Download OpenAPI specification:
Programmatic access to security findings and project data.
Pass your API token in the Authorization header:
curl -H "Authorization: Bearer sh_live_k9s8d_9f8s7d6f5..." \
https://service.shinobi.security/v1/projects/{projectId}/findings
Token format: sh_<env>_<id>_<secret>
sh - Shinobi prefix (helps secret scanners detect leaked tokens)env - Environment: live (production) or test (sandbox)id - Public key identifier (safe to log)secret - Secret part (never log this)All major HTTP libraries support Bearer tokens:
# Python requests
requests.get(url, headers={"Authorization": "Bearer sh_live_..."})
// Node.js axios
axios.get(url, { headers: { Authorization: "Bearer sh_live_..." } })
This API uses cursor-based pagination for consistent results:
{
"data": [...],
"cursor": "eyJ0ZW5hbnQiOiJ...",
"hasMore": true
}
Pass the cursor value in subsequent requests to fetch the next page.
Use query parameters to filter results server-side:
severity: Comma-separated severity levels (e.g., CRITICAL,HIGH)status: Comma-separated statuses (e.g., OPEN,IN_PROGRESS)since: ISO-8601 timestamp for incremental sync - returns findings updated after this time (e.g., 2024-01-01T00:00:00Z)Returns a paginated list of projects accessible by the API token.
Required Scope: project:view (enabled by default on all keys)
Results are sorted by creation time (newest first).
| limit | integer [ 1 .. 100 ] Default: 100 Items per page (1-100, default 100) |
| cursor | string Pagination cursor from previous response. |
| name | string Example: name=Payment Filter by project name (case-insensitive contains match) |
| createdAfter | string <date-time> Example: createdAfter=2024-01-01T00:00:00Z Filter projects created after this ISO-8601 timestamp |
| createdBefore | string <date-time> Example: createdBefore=2024-12-31T23:59:59Z Filter projects created before this ISO-8601 timestamp |
| status | string Enum: "PENDING" "IN_PROGRESS" "PAUSED" "COMPLETED" Filter by latest run status |
| stage | string Enum: "Scoping" "Exploring" "Creating Attack Scenarios" "Awaiting Test Start" "Testing" "Reporting" "Completed" Filter by current stage (milestone) |
{- "data": [
- {
- "id": "f8P9_01I0AN1ZL6sN5-gw",
- "name": "Payment Gateway Prod",
- "createdAt": "2024-06-15T10:30:00.000Z",
- "description": "Production payment processing API security assessment",
- "status": "IN_PROGRESS",
- "stage": "Testing"
}
], - "cursor": "string",
- "hasMore": true
}Returns details for a single project.
Required Scope: project:view (enabled by default on all keys)
| projectId required | string^[A-Za-z0-9_-]{21}$|^[0-9a-f]{8}-[0-9a-f]{4}-... Project identifier (21-char nanoid or UUID format) |
{- "data": {
- "id": "f8P9_01I0AN1ZL6sN5-gw",
- "name": "Payment Gateway Prod",
- "createdAt": "2024-06-15T10:30:00.000Z",
- "description": "Production payment processing API security assessment",
- "status": "IN_PROGRESS",
- "stage": "Testing"
}
}Returns a paginated list of findings for a project.
Use the view parameter to control response detail:
summary (default): Returns core fields only (id, title, severity, status, timestamps)full: Returns all available fields including CVSS details and remediation (slower, lower limits)Results are sorted by creation time (createdAt). Use sort=desc for newest first.
| projectId required | string^[A-Za-z0-9_-]{21}$|^[0-9a-f]{8}-[0-9a-f]{4}-... Project identifier (21-char nanoid or UUID format) |
| view | string Default: "summary" Enum: "summary" "full" Data density. |
| severity | string Example: severity=CRITICAL,HIGH Filter by severity. Comma-separated values. |
| status | string Example: status=OPEN,RETESTING Filter by status. Comma-separated values. |
| since | string <date-time> Example: since=2024-01-01T00:00:00Z Return findings updated (modified) after this ISO-8601 timestamp. Useful for incremental sync - captures both new findings and status changes. |
| sort | string Default: "asc" Enum: "asc" "desc" Sort direction by creation time. |
| cursor | string Pagination cursor from previous response. |
| limit | integer [ 1 .. 100 ] Default: 50 Items per page. Max 100 for summary view, 25 for full view. |
{- "data": [
- {
- "id": "abc123def456",
- "title": "SQL Injection in login endpoint",
- "severity": "HIGH",
- "cvssScore": 8.6,
- "cvssVector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
- "status": "OPEN",
- "createdAt": "2024-06-15T10:30:00.000Z",
- "updatedAt": "2024-06-20T14:45:00.000Z",
- "description": "string",
- "remediation": "string",
- "cwe_id": [
- "CWE-269",
- "CWE-915",
- "CWE-284"
], - "owasp_flairs": [
- "A01-Broken-Access-Control"
], - "affectedEndpoint": "/api/v1/login"
}
], - "cursor": "string",
- "hasMore": true
}Returns full details for a single finding including CVSS information, remediation steps, and affected endpoints.
| projectId required | string^[A-Za-z0-9_-]{21}$|^[0-9a-f]{8}-[0-9a-f]{4}-... Project identifier (21-char nanoid or UUID format) |
| findingId required | string^[A-Za-z0-9_-]{10,50}$ Finding identifier |
{- "data": {
- "id": "abc123def456",
- "title": "SQL Injection in login endpoint",
- "severity": "HIGH",
- "cvssScore": 8.6,
- "cvssVector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
- "status": "OPEN",
- "createdAt": "2024-06-15T10:30:00.000Z",
- "updatedAt": "2024-06-20T14:45:00.000Z",
- "description": "string",
- "remediation": "string",
- "cwe_id": [
- "CWE-269",
- "CWE-915",
- "CWE-284"
], - "owasp_flairs": [
- "A01-Broken-Access-Control"
], - "affectedEndpoint": "/api/v1/login"
}
}