cURL Examples

Practical examples for common Mayo ASPM API operations. Replace mayo_ak_... with your actual API key.

---

Scans

Trigger a full organization scan

curl -X POST https://mayoaspm.com/api/scans \
  -H "Authorization: Bearer mayo_ak_..." \
  -H "Content-Type: application/json" \
  -d '{
    "scope": "organization",
    "scanners": ["grype", "semgrep", "gitleaks"]
  }'

Response:

{
  "data": {
    "scan_id": "scan_abc123",
    "status": "queued",
    "scope": "organization",
    "scanners": ["grype", "semgrep", "gitleaks"],
    "created_at": "2026-04-15T10:00:00Z"
  }
}

Trigger a scan for a specific project

curl -X POST https://mayoaspm.com/api/scans \
  -H "Authorization: Bearer mayo_ak_..." \
  -H "Content-Type: application/json" \
  -d '{
    "scope": "project",
    "project_id": "proj_abc123",
    "scanners": ["grype", "trivy"]
  }'

Check scan status

curl https://mayoaspm.com/api/scans/scan_abc123 \
  -H "Authorization: Bearer mayo_ak_..."

Response:

{
  "data": {
    "scan_id": "scan_abc123",
    "status": "completed",
    "started_at": "2026-04-15T10:00:05Z",
    "completed_at": "2026-04-15T10:15:32Z",
    "summary": {
      "assets_scanned": 12,
      "total_findings": 87,
      "new_findings": 5,
      "by_severity": {
        "critical": 1,
        "high": 8,
        "medium": 23,
        "low": 42,
        "info": 13
      }
    }
  }
}

List recent scans

curl "https://mayoaspm.com/api/scans?per_page=5&sort=-created_at" \
  -H "Authorization: Bearer mayo_ak_..."

---

Findings

List critical findings

curl "https://mayoaspm.com/api/findings?severity=critical&status=open,confirmed" \
  -H "Authorization: Bearer mayo_ak_..."

Get finding details

curl https://mayoaspm.com/api/findings/f_abc123 \
  -H "Authorization: Bearer mayo_ak_..."

Suppress a finding

curl -X POST https://mayoaspm.com/api/findings/f_abc123/suppress \
  -H "Authorization: Bearer mayo_ak_..." \
  -H "Content-Type: application/json" \
  -d '{
    "reason": "False positive - test fixture file"
  }'

Get finding summary by project

curl "https://mayoaspm.com/api/findings/summary?group_by=project" \
  -H "Authorization: Bearer mayo_ak_..."

Response:

{
  "data": [
    {
      "project_id": "proj_abc123",
      "project_name": "payments-api",
      "critical": 1,
      "high": 5,
      "medium": 12,
      "low": 20,
      "info": 3,
      "total": 41
    }
  ]
}

---

Projects

List all projects

curl https://mayoaspm.com/api/projects \
  -H "Authorization: Bearer mayo_ak_..."

Create a project

curl -X POST https://mayoaspm.com/api/projects \
  -H "Authorization: Bearer mayo_ak_..." \
  -H "Content-Type: application/json" \
  -d '{
    "name": "payments-api",
    "description": "Payment processing service",
    "color": "#3B82F6"
  }'

Create a sub-project

curl -X POST https://mayoaspm.com/api/projects/proj_abc123/sub-projects \
  -H "Authorization: Bearer mayo_ak_..." \
  -H "Content-Type: application/json" \
  -d '{
    "name": "v2-migration",
    "description": "Payment API v2 migration work"
  }'

---

Policies

List all policies

curl https://mayoaspm.com/api/policies \
  -H "Authorization: Bearer mayo_ak_..."

Create a triage policy

curl -X POST https://mayoaspm.com/api/policies \
  -H "Authorization: Bearer mayo_ak_..." \
  -H "Content-Type: application/json" \
  -d '{
    "name": "suppress-info-findings",
    "kind": "triage",
    "rego": "package mayo.triage\n\nimport rego.v1\n\ndecision := \"reject\" if {\n    input.finding.severity == \"info\"\n}",
    "active": true
  }'

Evaluate a policy in the playground

curl -X POST https://mayoaspm.com/api/policies/evaluate \
  -H "Authorization: Bearer mayo_ak_..." \
  -H "Content-Type: application/json" \
  -d '{
    "rego": "package mayo.triage\n\nimport rego.v1\n\ndecision := \"accept\" if {\n    input.finding.severity == \"critical\"\n}",
    "input": {
      "finding": {
        "severity": "critical",
        "scanner": "grype",
        "cve_id": "CVE-2026-1234"
      }
    }
  }'

Response:

{
  "data": {
    "result": {
      "decision": "accept"
    }
  }
}

---

Tickets

Generate tickets from findings

curl -X POST https://mayoaspm.com/api/tickets/generate \
  -H "Authorization: Bearer mayo_ak_..." \
  -H "Content-Type: application/json" \
  -d '{
    "project_id": "proj_abc123",
    "filters": {
      "severity": ["critical", "high"],
      "status": ["triaged", "confirmed"]
    },
    "grouping": "by_vulnerability",
    "delivery": "draft"
  }'

Push a draft ticket to Jira

curl -X POST https://mayoaspm.com/api/tickets/tkt_abc123/push \
  -H "Authorization: Bearer mayo_ak_..."

---

Pagination

Page through findings

# Page 1
curl "https://mayoaspm.com/api/findings?page=1&per_page=50" \
  -H "Authorization: Bearer mayo_ak_..."

# Page 2
curl "https://mayoaspm.com/api/findings?page=2&per_page=50" \
  -H "Authorization: Bearer mayo_ak_..."

---

Next steps

• Endpoint groups — full endpoint reference
• Authentication — auth setup
• Rate limits — avoid throttling
• Interactive docs — try endpoints in your browser