API Reference

Integrate Sentinel into your workflows with our REST API. Available on the Enterprise plan.

Overview

The Sentinel API allows you to programmatically access your compliance data, trigger evidence collection, retrieve reports, and integrate compliance monitoring into your existing workflows and CI/CD pipelines.

Base URL: https://api.reatech.io/api

Availability: API access is available exclusively on the Enterprise plan ($2,000/month).

Authentication

All API requests require a Bearer token in the Authorization header. Obtain your token by logging in through the authentication endpoint.

POST /api/auth/login
Content-Type: application/json

{
  "email": "you@company.com",
  "password": "your-password"
}

Response:
{
  "status": "success",
  "data": {
    "user": { "id": "...", "email": "...", "role": "ADMIN" },
    "token": "eyJhbGciOiJIUzI1NiIs..."
  }
}

Include the token in all subsequent requests:

Authorization: Bearer eyJhbGciOiJIUzI1NiIs...

Endpoints

Dashboard

GET /api/dashboard/stats

Returns your full compliance dashboard including overview, framework status, category breakdown, recent activity, issues, and timeline.

Response:
{
  "status": "success",
  "data": {
    "overview": {
      "totalChecks": 156,
      "passingChecks": 132,
      "failingChecks": 18,
      "warningChecks": 6,
      "complianceScore": 84.6
    },
    "frameworks": [...],
    "categories": {...},
    "recentActivity": [...],
    "issues": [...],
    "timeline": [...],
    "trend": "improving"
  }
}

Evidence

GET /api/evidence

List evidence items with optional filters.

Query parameters:

  • status — filter by status: PASS, FAIL, WARNING, ERROR
  • category — filter by category (e.g., iam, encryption, logging)
  • integrationId — filter by integration
  • framework — filter by compliance framework (SOC2, ISO27001)
  • limit — number of results (default: 50)
  • offset — pagination offset

GET /api/evidence/:id

Get a single evidence item with full details including raw data, control mappings, and remediation guidance.

GET /api/evidence/stats

Get aggregated evidence statistics by status and category.

GET /api/evidence/compliance

Get compliance summary with control-level pass/fail status for a given framework.

Query parameters:

  • frameworkSOC2 or ISO27001

Integrations

GET /api/integrations

List all connected integrations with their status, last sync time, and evidence count.

POST /api/integrations/aws/connect

Connect an AWS account.

{
  "accessKeyId": "AKIA...",
  "secretAccessKey": "...",
  "region": "us-east-1",
  "name": "Production AWS"
}

POST /api/integrations/github/connect

Connect a GitHub organization.

{
  "token": "ghp_...",
  "orgName": "your-org",
  "name": "Production GitHub"
}

POST /api/integrations/:id/collect

Trigger evidence collection for an integration. Returns a job ID for tracking progress.

Response:
{
  "status": "success",
  "data": {
    "job": { "id": "...", "status": "RUNNING" },
    "message": "Evidence collection started"
  }
}

GET /api/integrations/:id/jobs

List collection jobs for an integration with their status and results.

Policies

GET /api/policies/templates

List available policy templates.

POST /api/policies/generate

Generate a policy from a template.

{
  "templateId": "information-security-policy",
  "customData": {
    "industry": "technology",
    "employeeCount": "50-100"
  }
}

GET /api/policies

List generated policies.

GET /api/policies/:id/download

Download a generated policy document.

Reports

POST /api/reports/generate

Generate a compliance report.

{
  "reportType": "SOC2_AUDIT",
  "periodStart": "2025-01-01",
  "periodEnd": "2025-12-31"
}

Report types:
- SOC2_AUDIT
- ISO27001_AUDIT
- COMBINED_AUDIT
- EXECUTIVE_SUMMARY

GET /api/reports

List generated reports.

GET /api/reports/:id/download

Download a generated report as PDF.

Billing

GET /api/billing/subscription

Get current subscription details including tier, status, usage, and limits.

GET /api/billing/limits/integrations

Check if you can add more integrations based on your plan limits.

GET /api/billing/limits/checks

Check remaining compliance checks for the current billing period.

Rate Limiting

API requests are rate-limited to prevent abuse. The default limits are:

  • 100 requests per 15-minute window per authenticated user
  • Rate limit headers are included in all responses: X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset

Error Handling

All errors return a consistent JSON format:

{
  "status": "error",
  "message": "Description of the error",
  "statusCode": 400
}

Common status codes:
- 400: Bad Request (validation error)
- 401: Unauthorized (missing or invalid token)
- 403: Forbidden (insufficient permissions)
- 404: Not Found
- 429: Too Many Requests (rate limited)
- 500: Internal Server Error

Need Help?

For API support or questions, contact us at support@reatech.io.