API endpoints index and tips

How to find your org_id Log in to Snyk, navigate to your Organization, and then to your Settings > General. The Organization ID is on the General settings page, and you can copy it.

This index and notes section of the documentation provides, in addition to this index, solutions for specific use cases, scenarios for using Snyk APIs, and pages with detailed information about using Snyk API endpoints:

See also the following sections on specific APIs:

For additional information, see the API support articles.

This index includes the categories and names of REST GA and beta and V1 API endpoints, with the URL in the reference docs for each endpoint, and links to related information where available. REST is the default, and GA is the status unless beta is noted. V1 API is specified where applicable. This index is a work in progress; additional information is being added continually.

AccessRequests (beta)

Get access requests

Apps

More information: Snyk Apps

Get a list of apps that act on your behalf

Revoke an app

Get a list of active OAuth sessions for the app

Revoke an active user app session

Get a list of apps installed for a user

Revoke access for an app by install ID

Replaces: DEPRECATED Revoke app bot authorization

DEPRECATED Create a new app for an organization

Replaced by: Create a new Snyk App for an organization

More information: Create a Snyk App using the Snyk API

Get a list of apps created by an organization

Replaces: DEPRECATED Get a list of apps created by an organization

More information: Manage App details

DEPRECATED Update app attributes that are name, redirect URIs, and access token time to live

Replaced by: Update app creation attributes such as name, redirect URIs, and access token time to live using the App ID

DEPRECATED Get an app by client id

Replaced by: Get a Snyk App by its App ID

DEPRECATED Delete an app

Replaced by: Delete a Snyk App by its App ID

DEPRECATED Manage client secrets for an app

Replaced by: Manage client secret for non-interactive Snyk App installations

Install a Snyk App to this organization

Get a list of apps installed for an organization

Replaces: DEPRECATED Get a list of app bots authorized to an organization

More information: Slack app (Jira integration) (Find the Slack App Bot ID)

Revoke app authorization for a Snyk organization

See also: Revoke app authorization for a Snyk Group with install ID

Manage client secret for non-interactive Snyk App installations

More information: Manage App details

Create a new Snyk App for an organization

Replaces: DEPRECATED Create a new app for an organization

More information: Create a Snyk App using the Snyk API

DEPRECATED Get a list of apps created by an organization

Replaced by: Get a list of apps created by an organization

Update app creation attributes such as name, redirect URIs, and access token time to live using the App ID

Replaces: DEPRECATED Update App attributes that are name, redirect URIs, and access token time to live

More information: Manage App details

Get a Snyk APP by its App ID

Replaces: DEPRECATED Get an app by client id

Delete an app by its App ID

Replaces: DEPRECATED Delete an app

More information: Manage App details

Manage client secret for the Snyk App

More information: Manage App details

DEPRECATED Get a list of app bots authorized to an organization

Replaced by: Get a list of apps installed for an organization

More information: Slack app (for Jira integration)

DEPRECATED Revoke app bot authorization

Replaced by: Revoke app authorization for a Snyk Group with install ID

Install a Snyk App to this group

Get a list of apps installed for a group

Revoke app authorization for a Snyk Group with install ID

Manage client secret for non-interactive Snyk App installations

Replaces: DEPRECATED Manage client secrets for an app

Audit Logs

More information: Retrieve audit logs of user-initiated activity by API for an Org or Group; AWS CloudTrail Lake

Search Organization audit logs

More information: Retrieve audit logs of user-initiated activity by API for an Org or Group, AWS CloudTrail Lake

Search Group audit logs

More information: Filter through your audit logs more efficiently with the new GA REST version of the audit logs API (product update); Retrieve audit logs of user-initiated activity by API for an Org or Group

Audit logs (v1)

Group level audit logs

Use Search Group audit logs

Organization level audit logs

Use Search Organization audit logs

Cloud (beta)

List Environments

Create New Environment

Delete Environment

Update Environment

Generate Cloud Provider Permissions

List Resources

Snyk IaC (Use: View an inventory of IaC and cloud resources generated from your IaC files)

List Scans

Create Scan

Get scan

Collection

The View Project History permission is needed to use this API.

More information: Project collections groupings

Create a collection

Get collections

Edit a collection

Get a collection

Delete a collection

Add projects to a collection

Get projects from the specified collection

Remove projects from a collection

ContainerImage

List instances of container image

Get instance of container image

List instances of image target references for a container image

Custom Base Images

More information: Use Custom Base Image Recommendations

Create a Custom Base Image from an existing container project

More information: Use Custom Base Image Recommendations, section Mark the created Project as a custom base image; Versioning schema for custom base images

Get a custom base image collection

Update a custom base image

Get a custom base image

Delete a custom base image

Dependencies (v1)

List all dependencies

Entitlements (v1)

List all entitlements

Get an organization's entitlement value

Groups (beta)

Get all groups

Get a group

More information: Organization and Group identification for Projects using the API

Get all SSO connections for a group

Get all users using a given SSO connection

Delete a user from a Group SSO connection

More information: Remove members from Groups and Orgs using the API; Retrieve audit logs of user-initiated activity by API for an Org or Group

Groups (v1)

List all tags in a group

More information: Project tags

Delete tag from group

More information: Project tags

Update group settings

View group settings

List all roles in a group

More information: Update member roles using the API; Manage service accounts using the Snyk API

List all organizations in a group

More information: Org and group identification for Projects; Legacy custom mapping; api-import Creating import targets data for import; Scenario: Retrieve a Project snapshot for every Project in a given Group; Scenario: Find all Projects affected by a vulnerability

Add a member to an organization within a group

List all members in a group

More information: Remove members from Groups and Orgs using the API; Scenario: Assign all users in a given list to all the Organizations a company has (all Organizations in a Group)

Groups

Get a list of org memberships of a group user

Create a group membership for a user with role

Get all memberships of the group

Update a role from a group membership

Delete a membership from a group

IacSettings

Update the Infrastructure as Code Settings for an org

More information: Use a remote IaC custom rules bundle

Get the Infrastructure as Code Settings for an org

Update the Infrastructure as Code Settings for a group

More information: Use a remote IaC custom rules bundle, IaC custom rules within a pipeline;Use a remote IaC custom rules bundle

Get the Infrastructure as Code Settings for a group

Ignores (v1)

More information: Snyk test and snyk monitor in CI/CD integration

List all ignores

Replace ignores

Add ignore

Retrieve ignore

More information: Scenario: List all issues including Snyk Code issues in all the Projects in an Organization

Delete ignores

Import Projects (v1)

Projects can be Git repositories, Docker images, containers, configuration files, and much more. For more information, see Snyk Projects; the page includes the Targets definition.

A typical import starts with using the endpoint Import targets to request a target to be processed. Then, use the endpoint Get import job details to poll the Import Job AP I for further details on completion and resulting Snyk Projects.

Import targets and Get import job details

Note that the target.owner is case-sensitive.

For information on when and how you can use Import targets, see Git integration on the Import Projects page in the Enterprise implementation guide.

If a call to the Import targets endpoint fails, use Get import job details to help determine why. There are two types of failures:

The repository was rejected for processing, that is, HTTP status code 201 was not returned. This happens if there is an issue Snyk can see quickly for example:
- The repository does not exist.
- The repository is unreachable by Snyk because the token is invalid or does not have sufficient permissions; there is no default branch.
The repository was accepted for processing, that is, the user got back HTTP status code 201 and a url to poll, but no projects were detected or some failed. This may occur because:
- There are no Snyk-supported manifests in this repository.
- The repository is archived and the Snyk API calls to fetch files fail.
- The individual project or manifest had issues during processing. In this case Snyk returns success: false with a message in the log.

The poll results return a message per manifest processed, either success: true or success: false.

More information: api-import Creating import targets data for import; api-import Kicking off an import

More information Import targets: Configure integrations (Enterprise implementation guide, Phase 2); Import Projects (Enterprise implementation guide, Phase 3); Tool: snyk-api-import api-import Creating import targets data for import api-import Kicking off an import Scenario:: Identify and import new repositories only Scenario: Detect and import new Projects in a repository into a target Scenario: Detect new Projects (files) in repositories and import them into a Target in Snyk on a regular basis Import fresh container images Manage code vulnerabilities (Use: Automate importing multiple repositories)

More information Get import job details: Scenario: Import fresh container images; Tool: snyk-api-import api-import Creating import targets data for import api-import Kicking off an import

Integrations (v1)

Add new integration

More information: Scenario: Rotate or change your Broker token for any reason

List

More information: Scenario: For a specific event or time, disable all interactions (pull requests, tests) from Snyk to the code base (source control management); api-import Creating import targets data for import;

Get existing integration by type

Update existing integration

More information: Obtain the required tokens for setup; Scenario: For a specific event or time, disable all interactions (pull requests, tests) from Snyk to the code base (source control management; Examples for the Update existing integration endpoint

Update

Retrieve

Clone an integration (with settings and credentials)

More information: Prepare Snyk Broker for deployment; Obtain the required tokens for setup; Scenario: Create multiple new Organizations that all have the same settings in a given Group

Delete credentials

Switch between broker tokens

Provision new broker token

More information: Obtain the required tokens for setup

Invites

Invite a user to an organization

List pending user invitation to an organization

Cancel a pending user invitations to an organization

Issues

List issues for a package

More information: Dart and Flutter; Rust: Guidance for Snyk for C++ page, Alternate testing options section; Guidance for Java and Kotlin; Guidance for JavaScript and Node.js; List issues for a package page

List issues for a given set of packages (not available to all customers)

Get issues by org ID

As of April, 2025, you can retrieve Snyk Code issues using this endpoint. It has the primary file path and primary region in the source_location data in representations in coordinates for an issue.

More information: Scenario: Bulk ignore issues; List all issues including Snyk Code issues in all the Projects in an Organization

Get an issue (for an Organization)

Get issues by group ID

Note: Remedies are not included in the response.

Additional information: Reachability

Get an issue (for a Group)

Jira (v1)

List all jira issues

More information: Jira integration; Snyk test and snyk monitor in CI/CD integration

Create jira issue

More information: Jira integration; Snyk test and snyk monitor in CI/CD integration

Licenses (v1)

List all licenses

Monitor (v1)

Monitor Dep Graph

More information: Dep Graph API (Bazel)

Organizations (v1)

More information: Webhook events and payloads

List all the organizations a user belongs to

More information: Organization and Group identification for Projects using the API; Scenario: Rotate or change your Broker token for any reason

Create a new organization

More information: Set visibility and configure an Organization template (Enterprise implementation guide Phase 2, Configure accounts); api-import: Creating organizations in Snyk; Scenario: Create multiple new Organizations that all have the same settings in a given Group

Remove organization

Update organization settings

The only editable attribute of Update organization settings is requestAccess.

More information: Scenario: Create multiple new Organizations that all have the same settings in a given Group

Get organization notification settings

List members

More information: Update member roles using the API; Remove members from Groups and Orgs using the API

Update a member in the organization

More information: User role management

Remove a member from the organization

More information: Remove members from Groups and Orgs using the API; User role management

Update a member's role in the organization

More information: User role management; Update member roles using the API

Invite users

More information: Update member roles using the API; Scenario: Assign all users in a given list to all the Organizations a company has (all Organizations in a Group)

Orgs (GA and beta)

List accessible organizations

More information: Prerequisites for Snyk Apps; Organization and Group identification for Projects using the API

Update organization

Create a org membership for a user with role

Get all memberships of the org

Update a org membership for user with role

List all organizations in a group

Get an ORG (beta)

More information: Org and group identification for Projects

Projects (v1)

More information: Project type responses from API; Webhook events and payloads

Update a project

Retrieve a single project

More information: Project type responses from the API

Delete a project

More information: Project type responses from the API; Scenario: Import fresh container images

Add a tag to a project

More information: Project tags; Set up Insights: Associating Snyk Open Source, Code, and Container Projects; Scenario: Rotate or change your Broker token for any reason

Remove a tag from a project

More information: Project tags

Update project settings

List project settings

Delete project settings

Move project to a different organization

More informatiion: Scenario: Move projects from one organization to another

List all project issue paths

More information: Project issue paths API endpoints

Get Project dependency graph

Deactivate (a project)

Applying (project) attributes

By using the API endpoint Applying attributes, you can set attributes for Snyk Projects including business criticality, lifecycle stage, and environment once the project has been created . To do so:

Import the project using the API endpoint Import targets.
Get the status API ID from Import targets.
Poll using the endpoint Import job details until all imports have completed.
Parse the project IDs from the projectURL field.
Use the endpoint Applying attributes to set the project attributes.

More information: Project attributes

List all Aggregated (Project) issues

The Snyk V1 API endpoint List all aggregated issues returns an array of ignoreReasons for each vulnerability. This happens because ignores implemented using the CLI and API are path-based and thus potentially could have different ignoreReasons for different paths. Because List all aggregated issues returns only one issue for all paths, the entire set of reasons is returned. Snyk groups issues together by their identifier, so one response for the List all aggregated issues endpoint could correspond to the same issue across multiple paths. Thus the ignoredReason is across all issues that are aggregated and applies to that single grouped issue.

More information: Scenario: List all issues including Snyk Code issues in all the Projects in an Organization

Activate (a project)

Projects

List all Projects for an Org with the given Org ID

The query-string parameter for types is optional. The endpoint does not enforce specific project types and will return no matching projects if you enter a string that does not match a requested project type. See Project type responses from the API for a list of project types.

More information: Slack app (for Jira integration) (Use: Find your Project ID); Snyk Projects; Project information; Project attributes; Scenario: Find all Projects affected by a vulnerability; Scenario: List all issues including Snyk Code issues in all the Projects in an Organization; Scenario: Bulk ignore issues; Scenario: Tag all Projects in Snyk; Scenario: Import fresh container images; Scenario: Detect and import new Projects in a repository into a target

Updates project by project ID

More information: View and edit Project settings; Start scanning (Use: Set test frequency)

Get project by project ID

Delete project by project ID

Pull request templates

Create or update pull request template for group

More information: Create and manage a custom PR template using the API

Get pull request template for group

Delete pull request template for group

Reporting API (v1)

The V1 Reporting endpoints support only Snyk legacy reporting, not the latest release. Thus, these endpoints are not available in single-tenant implementations or in the multi-tenant regions US-02, EU, and AU. In those regions, use the Issues REST API.

The V1 Reporting API underlies Snyk legacy reporting. Using the V1 Reporting API, you can find answers to questions like how many issues your Organization has, or how many tests have been conducted in a given time period.

The rate limit is up to 70 requests per minute, per user. For all requests above the limit, the response will have the status code 429: Too many requests, until requests stop for the duration of the rate-limiting interval (one minute). For more information see Rate limiting for V1 API.

More information: Legacy reports; Dependencies and licenses

Get list of issues

See notes for Get list of latest issues.

Get list of latest issues

To list all Projects that have a vulnerability linked to a CVE, use the capability to filter on strings with the reporting endpoints Get list of latest issues and Get List of issues. Filter by the identifier attribute.

To get a list of issues that have been fixed, use the endpoint Get list of latest issues and filter by “isFixed”: true in the request body. This endpoint also provides a list of all IaC issues.

More information: Priority score; View Snyk IaC issue reports; Scenario: Retrieve a Project snapshot for every Project in a given Group; Scenario: Bulk ignore issuesMore information: Find all Projects affected by a vulnerability