API Reference
Overview
The EchelonGraph REST API lets you integrate cloud security intelligence into your workflows, CI/CD pipelines, and existing tools. All endpoints are documented in our OpenAPI specification, available to customers upon request.
Authentication
All API requests require a valid bearer token. Authenticate via the login endpoint to receive an access token and refresh token pair. If MFA is enabled on your account, a second verification step is required.
Rate Limits
| Plan | Reads/min | Mutations/min |
|---|---|---|
| Free | 100 | 100 |
| Pro | 10,000 | 2,000 |
| Enterprise | Unlimited | Unlimited |
Rate limit headers are included on every response so you can track usage programmatically.
Pagination
All list endpoints support pagination with page and limit parameters. Responses include total count for easy navigation.
Key Capabilities
Cloud Assets
Query your complete cloud asset inventory across all connected providers. Filter by asset type, region, and risk score. Register and manage cloud account connections.
Blast Radius & Attack Graph
Retrieve the interactive attack surface graph — nodes, links, and traversal paths. Specify depth and root asset to compute blast radius from any point in your infrastructure.
Vulnerabilities & CVEs
Access your CVE feed with severity and status filtering. View remediation recommendations with priority rankings and track remediation workflow progress.
Alerts & Detection
List and manage security alerts by severity and status. Access threat detection rules and detection-generated alerts. Create and track security incidents.
Compliance & Reports
Retrieve compliance scores per framework. Generate reports (executive, compliance, vulnerability, asset) in PDF, CSV, or JSON format with configurable date ranges.
Risk Scoring
Access risk score breakdowns by category — identity, network, data, and compute — for a unified view of your security posture.
Real-Time Events
EchelonGraph supports real-time event delivery via WebSocket connections, pushing updates as they happen:
- New security alerts
- Alert resolutions
- Scan completions
- Compliance score changes
- New incidents
Webhooks
Register webhook endpoints to receive event notifications at your own URLs. All webhook payloads are signed with HMAC-SHA256 for verification, ensuring payload integrity.
Supported events include alert creation, alert resolution, scan completion, incident creation, and compliance drift.
User Provisioning (SCIM 2.0)
Automate user lifecycle management directly from your identity provider. EchelonGraph's SCIM 2.0 integration supports user listing, creation, and group synchronization with any SCIM-compliant IdP.
Audit Trail
Query the immutable audit log to review every authentication event, permission change, data export, and configuration modification — with full filtering by action type, user, and date range.