API endpoints index and tips
This index and notes section of the documentation provides, in addition to this index, [solutions for specific use cases](solutions-for-specific-use-cases.md), [scenarios for using Snyk APIs](scenarios-for-using-the-snyk-api.md), and pages with detailed information about using Snyk API endpoints:
See also the following sections on specific APIs:
For additional information, see the API support articles.
This index includes the categories and names of REST GA and beta and V1 API endpoints, with the URL in the reference docs for each endpoint, and links to related information where available. REST is the default, and GA is the status unless beta is noted. V1 API is specified where applicable. This index is a work in progress; additional information is being added continually.
AccessRequests (beta)
Apps
More information: Snyk Apps
Replaces: DEPRECATED Revoke app bot authorization
DEPRECATED Create a new app for an organization
Replaced by: Create a new Snyk App for an organization
More information: Create a Snyk App using the Snyk API
Replaces: DEPRECATED Get a list of apps created by an organization
More information: Manage App details
Replaced by: Update app creation attributes such as name, redirect URIs, and access token time to live using the App ID
DEPRECATED Get an app by client id
Replaced by: Get a Snyk App by its App ID
DEPRECATED Delete an app
Replaced by: Delete a Snyk App by its App ID
DEPRECATED Manage client secrets for an app
Replaced by: Manage client secret for non-interactive Snyk App installations
Replaces: DEPRECATED Get a list of app bots authorized to an organization
More information: Slack app (Jira integration) (Find the Slack App Bot ID)
See also: Revoke app authorization for a Snyk Group with install ID
More information: Manage App details
Replaces: DEPRECATED Create a new app for an organization
More information: Create a Snyk App using the Snyk API
Replaced by: Get a list of apps created by an organization
Replaces: DEPRECATED Update App attributes that are name, redirect URIs, and access token time to live
More information: Manage App details
Replaces: DEPRECATED Get an app by client id
Replaces: DEPRECATED Delete an app
More information: Manage App details
More information: Manage App details
Replaced by: Get a list of apps installed for an organization
More information: Slack app (for Jira integration)
DEPRECATED Revoke app bot authorization
Replaced by: Revoke app authorization for a Snyk Group with install ID
See also: Revoke access for an app by install
Replaces: DEPRECATED Manage client secrets for an app
Audit Logs
More information: Retrieve audit logs of user-initiated activity by API for an Org or Group; AWS CloudTrail Lake
More information: Retrieve audit logs of user-initiated activity by API for an Org or Group, AWS CloudTrail Lake
More information: Filter through your audit logs more efficiently with the new GA REST version of the audit logs API (product update); Retrieve audit logs of user-initiated activity by API for an Org or Group
Audit logs (v1)
Group level audit logs
Organization level audit logs
Use Search Organization audit logs
Cloud (beta)
Snyk IaC (Use: View an inventory of IaC and cloud resources generated from your IaC files)
Collection
The View Project History permission is needed to use this API.
More information: Project collections groupings
ContainerImage
Custom Base Images
More information: Use Custom Base Image Recommendations
More information: Use Custom Base Image Recommendations, section Mark the created Project as a custom base image; Versioning schema for custom base images
Dependencies (v1)
Entitlements (v1)
Groups (beta)
More information: Organization and Group identification for Projects using the API
More information: Remove members from Groups and Orgs using the API; Retrieve audit logs of user-initiated activity by API for an Org or Group
Groups (v1)
More information: Project tags
More information: Project tags
More information: Update member roles using the API; Manage service accounts using the Snyk API
More information: Org and group identification for Projects; Legacy custom mapping; api-import Creating import targets data for import; Scenario: Retrieve a Project snapshot for every Project in a given Group; Scenario: Find all Projects affected by a vulnerability
More information: Remove members from Groups and Orgs using the API; Scenario: Assign all users in a given list to all the Organizations a company has (all Organizations in a Group)
Groups
IacSettings
More information: Use a remote IaC custom rules bundle
More information: Use a remote IaC custom rules bundle, IaC custom rules within a pipeline;Use a remote IaC custom rules bundle
Ignores (v1)
More information: Snyk test and snyk monitor in CI/CD integration
More information: Scenario: List all issues including Snyk Code issues in all the Projects in an Organization
Import Projects (v1)
Projects can be Git repositories, Docker images, containers, configuration files, and much more. For more information, see Snyk Projects; the page includes the Targets definition.
A typical import starts with using the endpoint Import targets to request a target to be processed. Then, use the endpoint Get import job details to poll the Import Job AP I for further details on completion and resulting Snyk Projects.
Note that the target.owner
is case-sensitive.
For information on when and how you can use Import targets, see Git integration on the Import Projects page in the Enterprise implementation guide.
If a call to the Import targets endpoint fails, use Get import job details to help determine why. There are two types of failures:
The repository was rejected for processing, that is, HTTP status code 201 was not returned. This happens if there is an issue Snyk can see quickly for example:
The repository does not exist.
The repository is unreachable by Snyk because the token is invalid or does not have sufficient permissions; there is no default branch.
The repository was accepted for processing, that is, the user got back HTTP status code 201 and a url to poll, but no projects were detected or some failed. This may occur because:
There are no Snyk-supported manifests in this repository.
The repository is archived and the Snyk API calls to fetch files fail.
The individual project or manifest had issues during processing. In this case Snyk returns success: false with a message in the log.
The poll results return a message per manifest processed, either success: true
or success: false.
More information: api-import Creating import targets data for import; api-import Kicking off an import
More information Import targets: Configure integrations (Enterprise implementation guide, Phase 2); Import Projects (Enterprise implementation guide, Phase 3); Tool: snyk-api-import api-import Creating import targets data for import api-import Kicking off an import Scenario:: Identify and import new repositories only Scenario: Detect and import new Projects in a repository into a target Scenario: Detect new Projects (files) in repositories and import them into a Target in Snyk on a regular basis Import fresh container images Manage code vulnerabilities (Use: Automate importing multiple repositories) Snyk Broker Code Agent
More information Get import job details: Scenario: Import fresh container images; Tool: snyk-api-import api-import Creating import targets data for import api-import Kicking off an import
Integrations (v1)
More information: Initial configuration of the Universal Broker
More information: Scenario: Rotate or change your Broker token for any reason
More information: Scenario: For a specific event or time, disable all interactions (pull requests, tests) from Snyk to the code base (source control management); api-import Creating import targets data for import;
More information: Obtain the required tokens for setup (Snyk Broker Code Agent); Scenario: For a specific event or time, disable all interactions (pull requests, tests) from Snyk to the code base (source control management; Examples for the Update existing integration endpoint
More information: Prepare Snyk Broker for deployment; Obtain the required tokens for setup (Snyk Broker Code Agent); Scenario: Create multiple new Organizations that all have the same settings in a given Group
More information: Obtain the required tokens for setup (Snyk Broker Code Agent)
Invites
See also Invite users.
Issues
More information: Dart and Flutter; Rust: Guidance for Snyk for C++ page, Alternate testing options section; Guidance for Java and Kotlin; Guidance for JavaScript and Node.js, Unmanaged JavaScript section; List issues for a package page
List issues for a given set of packages (not available to all customers)
More information: Scenario: Bulk ignore issues; List all issues including Snyk Code issues in all the Projects in an Organization
Get an issue (for an Organization)
Note: Remedies are not included in the response.
Additional information: Reachability
Get an issue (for a Group)
Jira (v1)
More information: Jira integration; Snyk test and snyk monitor in CI/CD integration
More information: Jira integration; Snyk test and snyk monitor in CI/CD integration
Licenses (v1)
Monitor (v1)
More information: Dep Graph API (Bazel)
Organizations (v1)
More information: Webhook events and payloads
More information: Organization and Group identification for Projects using the API; Scenario: Rotate or change your Broker token for any reason
More information: Set visibility and configure an Organization template (Enterprise implementation guide Phase 2, Configure accounts); api-import: Creating organizations in Snyk; Scenario: Create multiple new Organizations that all have the same settings in a given Group
The only editable attribute of Update organization settings is requestAccess
.
More information: Scenario: Create multiple new Organizations that all have the same settings in a given Group
More information: Scenario: Create multiple new Organizations that all have the same settings in a given Group
More information: Provision users to Organizations using the AP: Scenario: Add users to organizations at scale ahead of the first login
More information: Provision users to Organizations using the API
More information: Provision users to Organizations using the API
More information: api-import Creating import targets data for import; Tool: snyk-api-import;
More information: Update member roles using the API; Remove members from Groups and Orgs using the API
More information: User role management
More information: Remove members from Groups and Orgs using the API; User role management
More information: User role management; Update member roles using the API
More information: Update member roles using the API; Scenario: Assign all users in a given list to all the Organizations a company has (all Organizations in a Group)
Orgs (GA and beta)
More information: Prerequisites for Snyk Apps; Organization and Group identification for Projects using the API
Get an ORG (beta)
More information: Org and group identification for Projects
Projects (v1)
More information: Project type responses from API; Webhook events and payloads
More information: Project type responses from the API
More information: Annotated import (Kubernetes integration section); Project type responses from the API; Scenario: Import fresh container images
More information: Project tags; Set up Insights: Associating Snyk Open Source, Code, and Container Projects; Scenario: Rotate or change your Broker token for any reason
More information: Project tags
More informatiion: Scenario: Move projects from one organization to another
More information: Project issue paths API endpoints
Deactivate (a project)
By using the API endpoint Applying attributes, you can set attributes for Snyk Projects including business criticality, lifecycle stage, and environment once the project has been created . To do so:
Import the project using the API endpoint Import targets.
Get the status API ID from Import targets.
Poll using the endpoint Import job details until all imports have completed.
Parse the project IDs from the
projectURL
field.Use the endpoint Applying attributes to set the project attributes.
More information: Project attributes
The Snyk V1 API endpoint List all aggregated issues returns an array of ignoreReasons
for each vulnerability. This happens because ignores implemented using the CLI and API are path-based and thus potentially could have different ignoreReasons
for different paths. Because List all aggregated issues returns only one issue for all paths, the entire set of reasons is returned. Snyk groups issues together by their identifier, so one response for the List all aggregated issues endpoint could correspond to the same issue across multiple paths. Thus the ignoredReason
is across all issues that are aggregated and applies to that single grouped issue.
More information: Scenario: List all issues including Snyk Code issues in all the Projects in an Organization
Activate (a project)
Projects
The query-string parameter for types is optional. The endpoint does not enforce specific project types and will return no matching projects
if you enter a string that does not match a project type.
More information: Slack app (for Jira integration) (Use: Find your Project ID); Snyk Projects; Project information; Project attributes; Scenario: Find all Projects affected by a vulnerability; Scenario: List all issues including Snyk Code issues in all the Projects in an Organization; Scenario: Bulk ignore issues; Scenario: Tag all Projects in Snyk; Scenario: Import fresh container images; Scenario: Detect and import new Projects in a repository into a target
More information: View and edit Project settings; Start scanning (Use: Set test frequency)
Pull request templates
More information: Create and manage a custom PR template using the API
Reporting API (v1)
More information: Legacy reports; Dependencies and licenses
See notes for Get list of latest issues.
To list all Projects that have a vulnerability linked to a CVE, use the capability to filter on strings with the reporting endpoints Get list of latest issues and Get List of issues. Filter by the identifier attribute.
To get a list of issues that have been fixed, use the endpoint Get list of latest issues and filter by “isFixed”: true
in the request body. This endpoint also provides a list of all IaC issues.
More information: Priority score; View Snyk IaC issue reports; Scenario: Retrieve a Project snapshot for every Project in a given Group; Scenario: Bulk ignore issuesMore information: Find all Projects affected by a vulnerability
SBOM (GA and beta)
More information: Rust; SBOM test endpoints
More information: Get a project’s SBOM document
Create an SBOM test run (beta)
More information: Test an SBOM document for vulnerabilities
Gets an SBOM test run status (beta)
Gets an SBOM test run result (beta)
More information: Test an SBOM document for vulnerabilities
SastSettings
More information: Enable Snyk Code (Enterprise implementation guide, Phase 2)
ServiceAccounts
More information: Manage service accounts using the Snyk API; Choose a service account type to use with Snyk APIs
More information: Service accounts using OAuth 2.0; Manage service accounts using the Snyk API
More information: Manage service accounts using the Snyk API
More information: Manage service accounts using the Snyk API
More information: Manage service accounts using the Snyk API
More information: Manage service accounts using the Snyk API
More information: Manage service accounts using the Snyk API
More information: Service accounts using OAuth 2.0; Manage service accounts using the Snyk API
More information: Manage service accounts using the Snyk API
More information: Manage service accounts using the Snyk API
More information: Manage service accounts using the Snyk API
More information: Manage service accounts using the Snyk API
More information: Manage service accounts using the Snyk API
SlackSettings
More information: Slack app (for Jira integration)
More information: Slack app (JIra integration) (Use: List all Slack notification customizations for a project); api-import Creating orgnizations in Snyk;\
More information: Slack app(for Jira integration) (Use: Create a Slack notification customization for a Project)
More information: Slack app (Jira integration) (Use: Update a Slack notification customization for a Project)
More information: Slack app (for Jira integration) (Use: Delete a Slack notification customization for a Project)
Slack
Snapshots (v1)
More information: Project issue paths API endpoints
Targets
More information: Target definition on the Snyk Projects page; Scenario: Identify and import new repositories only; Scenario: Detect new Projects (files) in repositories and import them into a Target in Snyk on a regular basis
Test (v1)
More information: Guidance for Java and Kotlin; Start scanning; Scan open-source libraries and licenses
More information: Guidance for JavaScript and Node.js, Unmanaged JavaScript section
More information: Guidance for Java and Kotlin
More information: Dep Graph API (Bazel); Unmanaged JavaScript (Guidance for JavaScript and Node.js); Start scanning
Users (v1)
Users
Note: Use this endpoint to remove users from a group.
More information: Remove members from Groups and Orgs using the API
Get user by ID (beta)
Webhooks (v1)
More information: Scenario: For a specific event or time, disable all interactions (pull requests, tests) from Snyk to the code base (source control management)
More information:
More information: Scenario: For a specific event or time, disable all interactions (pull requests, tests) from Snyk to the code base (source control management
\
Last updated