Skip to main content
The drifts endpoints let you trigger configuration drift detection scans, retrieve findings, and manage drift status through resolution. Drifts compare a resource’s current configuration against a captured baseline. Base path: /api/v1/drifts

POST /drifts/detect — trigger drift scan

Starts a drift detection scan across all connected providers. Returns immediately with a job ID you can use to track progress. 
POST /api/v1/drifts/detect
Authorization: Bearer <token>

Response 202

{
  "job_id": 42,
  "status": "running",
  "message": "Drift detection scan started"
}

GET /drifts — list drift findings

Returns a paginated list of drift findings. 
GET /api/v1/drifts
Authorization: Bearer <token>

Query parameters

provider_id
integer
Filter by provider ID.
resource_id
integer
Filter by resource ID.
severity
string
Filter by severity: critical, high, medium, or low.
type
string
Filter by drift type: configuration, security, or compliance.
status
string
Filter by status: detected, investigating, or resolved.
page
integer
default:"1"
Page number.
per_page
integer
default:"20"
Results per page. Maximum is 100.

Response

{
  "data": [
    {
      "id": 1,
      "resource_id": 15,
      "resource_name": "data-lake-bucket",
      "resource_type": "s3_bucket",
      "drift_type": "security",
      "severity": "critical",
      "status": "detected",
      "summary": "S3 bucket BlockPublicAcls changed from true to false",
      "baseline_value": true,
      "current_value": false,
      "detected_at": "2024-01-15T14:30:00Z"
    }
  ],
  "meta": { "total": 12, "page": 1, "per_page": 20 }
}

GET /drifts/ — get drift details

Returns the full drift record including the JSON diff between the baseline and the current configuration. 
GET /api/v1/drifts/{id}
Authorization: Bearer <token>

PATCH /drifts/ — update drift status

Updates the status of a drift finding. Valid transitions are detected → investigating → resolved. 
PATCH /api/v1/drifts/{id}
Authorization: Bearer <token>
Content-Type: application/json

Request body

status
string
required
New status: investigating or resolved.
{
  "status": "investigating"
}

POST /drifts//resolve — resolve a drift

Marks a drift as resolved. Optionally captures a new baseline from the current configuration. 
POST /api/v1/drifts/{id}/resolve
Authorization: Bearer <token>
Content-Type: application/json

Request body

capture_baseline
boolean
default:"false"
When true, captures the current configuration as a new baseline after resolving.
{
  "capture_baseline": true
}

GET /drifts/summary — get drift summary

Returns aggregate drift counts by severity and status. 
GET /api/v1/drifts/summary
Authorization: Bearer <token>

Response

{
  "total": 12,
  "by_severity": {
    "critical": 1,
    "high": 4,
    "medium": 5,
    "low": 2
  },
  "by_status": {
    "detected": 8,
    "investigating": 3,
    "resolved": 1
  }
}