Endpoint Groups¶
This page lists all Mayo ASPM API endpoint groups with their available operations. For full request/response schemas, visit the interactive docs at docs.api.mayoaspm.com.
Scans¶
Trigger, monitor, and retrieve scan results.
| Method | Path | Description |
|---|---|---|
POST |
/api/scans |
Trigger a new scan |
GET |
/api/scans |
List all scans |
GET |
/api/scans/{scan_id} |
Get scan details |
GET |
/api/scans/{scan_id}/summary |
Get scan summary (finding counts by severity) |
GET |
/api/scans/{scan_id}/findings |
List findings from a specific scan |
POST |
/api/scans/{scan_id}/cancel |
Cancel a running scan |
DELETE |
/api/scans/{scan_id} |
Delete a scan and its results |
Required permissions: scans:read for GET, scans:write for POST/DELETE
Findings¶
Query, filter, and update security findings.
| Method | Path | Description |
|---|---|---|
GET |
/api/findings |
List findings (filterable) |
GET |
/api/findings/{finding_id} |
Get finding details |
PATCH |
/api/findings/{finding_id} |
Update finding (status, assignee, notes) |
POST |
/api/findings/{finding_id}/suppress |
Suppress a finding |
POST |
/api/findings/{finding_id}/reopen |
Reopen a suppressed finding |
GET |
/api/findings/summary |
Aggregate finding counts |
Required permissions: findings:read for GET, findings:write for PATCH/POST
Finding filters¶
The GET /api/findings endpoint supports these query parameters:
| Parameter | Type | Description |
|---|---|---|
severity |
string | Comma-separated: critical,high,medium,low,info |
status |
string | Comma-separated: open,triaged,confirmed,suppressed,resolved,in_progress,reopened |
scanner |
string | Scanner name: semgrep,grype,trivy,gitleaks |
project_id |
string | Filter by project |
sub_project_id |
string | Filter by sub-project |
asset_id |
string | Filter by asset |
cve_id |
string | Filter by CVE ID |
age_min |
integer | Minimum age in days |
age_max |
integer | Maximum age in days |
sort |
string | Sort field: severity, -severity, created_at, -created_at |
Projects¶
Manage projects and sub-projects.
| Method | Path | Description |
|---|---|---|
GET |
/api/projects |
List all projects |
POST |
/api/projects |
Create a project |
GET |
/api/projects/{project_id} |
Get project details |
PATCH |
/api/projects/{project_id} |
Update a project |
DELETE |
/api/projects/{project_id} |
Delete a project |
GET |
/api/projects/{project_id}/sub-projects |
List sub-projects |
POST |
/api/projects/{project_id}/sub-projects |
Create a sub-project |
GET |
/api/projects/{project_id}/assets |
List project assets |
POST |
/api/projects/{project_id}/assets |
Assign assets to project |
Required permissions: projects:read for GET, projects:write for POST/PATCH/DELETE
Assets¶
View and manage assets (repositories, images, etc.).
| Method | Path | Description |
|---|---|---|
GET |
/api/assets |
List all assets |
GET |
/api/assets/{asset_id} |
Get asset details |
PATCH |
/api/assets/{asset_id} |
Update asset metadata |
POST |
/api/assets/{asset_id}/scan |
Trigger a scan for this asset |
GET |
/api/assets/{asset_id}/findings |
List findings for an asset |
Required permissions: projects:read for GET, scans:write for scan trigger
Policies¶
Create, update, and manage OPA policies.
| Method | Path | Description |
|---|---|---|
GET |
/api/policies |
List all policies |
POST |
/api/policies |
Create a policy |
GET |
/api/policies/{policy_id} |
Get policy details |
PATCH |
/api/policies/{policy_id} |
Update a policy |
DELETE |
/api/policies/{policy_id} |
Delete a policy |
POST |
/api/policies/{policy_id}/activate |
Activate a policy |
POST |
/api/policies/{policy_id}/deactivate |
Deactivate a policy |
GET |
/api/policies/{policy_id}/versions |
List policy versions |
POST |
/api/policies/{policy_id}/versions/{version}/restore |
Restore a version |
POST |
/api/policies/evaluate |
Evaluate a policy against sample input |
PATCH |
/api/policies/{policy_id}/scope |
Update policy scope |
Required permissions: policies:read for GET, policies:write for POST/PATCH/DELETE
Tickets¶
Generate and manage Jira tickets.
| Method | Path | Description |
|---|---|---|
GET |
/api/tickets |
List all tickets |
POST |
/api/tickets/generate |
Generate tickets from findings |
GET |
/api/tickets/{ticket_id} |
Get ticket details |
POST |
/api/tickets/{ticket_id}/push |
Push a draft ticket to Jira |
POST |
/api/tickets/{ticket_id}/regenerate |
Regenerate ticket content |
DELETE |
/api/tickets/{ticket_id} |
Delete a draft ticket |
Required permissions: tickets:read for GET, tickets:write for POST/DELETE
Organization¶
Manage organization settings, teams, and users.
| Method | Path | Description |
|---|---|---|
GET |
/api/organization |
Get organization details |
GET |
/api/organization/teams |
List teams |
GET |
/api/organization/users |
List users |
GET |
/api/organization/audit-log |
Query audit log |
Required permissions: admin for all operations
Authentication¶
| Method | Path | Description |
|---|---|---|
POST |
/api/auth/login |
Authenticate and receive JWT |
POST |
/api/auth/refresh |
Refresh an access token |
POST |
/api/auth/logout |
Invalidate refresh token |
No authentication required for login; valid refresh token required for refresh.
Next steps¶
- cURL examples — practical examples
- Authentication — auth methods
- Rate limits — request limits
- Interactive docs — try endpoints live