API Overview
The MITRITY REST API provides programmatic access to the full MITRITY platform. Manage agents, policies, audit logs, and integrations through a consistent, well-documented API.
Base URL
All API requests are made to:
https://api.mitrity.com/api/v1/
The API is versioned via the URL path. The current version is v1. When breaking changes are introduced, a new version will be released alongside the existing version with a documented migration path.
Authentication
All API requests require authentication via a Bearer token. Generate API keys in the MITRITY dashboard at Settings > API Keys.
curl https://api.mitrity.com/api/v1/agents \
-H "Authorization: Bearer mk_live_your-api-key-here"
API keys are scoped to a tenant and have configurable permissions:
| Key prefix | Environment |
|---|---|
mk_live_ | Production |
mk_test_ | Sandbox/testing |
Treat API keys as secrets. Do not commit them to source control or expose them in client-side code. Rotate keys regularly in Settings > API Keys.
Rate Limits
Rate limits depend on your subscription plan:
| Plan | Requests/minute | Burst |
|---|---|---|
| Starter | 60 | 10 |
| Professional | 600 | 50 |
| Enterprise | 6,000 | 200 |
Rate limit headers are included in every response:
X-RateLimit-Limit: 600
X-RateLimit-Remaining: 594
X-RateLimit-Reset: 1709312400
When the rate limit is exceeded, the API returns 429 Too Many Requests with a Retry-After header.
Response Format
All responses are JSON. Successful responses use standard HTTP status codes:
{
"data": { ... },
"meta": {
"request_id": "req_abc123",
"timestamp": "2026-03-01T12:00:00Z"
}
}
Error responses include a machine-readable error code and a human-readable message:
{
"error": {
"code": "invalid_request",
"message": "The action_pattern field is required.",
"request_id": "req_abc123"
}
}
Pagination
List endpoints return paginated results. Use cursor and limit query parameters:
GET /api/v1/agents?limit=25&cursor=eyJpZCI6MTAwfQ
The response includes a next_cursor field. When next_cursor is null, you have reached the end of the list.
Key Endpoints
Agents
| Method | Endpoint | Description |
|---|---|---|
GET | /api/v1/agents | List all agents |
POST | /api/v1/agents | Register a new agent |
GET | /api/v1/agents/{id} | Get agent details |
PATCH | /api/v1/agents/{id} | Update agent configuration |
DELETE | /api/v1/agents/{id} | Deregister an agent |
Policies
| Method | Endpoint | Description |
|---|---|---|
GET | /api/v1/policies | List all policies |
POST | /api/v1/policies | Create a new policy |
GET | /api/v1/policies/{id} | Get policy details |
PATCH | /api/v1/policies/{id} | Update a policy |
DELETE | /api/v1/policies/{id} | Delete a policy |
Audit Log
| Method | Endpoint | Description |
|---|---|---|
GET | /api/v1/audit | Query audit events (filterable by agent, action, decision, time range) |
GET | /api/v1/audit/{id} | Get full event details including drift score and behavioral context |
Threat Intelligence
| Method | Endpoint | Description |
|---|---|---|
GET | /api/v1/threat-intel | List threat intelligence entries |
GET | /api/v1/threat-intel/{id} | Get threat intelligence details |
Integrations
| Method | Endpoint | Description |
|---|---|---|
GET | /api/v1/integrations | List configured integrations |
POST | /api/v1/integrations/siem | Create a SIEM integration |
POST | /api/v1/integrations/webhook | Create a webhook integration |
DELETE | /api/v1/integrations/{id} | Remove an integration |
SDKs and Tools
Official SDKs are available for common languages:
- Python:
pip install mitrity - Go:
go get github.com/mitrity/mitrity-go - TypeScript:
npm install @mitrity/sdk
Each SDK wraps the REST API with typed methods, automatic pagination, retry logic, and token management.
Interactive API Reference
Explore the full API with request/response schemas, example payloads, and a built-in request testing panel in the interactive API reference.