API Reference
REST API endpoints for CI/CD attestations, pipeline runs, artifacts, and deployments.
Authentication
API endpoints use API key authentication. Generate a key from Settings → Developer → API Keys. Include it as a Bearer token in the Authorization header.
Authorization: Bearer mw_live_abc123...Attestations
Submit test results, security scan findings, SBOMs, and custom attestations from your CI/CD pipeline.
/api/v1/attestationsCreate an attestation linked to a pull request or artifact.
{
"repositoryFullName": "acme/payments-api",
"prNumber": 42,
"type": "TEST_RESULTS",
"name": "Unit Tests",
"passed": true,
"evidence": {
"totalTests": 1234,
"passed": 1230,
"failed": 4,
"coverage": 87.5
}
}Pipeline Runs
Track CI/CD pipeline execution from external build systems.
/api/v1/pipeline-runsRegister a pipeline run with steps and timing data.
/api/v1/pipeline-runs/:idUpdate a pipeline run status and add step results.
Artifacts
Register build artifacts with SHA-256 hashes for provenance tracking.
/api/v1/artifactsRegister a build artifact with provenance metadata.
{
"repositoryFullName": "acme/payments-api",
"name": "payments-api",
"version": "2.1.0",
"sha256": "a1b2c3d4...",
"artifactType": "docker-image",
"commitSha": "abc123",
"branch": "main"
}Deployments
Track deployment events across environments for audit trail and compliance evidence.
/api/v1/deploymentsRecord a deployment event with environment, artifact, and status.
Collector Attestations
Receive signed attestations from the client-side collector. Used by defense and government customers running the collector in their network.
/api/v1/collector/attestationsIngest a batch of Ed25519-signed collector attestations (1-100).
Rate Limits
API endpoints are rate-limited to 100 requests per minute per API key. Rate limit headers are included in all responses.
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 97
X-RateLimit-Reset: 1709856000