API Reference

Authentication

Obtain an access token by sending your API credentials. The token is valid for 1 hour and must be included in the Authorization header of each request.

POST /auth/token

Request

curl -X POST https://api.amtia.net/v1/auth/token \
  -H "Content-Type: application/json" \
  -d '{
    "api_key": "your_api_key",
    "secret": "your_secret"
  }'

Response 200 OK

{
  "token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
  "expires_in": 3600,
  "token_type": "Bearer"
}

Usage: Include the token in your requests:

Authorization: Bearer eyJhbGciOiJSUzI1NiIs...

Endpoints

Compliance

GET /frameworks List compliance frameworks

GET /frameworks/{id}/controls Get controls for a framework

POST /assessments Create a compliance assessment

GET /assessments/{id}/gaps Get gap analysis results

Risk Management

GET /risks List risk scenarios

POST /risks Create a risk scenario

PUT /risks/{id} Update a risk

GET /risks/heatmap Get risk heatmap data

Assets

GET /assets List assets

POST /assets Create an asset

GET /assets/{id}/vulnerabilities Get vulnerabilities for an asset

Incidents

GET /incidents List incidents

POST /incidents Create an incident

PUT /incidents/{id}/status Update an incident's status

Audit

GET /audits List audits

POST /audits Create an audit

GET /audits/{id}/findings Get audit findings

Documents

GET /documents List documents

POST /documents/upload Upload a document

Webhooks

POST /webhooks Create a webhook

GET /webhooks List webhooks

DELETE /webhooks/{id} Delete a webhook

Available events:

risk.created New risk created

risk.updated Risk updated

incident.created New incident created

incident.resolved Incident resolved

assessment.completed Assessment completed

audit.finding New audit finding

SDKs & Examples

Python pip install amtia-sdk

python

from amtia import Client

client = Client(
    api_key="your_api_key",
    secret="your_secret"
)

# List risks
risks = client.risks.list()
for risk in risks:
    print(f"{risk.name}: {risk.level}")

# Create an incident
incident = client.incidents.create(
    title="Intrusion attempt",
    severity="high",
    description="IDS alert detected"
)

JavaScript npm install @amtia/sdk

javascript

import { AmtiaClient } from '@amtia/sdk';

const client = new AmtiaClient({
  apiKey: 'your_api_key',
  secret: 'your_secret'
});

// List frameworks
const frameworks = await client
  .frameworks.list();

// Assess compliance
const assessment = await client
  .assessments.create({
    frameworkId: 'iso-27001',
    scope: 'full'
  });

PHP

PHP composer require amtia/sdk

php

use Amtia\Client;

$client = new Client([
    'api_key' => 'your_api_key',
    'secret'  => 'your_secret'
]);

// List assets
$assets = $client->assets()->list();

// Get vulnerabilities
$vulns = $client->assets()
    ->vulnerabilities($assetId);

foreach ($vulns as $vuln) {
    echo $vuln->severity . "\n";
}

Error Codes

Code	Status	Description
400	Bad Request	The request is malformed. Check the parameters and body format.
401	Unauthorized	Missing or invalid authentication token. Regenerate your token.
403	Forbidden	Insufficient permissions. Check the roles and permissions of your API key.
404	Not Found	Resource not found. Check the identifier and endpoint path.
429	Too Many Requests	Rate limit reached (1000/min). Wait before retrying.
500	Internal Server Error	Internal server error. Contact support if the issue persists.

Error Response Format

{
  "error": {
    "code": 401,
    "status": "Unauthorized",
    "message": "Invalid or expired authentication token.",
    "request_id": "req_abc123def456"
  }
}

Overview