API Documentation

Authentication

How to authenticate with the TrustCyber API using API keys and OAuth 2.0.

The TrustCyber API uses API key authentication for server-to-server integrations and OAuth 2.0 for user-delegated access. All API requests must be made over HTTPS. Requests made over plain HTTP will be rejected.

API Key Authentication

Generate an API key from Settings → API Keys. Include the key in the Authorization header of every request:

bash
curl -X GET "https://api.trustcyber.com/v1/organizations/me" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json"

API Key Scopes

ScopeDescription
read:assessmentsRead assessment results and scores
read:reportsRead and download generated reports
read:findingsRead security findings and recommendations
write:findingsUpdate finding status (resolve, accept risk)
read:organizationRead organization and team information
WarningAPI keys provide programmatic access to your security data. Store them securely using environment variables or a secrets manager. Never commit API keys to source control.

Base URL

text
https://api.trustcyber.com/v1
← PreviousScheduling ReportsRisk Reports
Next →REST EndpointsAPI Documentation