API. Build internal dashboards, pipe data into your SIEM, or automate your entire EOL remediation workflow.
All API requests require a bearer token. Generate your API key from the dashboard under Settings → API Keys. Keys are scoped to your organization and can be rotated at any time.
Authorization: Bearer se_live_xxxxxxxxxxxxxxxxxxxx
Keep your API key secret. Do not expose it in client-side code or public repositories. If a key is compromised, rotate it immediately from the dashboard.
All API endpoints are versioned under v1. We maintain backward compatibility within a major version.
https://api.secureendpoint.io/v1
Findings represent individual EOL/EOS vulnerabilities detected across your endpoint inventory. Each finding includes severity scoring, affected asset count, CVE references, and remediation guidance.
| Endpoint | Method | Description |
|---|---|---|
| /findings | GET | List all findings, paginated |
| /findings/{id} | GET | Get a specific finding by ID |
| /findings/{id}/assets | GET | List all assets affected by a finding |
| /findings/{id}/dismiss | POST | Dismiss a finding with a reason |
GET /v1/findings?severity=critical&limit=25 curl -X GET "https://api.secureendpoint.io/v1/findings" \ -H "Authorization: Bearer se_live_xxx" \ -G --data-urlencode "severity=critical"
{
"data": [
{
"id": "fnd_8xkQ2p",
"cve": "CVE-2024-21412",
"severity": "critical",
"cvss_score": 9.8,
"affected_assets": 47,
"software": "OpenSSL 1.0.2",
"eol_date": "2020-01-01",
"status": "open",
"ticket_id": "INC0423891"
}
],
"meta": {
"total": 247,
"page": 1,
"per_page": 25
}
}
Assets represent individual endpoints in your inventory — servers, workstations, containers, or virtual machines. Each asset carries a full software manifest with EOL status for each component.
| Endpoint | Method | Description |
|---|---|---|
| /assets | GET | List all assets |
| /assets/{id} | GET | Get asset details and software manifest |
| /assets/{id}/findings | GET | Get all findings for an asset |
| /assets/{id}/scan | POST | Trigger an on-demand scan |
| /assets/{id} | DELETE | Remove an asset from inventory |
{
"id": "ast_7mNp4r",
"hostname": "db-prod-02.internal",
"ip": "10.0.14.22",
"os": "Windows Server 2012 R2",
"os_eol": true,
"os_eol_date": "2023-10-10",
"risk_score": 94,
"open_findings": 12,
"last_scanned": "2026-03-09T14:22:01Z"
}
Scans can be triggered manually or run on a schedule. Each scan job returns a scan_id you can poll for status, or configure a webhook to be notified on completion.
| Endpoint | Method | Description |
|---|---|---|
| /scans | GET | List all scan jobs |
| /scans | POST | Trigger a new scan |
| /scans/{id} | GET | Get scan status and results |
Remediation tickets are created automatically when findings are detected, or manually via API. Tickets sync bidirectionally with ServiceNow when that integration is enabled.
| Endpoint | Method | Description |
|---|---|---|
| /tickets | GET | List remediation tickets |
| /tickets | POST | Create a ticket manually |
| /tickets/{id} | GET | Get ticket details |
| /tickets/{id}/close | POST | Mark ticket resolved |
Register a webhook URL to receive real-time event notifications. All events are delivered as signed JSON payloads using HMAC-SHA256. Verify the X-SE-Signature header on every incoming request.
finding.created # New EOL finding detected finding.severity_changed # CVSS score updated finding.resolved # Finding remediated and closed scan.completed # Scan job finished ticket.created # Remediation ticket opened ticket.closed # Ticket resolved
{
"event": "finding.created",
"timestamp": "2026-03-10T09:14:22Z",
"data": {
"finding_id": "fnd_8xkQ2p",
"severity": "critical",
"cvss": 9.8
}
}
The API uses standard HTTP status codes. All errors return a JSON body with a code and message field.
| Status | Code | Meaning |
|---|---|---|
| 400 | bad_request | Invalid parameters or malformed JSON |
| 401 | unauthorized | Missing or invalid API key |
| 403 | forbidden | Key lacks permission for this resource |
| 404 | not_found | Resource does not exist |
| 429 | rate_limited | Too many requests — see rate limits |
| 500 | server_error | Something went wrong on our end |
API requests are rate-limited per API key. Limits are returned in response headers on every request. If you're consistently hitting limits, contact us to discuss higher-tier access.
| Plan | Requests / min | Requests / day |
|---|---|---|
| Standard | 60 | 10,000 |
| Enterprise | 300 | 100,000 |
| Unlimited | Unlimited | Unlimited |
X-RateLimit-Limit: 60 X-RateLimit-Remaining: 47 X-RateLimit-Reset: 1710065400