Skip to main content
The InfraAudit API is a JSON REST API served by the Go backend. Every endpoint returns application/json unless you request a file download, and every protected endpoint requires a Bearer token in the Authorization header. This page covers the conventions that apply to all requests.

Base URL

For SaaS: 
https://api.infraaudit.dev/v1
For self-hosted deployments the default base URL is: 
http://localhost:8080

Versioning

All endpoints are under the /api/v1/ path prefix. A small set of legacy endpoints (auth, providers, resources, drifts, baselines, alerts, and Kubernetes) are also accessible without the /v1/ prefix for frontend compatibility. New integrations should always use the /api/v1/ paths.

Authentication

All protected endpoints require a Bearer token: 
Authorization: Bearer <access_token>
See Authentication for how to obtain a token.

Content type

All request bodies must be application/json. Set the header on every mutating request: 
Content-Type: application/json
Responses are always application/json unless the endpoint returns a file download (application/pdf or text/csv).

Quick example

Retrieve the first page of cloud resources using curl: 
curl https://api.infraaudit.dev/v1/resources \
  -H "Authorization: Bearer $TOKEN"
Response: 
{
  "data": [
    {
      "id": 1,
      "name": "web-server-01",
      "resource_type": "ec2_instance",
      "region": "us-east-1",
      "status": "active"
    }
  ],
  "meta": {
    "total": 247,
    "page": 1,
    "per_page": 20
  }
}

Health endpoints

These endpoints do not require authentication and are useful for monitoring and readiness checks.
EndpointPurpose
GET /healthLiveness check
GET /healthzLiveness check (alias)
GET /readyzReadiness check — verifies DB and Redis connectivity
GET /metricsPrometheus metrics
GET /swagger/index.htmlInteractive Swagger UI

Next steps