API endpoints index and notes
This index and notes section of the documentation provides, in addition to this index, solutions for specific use cases, scenarios for using Snyk APIs, and pages with detailed information about using Snyk API endpoints:
See also the following sections on specific APIs:
For more information about using the Snyk API, see the API support articles.
This index includes the categories and names of REST GA and beta and V1 API endpoints, with the URL in the reference docs for each endpoint, and links to related information where available. REST is the default, and GA is the status unless beta is noted. V1 API is specified where applicable. This index is a work in progress; additional information is being added continually.
AccessRequests (beta)
Apps
More information: Snyk Apps
Replaces: DEPRECATED Revoke app bot authorization
DEPRECATED Create a new app for an organization
Replaced by: Create a new Snyk App for an organization
More information: Create a Snyk App using the Snyk API
Replaces: DEPRECATED Get a list of apps created by an organization
Replaced by: Update app creation attributes such as name, redirect URIs, and access token time to live using the App ID
DEPRECATED Get an app by client id
Replaced by: Get a Snyk App by its App ID
DEPRECATED Delete an app
Replaced by: Delete an app by its App ID
DEPRECATED Manage client secrets for an app
Replaced by: Manage client secret for non-interactive Snyk App installations
Replaces: DEPRECATED Get a list of app bots authorized to an organization
See also: Revoke app authorization for a Snyk Group with install ID
Replaces: DEPRECATED Create a new app for an organization
Replaced by: Get a list of apps created by an organization
More information: Manage App details
Replaces: DEPRECATED Update App attributes that are name, redirect URIs, and access token time to live
More information: Manage App details
Replaces: DEPRECATED Get an app by client id
Replaces: DEPRECATED Delete an app
More information: Manage App details
More information: Manage App details
Replaced by: Get a list of apps installed for an organization
DEPRECATED Revoke app bot authorization
Replaced by: Revoke app authorization for a Snyk Group with install ID
See also: Revoke access for an app by install
Replaces: DEPRECATED Manage client secrets for an app
Audit Logs
More information: Retrieve audit logs of user-initiated activity by API for an Org or Group
More information: Retrieve audit logs of user-initiated activity by API for an Org or Group
More information: Filter through your audit logs more efficiently with the new GA REST version of the audit logs API, and api.access is now opt-in
Retrieve audit logs of user-initiated activity by API for an Org or Group
Audit logs (v1)
Group level audit logs
Organization level audit logs
Use Search Organization audit logs
Cloud (beta)
Collection
ContainerImage
Custom Base Images
More information: Use Custom Base Image Recommendations
More information: Use Custom Base Image Recommendations: Mark the created Project as a custom base image
Dependencies (v1)
Entitlements (v1)
Groups (beta)
More information: Org and group identification for Projects
More information: Remove members from Groups and Orgs using the API and Retrieve audit logs of user-initiated activity by API for an Org or Group.
Groups (v1)
More information : Update member roles using the V1 API, Manage service accounts using the Snyk API
More information: Org and group identification for Projects, Legacy custom mapping
More information: Remove members from Groups and Orgs using the API.
IacSettings
More information: Use a remote IaC custom rules bundle, Use a remote IaC custom rules bundle
More information: Use a remote IaC custom rules bundle, IaC custom rules within a pipeline, Use a remote IaC custom rules bundle
Import Projects (v1)
For information on when and how you can use this endpoint, see this page on importing targets.
If this fails, use Get import job details to help determine why. There are two types of failures:
The repository was rejected for processing, that is, HTTP status code 201 was not returned. This happens if there is an issue Snyk can see quickly for example:
The repository does not exist.
The repository is unreachable by Snyk because the token is invalid or does not have sufficient permissions; there is no default branch.
The repository was accepted for processing, that is, the user got back HTTP status code 201 and a url to poll, but no projects were detected or some failed. This may occur because:
There are no Snyk-supported manifests in this repository.
The repository is archived and the Snyk API calls to fetch files fail.
The individual project or manifest had issues during processing. In this case Snyk returns success: false with a message in the log.
The poll results return a message per manifest processed, either success: true
or success: false.
Integrations (v1)
Invites
See also Invite users.
Issues
More information: Dart and Flutter, Rust, Guidance for Snyk for C++ page, Alternate testing options section, Guidance for Java and Kotlin, Guidance for JavaScript and Node.js, Unmanaged JavaScript section, List issues for a package page
List issues for a given set of packages (Currently not available to all customers)
Get an issue (Org)
Note: Remedies are not included in the response.
More information: Reachability
Get an issue (Group)
Licenses (v1)
Monitor (v1)
More information: Dep Graph API
Organizations (v1)
More information: Org and group identification for Projects
More information: Provision users to Organizations using the V1 API.
More information: Update member roles using the V1 API and Remove members from Groups and Orgs using the API.
More information: Remove members from Groups and Orgs using the API.
More information: Update member roles using the V1 API.
Orgs (GA and beta)
Get an ORG (beta)
More information: Org and group identification for Projects
Projects (v1)
More information: Project type responses from API
More information: V1 API Project issue paths endpoints
Deactivate (a project)
By using the Snyk API v1 endpoint Applying attributes you can set attributes for Snyk Projects including business criticality, lifecycle stage, and environment once the project has been created . To do so:
Import the project using the Snyk API v1 endpoint Import targets.
Get the status API ID from Import targets.
Poll using Import job details until all imports have completed.
Parse the project IDs from the projectURL field.
Use the Applying attributes endpoint to set the project attributes.
The Snyk V1 API endpoint List all aggregated issues returns an array of ignoreReasons
for each vulnerability. This happens because ignores implemented using the CLI and API are path-based and thus potentially could have different ignoreReasons
for different paths. Because List all aggregated issues returns only one issue for all paths, the entire set of reasons is returned. Snyk groups issues together by their identifier, so one response for the List all aggregated issues endpoint could correspond to the same issue across multiple paths. Thus the ignoredReason
is across all issues that are aggregated and applies to that single grouped issue.
Activate (a project)
Projects
The query-string parameter types is optional. The endpoint does not enforce specific project types and will return no matching projects if you enter a string that does not match a project type.
Pull request templates
More information: Create and manage a custom PR template using the API.
Reporting API (v1)
To list all projects that have a vulnerability linked to a CVE use the capability to filter on strings with the Get list of latest issues and Get List of issues reporting endpoints. Filter by the identifier attribute.
To get a list of issues that have been fixed: Use Get list of latest issues and filter by “isFixed”: true
in the request body. This endpoint also provides a list of all IaC issues.
Migrated Get list of latest issues
To list all projects that have a vulnerability linked to a CVE use the capability to filter on strings with the Get list of latest issues and Get List of issues (reporting) endpoints. Filter by the identifier attribute.
SBOM (GA and beta)
More information: Rust, SBOM test endpoints
Create an SBOM test run (beta)
Gets an SBOM test run status (beta)
Gets an SBOM test run result (beta)
SastSettings
ServiceAccounts
More information: Manage service accounts using the Snyk API; Choose a service account type to use with Snyk APIs
More information: Service accounts using OAuth 2.0, Manage service accounts using the Snyk API
More information: Manage service accounts using the Snyk API
More information: Manage service accounts using the Snyk API
More information: Manage service accounts using the Snyk API
More information: Manage service accounts using the Snyk API
More information: Manage service accounts using the Snyk API
More information: Service accounts using OAuth 2.0, Manage service accounts using the Snyk API
More information: Manage service accounts using the Snyk API
More information: Manage service accounts using the Snyk API
More information: Manage service accounts using the Snyk API
More information: Manage service accounts using the Snyk API
SlackSettings
Slack
Targets
More information: Target definition on the Projects page
Test (v1)
More information: Guidance for Java and Kotlin
More information: Guidance for JavaScript and Node.js, Unmanaged JavaScript section
More information: Guidance for Java and Kotlin
More information: Dep Graph API, Guidance for JavaScript and Node.js, Unmanaged JavaScript section
Users (v1)
Users
Note: Use this endpoint to remove users from a group.
More information: Remove members from Groups and Orgs using the API.
Get user by ID (beta)
Webhooks (v1)
Last updated