API REFERENCE

REST API

Base URL: https://api.brigs.ai. All requests require a Bearer token.

Pagination

List endpoints accept limit and offset query parameters. Responses include a total field for calculating pages.

Async Operations

Scans and remediations are asynchronous. POST returns a resource with status: "QUEUED". Poll the resource GET endpoint until status is COMPLETED or FAILED. The CLI's brigs scan watch handles polling automatically.

Content Type

All request and response bodies are JSON. Set Content-Type: application/json on POST/PATCH requests.

Endpoints

Repositories

GET/reposList monitored repositories

POST/reposAdd a repository to monitoring

GET/repos/:idGet repository details

GET/repos/agent-mapOrg-wide agent deployment map

DELETE/repos/:idRemove repository

Scans

POST/scansTrigger a scan

{ "scan": { "id": "scn_...", "status": "QUEUED", "repoId": "..." } }

GET/scansList recent scans

GET/scans/:idGet scan status

Findings

GET/findingsList findings (filterable)

Query params: status, severity, repoId, controlKey, limit, offset, sortBy, sortOrder

{ "findings": [{ "id": "...", "severity": "CRITICAL", "controlKey": "...", "summary": "..." }], "total": 42 }

GET/findings/:idGet finding detail

PATCH/findings/:idUpdate finding (status, owner, notes)

{ "finding": { "id": "...", "status": "RESOLVED", "notes": "..." } }

POST/findings/:id/dismissDismiss a finding

Posture

GET/posture/summaryOrg-wide posture score

{ "score": 72, "passRate": 0.85, "coverage": 0.85, "controlsEvaluated": 13 }

GET/posture/:frameworkFramework-specific posture

Controls

GET/controlsList control definitions

GET/controls/:keyGet control detail

Evidence

GET/evidence/finding/:idGenerate finding evidence

GET/evidence/control/:keyGenerate control evidence

GET/evidence/snapshotGenerate compliance snapshot

Remediation

POST/findings/:id/remediateStart remediation

GET/remediation/sessions/:idGet remediation status

API Keys

POST/api-keysCreate API key

GET/api-keysList API keys

DELETE/api-keys/:idRevoke API key

Rate Limits

Rate limits apply per API key. CLI commands that call the API count toward your limits. Headers X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset are included in every response.

Plan	Per Minute	Per Day
Free	100	1,000
Team	500	10,000
Business	2,000	100,000
Enterprise	10,000	Unlimited

See pricing for plan details and upgrade options.

Errors

All errors return a consistent JSON body with error and message fields.

400 Bad Request
{ "error": "Bad Request", "message": "repoId is required" }

401 Unauthorized
{ "error": "Unauthorized", "message": "Invalid API key" }

403 Forbidden
{ "error": "Forbidden", "message": "Insufficient permissions for this resource" }

404 Not Found
{ "error": "Not Found", "message": "Finding not found" }

429 Too Many Requests
{ "error": "Too Many Requests", "message": "Rate limit exceeded.", "retryAfter": 42 }

Retry Guidance

429 — back off for retryAfter seconds, then retry
5xx — retry with exponential backoff (max 3 attempts)
4xx (except 429) — do not retry; fix the request