Welcome to the Corgea API
The Corgea API allows you to programmatically interact with Corgea’s application security platform. Automate vulnerability scanning, retrieve security issues, manage fixes, and integrate Corgea into your development workflow.What can you do with the Corgea API?
Scan Management
Initiate security scans, upload scan results, and monitor scan progress
Issue Management
Retrieve vulnerability details, manage issue status, and track remediation
Auto-Fix Retrieval
Access AI-generated security fixes and patches for identified vulnerabilities
CI/CD Integration
Integrate security scanning into your continuous integration pipelines
API Capabilities
Authentication & Authorization
- Token Verification: Verify API tokens and retrieve user information
- Authorization Flow: Exchange authorization codes for API tokens
Scanning APIs
- Start Scan: Initiate new blast scans with chunked file uploads for large codebases
- Upload Scan Results: Submit scan reports from external security tools
- Get Scans: Retrieve scan history with filtering and pagination
- Get Scan Details: Access detailed information about specific scans
- Scan Reports: Generate HTML or SARIF reports for scans
Issue Management APIs
- Get Issues: List all security issues with filtering options
- Get Issue Details: Retrieve comprehensive information about specific vulnerabilities
- SCA Issues: Access Software Composition Analysis (SCA) vulnerabilities
- Issue Filtering: Filter by project, repository, urgency, and more
Policy Management
- Blocking Rules: Define and manage security policies
- Rule Validation: Check if scans violate blocking rules
- Policy Enforcement: Prevent deployments based on security policies
Base URL
All API requests should be made to either: Our multi-tenant environmentAuthentication
The Corgea API uses API key authentication. Include your API token in the request header:Getting Started with Authentication
- Obtain an API Token: Get your API token from your Corgea account settings
- Verify Your Token: Use the
/verifyendpoint to confirm your token is valid - Optional User Info: Include
?user_info=trueto get user and company details
Authentication Methods
Header-based Authentication (Recommended):Authorization Flow
For applications that need to authenticate users:- Redirect users to Corgea’s authorization page
- Users authorize your application and receive an authorization code
- Exchange the code for an API token using
/authorize?code=your_code
Some endpoints (like
/verify/{token} and /authorize) don’t require authentication. Check individual endpoint documentation for specific requirements.Response Format
All API responses are returned in JSON format. Successful responses include astatus field:
HTTP Status Codes
The API uses standard HTTP status codes:| Code | Description |
|---|---|
200 | Request successful |
400 | Bad request - invalid parameters or request body |
401 | Unauthorized - invalid or missing authentication |
404 | Resource not found |
429 | Rate limit exceeded |
500 | Internal server error |
Pagination
Endpoints that return lists support pagination using query parameters:page: Page number (default: 1)page_size: Number of results per page (default: 20, max: 50)
Need Help?
Authentication Guide
Learn how to authenticate your API requests
Support
Contact our support team for assistance
Quick Start
Get started with the Corgea API in three steps:- Get your API token from your Corgea account settings
- Verify your token using the
/verifyendpoint with header authentication - Make your first request to retrieve scans or issues