API Overview

Basirah REST API overview, authentication, and conventions.

2 min read · For: Developers Security Engineers · Updated Mar 22, 2026 · Edit

The Basirah REST API provides programmatic access to findings, work items, assets, evidence, integrations, and compliance data. All endpoints are under the /api/v1/ prefix.

Conventions

Content type — All requests and responses use application/json.
Authentication — Bearer token in the Authorization header. See Authentication.
Pagination — List endpoints support offset and limit query parameters.
Filtering — List endpoints accept query parameters for field-level filtering and sorting.
Errors — Error responses include a problem detail body with a request ID for tracing.

OpenAPI specification

Your Basirah instance serves a machine-readable OpenAPI spec at /api/v1/openapi.json with exact schemas, required fields, and example responses.

Authentication

API key and token authentication.

Findings

List, search, and manage findings.

Work Items

Create, dispatch, and manage work items.

Assets

Query the asset inventory.

Evidence

Generate and retrieve evidence packages.

Webhooks

Inbound webhook endpoints.

Integrations

Manage integration connections.