Skip to main content

Base URL

https://api.changeguard.ai

Authentication

All API requests require authentication via one of:
  • API Key: X-API-Key: cg_your_key header (for agents and CI/CD)
  • Bearer Token: Authorization: Bearer TOKEN header (for dashboard/user sessions)

Endpoints

Agent Endpoints (API Key required)

MethodPathDescription
POST/ingestPush cluster snapshot
POST/ingest/logsPush pod logs
POST/api/validateValidate a deployment (CI/CD)
POST/api/argo/discoverRegister ArgoCD instance

Dashboard Endpoints (Bearer Token required)

MethodPathDescription
GET/api/clustersList clusters
GET/api/cluster?id=XGet cluster snapshot
GET/api/score-history?clusterId=XScore history
GET/api/export?clusterId=X&format=csvExport report
GET/api/auditAudit trail
GET/api/correlationsCross-cluster risks
GET/api/argo/instancesArgoCD instances
GET/api/argo/applicationsArgoCD applications
GET/api/keysList API keys
POST/api/keysCreate API key

Public Endpoints (No auth)

MethodPathDescription
GET/healthBackend health check
POST/api/auth/loginLogin
POST/api/auth/signupCreate account
POST/api/auth/verifyVerify token
POST/api/auth/refreshRefresh token

Response Format

All responses are JSON. Errors return: 
{
  "error": "description of the error"
}

Rate Limits

No rate limits are currently enforced for authenticated requests. The WAF rate-limits unauthenticated requests to 2000/5min per IP.