API Reference¶
The sentrik REST API exposes the scanning pipeline over HTTP, enabling remote scanning, gating, and report generation.
Starting the server¶
sentra serve # Default: 0.0.0.0:8000
sentra serve --port 9000 # Custom port
sentra serve --host 127.0.0.1 # Localhost only
sentra serve --reload # Dev mode with auto-reload
Auto-generated interactive docs are available at:
- Swagger UI:
http://localhost:8000/docs - ReDoc:
http://localhost:8000/redoc - API Landing:
http://localhost:8000/api
Core endpoints¶
GET /health¶
Health check. Always accessible (no auth required).
POST /scan¶
Scan code and return findings.
Request body:
| Field | Type | Required | Description |
|---|---|---|---|
repo_path |
string | No | Path to repository (default: .) |
files |
object | No | Map of file path to content for inline scanning |
changed_files |
string[] | No | Limit scan to these files |
config_overrides |
object | No | Override .guard.yaml settings |
Response: { findings: [...], total: N, by_severity: {...} }
POST /gate¶
Scan code and return pass/fail gate result.
Request body: Same as /scan.
Response: { passed: bool, total_findings: N, critical: N, high: N, ... }
POST /report¶
Generate a report. Query param format: html, junit, sarif.
Response: { format: "html", content: "..." }
GET /rules¶
List all configured rules.
Response: { rules: [...], total: N }
Configuration endpoints¶
| Endpoint | Method | Description |
|---|---|---|
/api/config |
GET | Get current configuration |
/api/config |
POST | Update configuration |
/api/config/validate |
GET | Validate configuration |
/api/metrics |
GET | Get scan metrics |
/api/trends |
GET | Get scan trend data |
Governance endpoints¶
| Endpoint | Method | Description |
|---|---|---|
/api/governance |
GET | Get governance settings |
/api/governance |
POST | Update governance settings |
/api/audit |
GET | Get audit log entries |
/api/license |
GET | Get license information |
Standards pack endpoints¶
| Endpoint | Method | Description |
|---|---|---|
/api/packs |
GET | List all packs |
/api/packs |
POST | Create a custom pack |
/api/packs/{id} |
DELETE | Delete a custom pack |
/api/packs/{id}/export |
GET | Export pack as YAML |
/api/packs/import |
POST | Import a pack from YAML |
/api/packs/{id}/overrides |
POST | Set pack rule overrides |
DevOps endpoints¶
| Endpoint | Method | Description |
|---|---|---|
/api/work-items |
GET | List work items |
/api/reconcile |
POST | Reconcile findings with work items |
/api/devops/test-connection |
POST | Test DevOps provider connectivity |
/api/devops/status |
GET | Get DevOps connection status |
Requirements endpoints¶
| Endpoint | Method | Description |
|---|---|---|
/api/generate-reqs |
POST | Auto-generate requirements from code |
/api/check-coverage |
GET | Check requirement coverage |
Findings endpoints¶
| Endpoint | Method | Description |
|---|---|---|
/api/findings |
GET | Get scan findings |
/api/suppressions |
GET | Get active suppressions |
SSE endpoint¶
| Endpoint | Method | Description |
|---|---|---|
/api/run-scan-stream |
POST | Scan with real-time progress via SSE |
Approval endpoints (Enterprise)¶
| Endpoint | Method | Description |
|---|---|---|
/api/approvals |
GET | List approval requests |
/api/approvals/{id} |
GET | Get approval request details |
/api/approvals/{id} |
PATCH | Approve or reject a request |
/api/approvals/{id}/status |
GET | Get approval status |
Error handling¶
| Status | Meaning |
|---|---|
| 200 | Success |
| 400 | Bad request |
| 401 | Invalid or missing API key |
| 403 | Insufficient permissions |
| 422 | Validation error |
| 500 | Internal server error |
Error response format: