API & Developer Reference

RedCloud exposes a REST API so you can launch scans, fetch findings, and manage reports programmatically. This section is the developer reference.

In this section

• Authentication — API keys and how to send them.
• Permissions & Scopes — what each key can do, under least privilege.
• Endpoints — the available REST endpoints with request/response formats.
• Rate Limits — request quotas and recommended retry behavior.

Conventions

The API is served by the FastAPI backend. All requests are authenticated, authorized, and tenant-scoped; unknown ownership is denied by default. Responses are JSON, and errors return structured messages with a correlation ID for support.

Note

Every API call is recorded in the centralized audit system with actor, tenant, action, and result.