API Overview¶

The Mayo ASPM REST API lets you programmatically manage scans, findings, policies, projects, and tickets. Use it to integrate Mayo ASPM into your CI/CD pipelines, automation workflows, and custom tooling.

Base URL¶

All API endpoints are available at:

https://mayoaspm.com/api

Interactive documentation¶

Full interactive API documentation (OpenAPI / Swagger) is available at:

Swagger UI: docs.api.mayoaspm.com
ReDoc: docs.api.mayoaspm.com/redoc

The interactive docs let you try endpoints directly from your browser with your API key.

Tip

Use the interactive docs to explore available endpoints, see request/response schemas, and generate code snippets in your preferred language.

Quick start¶

1. Get an API key¶

Create an API key from Settings > Integrations > API Keys. See API Keys.

2. Make your first request¶

curl https://mayoaspm.com/api/projects \
  -H "Authorization: Bearer mayo_ak_your_key_here"

3. Explore the response¶

{
  "data": [
    {
      "id": "proj_abc123",
      "name": "payments-api",
      "asset_count": 3,
      "finding_count": 47,
      "created_at": "2026-01-15T10:00:00Z"
    }
  ],
  "pagination": {
    "page": 1,
    "per_page": 20,
    "total": 1
  }
}

Response format¶

All API responses follow a consistent structure:

Success response¶

{
  "data": { },
  "pagination": {
    "page": 1,
    "per_page": 20,
    "total": 100
  }
}

Error response¶

{
  "error": {
    "code": "validation_error",
    "message": "Invalid severity value",
    "details": [
      {
        "field": "severity",
        "message": "must be one of: critical, high, medium, low, info"
      }
    ]
  }
}

Authentication¶

The API supports two authentication methods:

Method	Format	Best for
API Key	`Authorization: Bearer mayo_ak_...`	Scripts, CI/CD, Airflow
JWT	`Authorization: Bearer eyJ...`	Browser-based apps, short-lived sessions

See Authentication for details on when to use which method.

Pagination¶

List endpoints support pagination with these query parameters:

Parameter	Default	Max	Description
`page`	1	—	Page number
`per_page`	20	100	Items per page

Filtering¶

Most list endpoints support filtering via query parameters:

# Filter findings by severity and status
curl "https://mayoaspm.com/api/findings?severity=critical,high&status=open" \
  -H "Authorization: Bearer mayo_ak_..."

Sorting¶

Use the sort query parameter:

# Sort findings by severity descending
curl "https://mayoaspm.com/api/findings?sort=-severity" \
  -H "Authorization: Bearer mayo_ak_..."

Prefix with - for descending order.

Rate limits¶

API requests are rate-limited based on your plan tier. See Rate limits for details.

Versioning¶

The API is currently at v1 (implied in the base URL). Breaking changes will be introduced in future versions with a versioned path (e.g., /api/v2/).

Info

Non-breaking changes (new fields, new endpoints) are added without version bumps. Your integrations should handle unknown JSON fields gracefully.

SDKs and libraries¶

Official SDKs are not yet available. Use the REST API directly with any HTTP client. The interactive docs at docs.api.mayoaspm.com can generate client code in multiple languages.

Next steps¶

Authentication — JWT and API key details
Endpoint groups — all available endpoints
cURL examples — common operations
Rate limits — limits by tier
Error codes — error reference