API Reference

Complete documentation for all Wildbox microservices and their endpoints.

Identity Service

Authentication, users, tokens

Guardian Service

Integrations, queue management

Agents Service

AI analysis, threat intelligence

Data Service

Data aggregation, analysis

Tools Service

Security tool execution

Responder Service

Incident response, playbooks

Identity & Authentication Service

Manage user authentication, create and validate JWT tokens, handle user accounts and permissions.

Base URL: http://localhost:8000/api/v1

View Full Documentation Swagger UI OpenAPI Schema

POST /auth/login

User login with email and password. Returns JWT token for authenticated requests.

View Request/Response

Request Body

                                        {
  "email": "user@example.com",
  "password": "password123"
}
                                    

200 OK

                                        {
  "data": {
    "token": "eyJhbGciOiJIUzI1NiIs...",
    "user_id": "usr-123",
    "expires_in": 3600
  },
  "status": "success"
}
                                    

POST /auth/refresh

Refresh an existing JWT token to extend the session duration.

POST /auth/logout

Logout user and revoke the current JWT token.

GET /users

List all users with pagination and filtering support.

POST /users

Create a new user account with specified permissions.

GET /users/{id}

Retrieve detailed information about a specific user.

PUT /users/{id}

Update user profile, permissions, and settings.

DELETE /users/{id}

Delete a user account and revoke all associated tokens.

Guardian Service API

Asset management, vulnerability tracking, scanner orchestration, and remediation workflows

Assets Management

List Assets

GET /api/v1/assets/

GET

List all security assets with filtering and pagination support.

View Details

Query Parameters:

limit: Number of results (default: 20)
offset: Pagination offset (default: 0)
status: Filter by status (active, inactive, vulnerable)
severity: Highest vulnerability (critical, high, medium, low)

Example:

curl "http://localhost:8001/api/v1/assets/?status=active&severity=critical" \
  -H "X-API-Key: your-api-key"

Create Asset

POST /api/v1/assets/

POST

Create a new security asset in the system.

View Details

Request Body Fields:

name: Asset name (required)
asset_type: Type like server, database (required)
ip_address: IPv4 or IPv6 address
hostname: FQDN or hostname
tags: Array of tags for organization

Example:

curl -X POST "http://localhost:8001/api/v1/assets/" \
  -H "X-API-Key: your-api-key" \
  -H "Content-Type: application/json" \
  -d '{"name":"Web Server","asset_type":"server","ip_address":"192.168.1.100"}'

Scan Asset

POST /api/v1/assets/{id}/scan/

POST

Initiate a security scan on an asset.

View Details

Request Parameters:

scanner_id: Scanner to use (required)
scan_profile: full, quick, vulnerability-only
schedule: immediate, daily, weekly

Example:

curl -X POST "http://localhost:8001/api/v1/assets/asset-001/scan/" \
  -H "X-API-Key: your-api-key" \
  -H "Content-Type: application/json" \
  -d '{"scanner_id":"scanner-nessus-01","scan_profile":"full"}'

Vulnerabilities Management

List Vulnerabilities

GET /api/v1/vulnerabilities/

GET

List all vulnerabilities with advanced filtering capabilities.

View Details

Query Parameters:

severity: critical, high, medium, low, info
status: open, in_progress, resolved, false_positive
asset_id: Filter by specific asset
has_exploit: Filter by known exploits

Example:

curl "http://localhost:8001/api/v1/vulnerabilities/?severity=critical&status=open" \
  -H "X-API-Key: your-api-key"

Update Vulnerability

PATCH /api/v1/vulnerabilities/{id}/

PATCH

Update vulnerability status or assignment.

View Details

Request Fields:

status: open, in_progress, resolved, false_positive
assigned_to: Team or user assignment
priority: immediate, high, medium, low
remediation_notes: Remediation details

Example:

curl -X PATCH "http://localhost:8001/api/v1/vulnerabilities/vuln-001/" \
  -H "X-API-Key: your-api-key" \
  -H "Content-Type: application/json" \
  -d '{"status":"in_progress","assigned_to":"security-team"}'

Integration Management

List Integrations

GET /api/v1/integrations/

GET

List all configured integrations with external systems.

View Details

Query Parameters:

status: active, inactive, error
integration_type: ticketing, siem, notification, vulnerability

Example:

curl "http://localhost:8001/api/v1/integrations/?status=active" \
  -H "X-API-Key: your-api-key"

Test Integration

POST /api/v1/integrations/{id}/test/

POST

Test connectivity and authentication with an integration.

View Details

Response:

{"status":"connected","platform":"JIRA","message":"Successfully connected"}

Authentication

Guardian Service supports two authentication methods:

API Key: Use X-API-Key header with your API key
Bearer Token: Use Authorization: Bearer header with JWT token

Rate Limiting

Anonymous: 100 requests/hour | API Key: 5,000 requests/hour | Bearer Token: 1,000 requests/hour

For complete Guardian Service API documentation including all endpoints, error codes, and advanced examples:

View Full Documentation →

Agents Service API

AI-powered threat analysis and intelligent enrichment using large language models

Service Information

Port: 8004 | Base URL: http://localhost:8004 | Auth: Bearer Token (JWT)

The Agents Service uses AI to analyze indicators of compromise (IOCs) and provide comprehensive threat assessments through intelligent agents.

GET /health

Health check endpoint for service monitoring

Response Example

                        {
  "status": "healthy",
  "timestamp": "2024-11-07T18:30:00Z",
  "version": "1.0.0",
  "services": {
    "redis": "healthy",
    "celery": "healthy",
    "openai": "configured"
  }
}
                    

POST /v1/analyze

Analyze indicators of compromise using AI-powered threat intelligence

Authentication Required

Bearer Token (JWT) required

For complete Agents Service API documentation:

View Full Documentation

Data Service API

Security intelligence data aggregation from 50+ threat intelligence sources

Service Information

Port: 8006 | Base URL: http://localhost:8006/api/v1 | Auth: Optional API Key

Access threat intelligence data, IOCs, and enriched security information from multiple sources.

GET /indicators/search

Search for indicators of compromise in the threat intelligence database

Query Parameters

Parameter	Type	Description
q	string	Search query (IP, domain, hash, URL)
type	string	Filter by type: ipv4, domain, md5, sha256
limit	integer	Number of results (default: 20)

For complete Data Service API documentation:

View Full Documentation

Tools Service API

Execute 54+ security tools including vulnerability scanners and network analyzers

Service Information

Port: 8013 | Base URL: http://localhost:8013/api | Auth: API Key Required

Unified interface for security analysis tools across vulnerability scanning, network analysis, and web application testing.

Security Score: 8.5/10 0 Vulnerabilities

GET /tools

List all available security tools with filtering options

Response Example

                        {
  "count": 54,
  "results": [
    {
      "id": "nessus-001",
      "name": "Nessus Scanner",
      "category": "scanner",
      "version": "10.4.2",
      "status": "active"
    }
  ]
}
                    

POST /execute

Execute security tools with specified parameters

Authentication Required

X-API-Key header required

For complete Tools Service API documentation:

View Full Documentation

Responder Service API

SOAR platform for automated incident response and playbook execution

Service Information

Port: 8018 | Base URL: http://localhost:8018/api/v1 | Auth: Bearer Token (JWT)

Orchestrate incident response workflows, execute playbooks, and manage remediation actions automatically.

GET /playbooks

List all available SOAR playbooks with filtering

Query Parameters

Parameter	Type	Description
category	string	incident_response, malware, threat_intel
enabled	boolean	Filter by enabled status

POST /playbooks/{id}/execute

Execute a playbook with specified parameters and context

Authentication Required

Bearer Token (JWT) required

For complete Responder Service API documentation:

View Full Documentation

Authentication

All API endpoints require authentication using Bearer tokens in the Authorization header:

Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

Obtain a token by logging in via the /auth/login endpoint with your credentials.

Error Handling

The API returns standard HTTP status codes. Errors include detailed JSON responses:

                    {
  "error": "Unauthorized",
  "message": "Invalid or expired token",
  "status": "error",
  "request_id": "req-12345"
}
                

See individual endpoint documentation for specific error codes and handling.

Need Help?

Check out our resources for more information:

Documentation Hub Discussions Report Issues