API Reference

Last updated: April 2026

The Sentrytex API gives Business-tier customers read-only access to their security alerts and vendor stack so you can integrate alerts into your existing tools: Slack, PagerDuty, your ticketing system, or your own dashboard.

1. Authentication

Generate an API key from /settings/api-keys. Keys begin with vk_. The plaintext is shown once at creation; store it somewhere safe.

Include it as a Bearer token on every request:

Authorization: Bearer vk_xxxxxxxxxxxxxxxxxxxxxxxxx

Keys are scoped to your account. Revoke a key any time from settings; revocation is immediate.

2. Base URL

https://www.sentrytex.com/api/v1

3. Endpoints

GET /alerts

List verified alerts whose affected_vendors intersect your stack, ordered most-recent first.

Query params (all optional):
limit: default 50, max 200
severity: critical | high | medium | low
since: ISO date; only alerts with published_at >= since

curl -H "Authorization: Bearer vk_..." \
  "https://www.sentrytex.com/api/v1/alerts?severity=critical&limit=10"

Response:

{
  "alerts": [
    {
      "id": "uuid",
      "cve_id": "CVE-2026-7679",
      "title": "...",
      "description": "...",
      "severity": "critical",
      "cvss_score": 9.8,
      "epss_score": 0.83,
      "published_at": "2026-05-01T12:34:56Z",
      "source_urls": ["https://nvd.nist.gov/vuln/detail/CVE-2026-7679"],
      "affected_vendors": ["github", "gcp"],
      "cisa_kev": false,
      "alert_type": "cve"
    }
  ]
}

GET /alerts/:id

Fetch a single alert by id, including evidence state.

curl -H "Authorization: Bearer vk_..." \
  "https://www.sentrytex.com/api/v1/alerts/<id>"

GET /stack

Your current vendor stack.

curl -H "Authorization: Bearer vk_..." \
  "https://www.sentrytex.com/api/v1/stack"

Response:

{
  "stack": [
    { "vendor_key": "stripe", "vendor_name": "Stripe", "category": "payments", "added_at": "..." }
  ]
}

4. Errors

Standard HTTP status codes:

401: missing/invalid Authorization header or key.
403: key is valid but the account is not on Business or scope is missing.
404: the alert/resource doesn't exist or isn't in your stack.
500: server error; retry with exponential backoff.

Error bodies have the shape { "error": "<message>" }.

5. Rate limits

Business-tier keys are limited to 100 requests/minute per key, sliding window. Hitting the limit returns 429 with a Retry-After header.

6. Scopes

New keys ship with read:alerts + read:stack. Write scopes (creating mutes via API) are coming soon. Let us know what you'd like to automate.

7. Need something else?

Webhooks, write endpoints, GraphQL: email [email protected]with what you're building. We prioritise based on actual demand.