Full API Reference

Register a new user and create their first workspace.

Authenticated password change. Requires the current password.

Generate a new RSA-4096 SSH key pair for Linux server scanning. Returns the public key to add to the server's authorized_keys. The private key is returned once and must be saved by the frontend to be submitted as ssh_key when creating the connection.

Phase 5.1A — Install instructions for the on-prem connector binary. Used by the frontend "Install Agent" path in the Add Connection flow. The frontend substitutes {ENROLLMENT_TOKEN} and {CONNECTOR_NAME} into the template after fetching an enrollment token from /connectors/enrollments. No secrets in this response; safe to call before any token is generated.

F3.6.1 (May 19, 2026) — Install instructions for the Windows on-prem connector. Used by the frontend "Install Agent" path in the Add Connection flow when the user picks 'windows' provider and 'agent' connection mode. Mirror of /linux/install-instructions. The frontend substitutes {ENROLLMENT_TOKEN} and {CONNECTOR_NAME} into the template after fetching an enrollment token from /connectors/enrollments. No secrets in this response; safe to call before any token is generated. The one-liner is multi-statement PowerShell: 1. Download install.ps1 to %TEMP% 2. Invoke it with -Token and -Name args (matching install.ps1's param block) Customer must run as Administrator. install.ps1 enforces this check.

Return WinRM setup instructions for Windows Server. Customer pastes these commands in PowerShell (as Administrator).

Return Azure Service Principal setup instructions.

Return GCP Service Account setup instructions.

Set separate write-access credentials for auto-remediation.

Remove remediation credentials — disables auto-fix for this connection.

Dashboard summary counts. Phase 5.4.2: added `total_resolved_last_30d` and `by_connection` map. The `by_connection` map provides per-connection {open, resolved_last_30d} so connection cards can render their own stats from a single API call.

Weekly resolved-finding counts for the last 12 weeks (Phase 5.4.3). Returns exactly 12 weeks of data (oldest first), with 0 for weeks where nothing was resolved. Uses Postgres ISO weeks (Monday start). Powers the dashboard trend chart introduced in Phase 5.4.7.

Returns per-connection finding counts (critical/high) for the dashboard scan coverage widget. One call covers all connections.

Revoke a suppressed or accepted_risk status and return finding to `open`. Phase 5.4.9: gives users a way to undo a previous Suppress/Accept Risk decision without needing to wait for resolution detection.

Generate detailed AI remediation steps for a finding. Cached after first generation.

Manually trigger report generation for the tenant.

MSP mode: list all child workspaces managed by this tenant.

Public contact form submission. Verifies Turnstile captcha then sends email to hello@fixmycloud.ai.

Create a new API key for this tenant. The full key is returned ONCE and never stored — copy it now.

List all API keys for this tenant (keys are masked — only prefix shown).

Revoke an API key — it can no longer be used to authenticate.

List all remediation actions for this workspace (all statuses).

List all items needing approval across the tenant.

Return plan catalog with pricing. No auth required.

Get current subscription state for the tenant.

Create a Stripe Checkout session for plan upgrade. Only workspace owners/admins with billing permission can do this.

Open Stripe Billing Portal for payment management.

Cancel subscription at period end (not immediate).

Resume a subscription that was set to cancel at period end.

Admin creates an invitation for an email to join the workspace.

Admin lists invitations for the current workspace.

Public endpoint — called by the accept-invite page to preflight. Returns invitation details + whether the user needs to set a password. Does NOT modify anything.

Public endpoint — user accepts the invite. If user does not exist: full_name + password required; creates new User. If user exists: password NOT required (they login separately after this). Atomic: validates token, creates/reactivates User+Membership, marks invitation accepted.

Admin resends an invite email. Refreshes expiry if old.

Admin revokes a pending invitation. No-op if already accepted/revoked.

Create a new enrollment token for registering connectors. The full token is returned ONCE and never stored in plaintext. Copy and distribute it to the connector installer command.

List enrollment tokens for the current tenant. Tokens are returned WITHOUT their secrets — only prefix + metadata. Supports ?status=active|revoked|expired|exhausted for filtering.

Soft-revoke an enrollment token. Sets status=revoked + revoked_at=now(). The row is preserved for audit purposes. Already-registered connectors are unaffected; only prevents future registrations via this token.

List connectors for the current tenant. Supports filtering by status and connector_type. Paginated via limit (1-100) + offset.

Detail view for a specific connector with operational counts.

Revoke a connector — invalidates its secret permanently. Effect: - Connector.status = revoked - In-flight jobs (queued/dispatched/running) become cancelled - Connector secret no longer authenticates Idempotent: already-revoked connectors return current state.

Register a connector using an enrollment token. UNAUTHENTICATED — the enrollment token in the body IS the credential. All 401 responses use identical body to avoid leaking validation details.

Connector heartbeat — proves liveness + reports basic telemetry. Side effects: - Appends row to connector_heartbeats (retained ~7 days) - Updates connector.last_heartbeat_at - Transitions pending/offline -> online on any heartbeat Returns server time so connectors can correct clock drift locally. No audit log (heartbeats are high-frequency telemetry, not user actions).

Connector asks: what work do you have for me? Returns at most one job. Empty response (job=null) is the common case when nothing is queued — connector should back off for POLL_INTERVAL_SECONDS and try again.

Connector submits the output of a dispatched job. Platform verifies HMAC on the result (for completed jobs) and stores it verbatim. Downstream parsing into findings/assets happens in Phase 4.