Kubescape Access Keys API

Create, list, retrieve, and revoke the Agent Access Keys used to authenticate ARMO Platform Customer API requests via the X-API-KEY header, plus manage posture and vulnerability exception policies.

OpenAPI Specification

kubescape-openapi.yml Raw ↑
openapi: 3.0.3
info:
  title: ARMO Platform Customer API (Kubescape)
  description: >-
    The ARMO Platform Customer API is the hosted REST API of ARMO Platform, the
    commercial multi-cluster, multi-cloud Kubernetes security SaaS built on the
    open-source Kubescape project (CNCF, Apache 2.0). It exposes the security
    posture, compliance, vulnerability, runtime threat detection, network policy,
    and registry/repository scanning data that Kubescape produces.

    The endpoint paths in this document are taken from the public ARMO Customer
    API reference (hub.armosec.io/reference/customer-api). Request and response
    schemas are honestly modeled by API Evangelist to represent typical payloads
    and are not copied verbatim from a published machine-readable spec; verify
    exact field names against the live reference before integrating.

    Note on the open-source tool: the core Kubescape CLI is not an HTTP API, and
    the in-cluster Operator components expose their own OpenAPI/Swagger UIs
    (/openapi/v2/swaggerui) only inside the cluster - not on this hosted host.
    This document covers the hosted ARMO Platform Customer API only.
  version: '1.0'
  contact:
    name: ARMO / Kubescape
    url: https://www.armosec.io
  license:
    name: Apache-2.0 (open-source Kubescape core)
    url: https://github.com/kubescape/kubescape/blob/master/LICENSE
servers:
  - url: https://api.armosec.io/api/v1
    description: ARMO Platform Customer API
security:
  - apiKeyAuth: []
tags:
  - name: Posture & Compliance
    description: Framework, control, and resource posture results.
  - name: Vulnerabilities
    description: Image and workload vulnerability scanning and results.
  - name: Runtime Security
    description: Runtime incidents, attack chains, and security risks.
  - name: Network Policies
    description: Generated NetworkPolicies and seccomp profiles.
  - name: Registry & Repository
    description: Registry scans and Git repository posture.
  - name: Access Keys
    description: Agent access keys and exception policies.
paths:
  /posture/frameworks:
    post:
      operationId: getPostureFrameworks
      tags: [Posture & Compliance]
      summary: Get framework scan summaries
      description: Returns compliance scan summaries per framework (NSA-CISA, MITRE, CIS, SOC2, and others).
      requestBody:
        $ref: '#/components/requestBodies/ListRequest'
      responses:
        '200':
          description: Framework summaries.
          content:
            application/json:
              schema:
                type: object
                properties:
                  response:
                    type: array
                    items:
                      $ref: '#/components/schemas/FrameworkSummary'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /posture/controls:
    post:
      operationId: getPostureControls
      tags: [Posture & Compliance]
      summary: Get control run results
      description: Returns per-control run results with pagination. Each control is one of the 200+ Kubescape controls (C-0001..C-0292).
      requestBody:
        $ref: '#/components/requestBodies/ListRequest'
      responses:
        '200':
          description: Control results.
          content:
            application/json:
              schema:
                type: object
                properties:
                  response:
                    type: array
                    items:
                      $ref: '#/components/schemas/ControlResult'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /posture/controls/sections:
    post:
      operationId: getPostureControlSections
      tags: [Posture & Compliance]
      summary: Get framework subsection summaries
      description: Returns summaries for the subsections of a compliance framework.
      requestBody:
        $ref: '#/components/requestBodies/ListRequest'
      responses:
        '200':
          description: Section summaries.
          content:
            application/json:
              schema:
                type: object
        '401':
          $ref: '#/components/responses/Unauthorized'
  /posture/resources:
    post:
      operationId: getPostureResources
      tags: [Posture & Compliance]
      summary: List affected resources
      description: Returns the Kubernetes resources affected by posture control failures.
      requestBody:
        $ref: '#/components/requestBodies/ListRequest'
      responses:
        '200':
          description: Affected resources.
          content:
            application/json:
              schema:
                type: object
                properties:
                  response:
                    type: array
                    items:
                      $ref: '#/components/schemas/AffectedResource'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /vulnerability/scan:
    post:
      operationId: startVulnerabilityScan
      tags: [Vulnerabilities]
      summary: Initiate a vulnerability scan
      description: Triggers an image vulnerability scan.
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ScanRequest'
      responses:
        '200':
          description: Scan accepted.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ScanAccepted'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /vulnerability/scanResults/summary:
    post:
      operationId: getVulnerabilityScanSummary
      tags: [Vulnerabilities]
      summary: Get vulnerability scan summaries
      requestBody:
        $ref: '#/components/requestBodies/ListRequest'
      responses:
        '200':
          description: Scan summaries.
          content:
            application/json:
              schema:
                type: object
        '401':
          $ref: '#/components/responses/Unauthorized'
  /vulnerability/scanResults/details:
    post:
      operationId: getVulnerabilityScanDetails
      tags: [Vulnerabilities]
      summary: Get detailed CVE listings
      requestBody:
        $ref: '#/components/requestBodies/ListRequest'
      responses:
        '200':
          description: CVE details.
          content:
            application/json:
              schema:
                type: object
                properties:
                  response:
                    type: array
                    items:
                      $ref: '#/components/schemas/Vulnerability'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /vulnerability/severity:
    post:
      operationId: getVulnerabilitySeverity
      tags: [Vulnerabilities]
      summary: Get latest scan severity metrics
      requestBody:
        $ref: '#/components/requestBodies/ListRequest'
      responses:
        '200':
          description: Severity metrics.
          content:
            application/json:
              schema:
                type: object
        '401':
          $ref: '#/components/responses/Unauthorized'
  /vulnerabilities/list:
    post:
      operationId: listVulnerabilities
      tags: [Vulnerabilities]
      summary: List vulnerabilities
      description: Scoped list of vulnerabilities, including "Vulnerabilities In Use" (runtime-observed) filtering.
      requestBody:
        $ref: '#/components/requestBodies/ListRequest'
      responses:
        '200':
          description: Vulnerabilities.
          content:
            application/json:
              schema:
                type: object
                properties:
                  response:
                    type: array
                    items:
                      $ref: '#/components/schemas/Vulnerability'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /images/list:
    post:
      operationId: listImages
      tags: [Vulnerabilities]
      summary: List scanned images
      requestBody:
        $ref: '#/components/requestBodies/ListRequest'
      responses:
        '200':
          description: Images.
          content:
            application/json:
              schema:
                type: object
        '401':
          $ref: '#/components/responses/Unauthorized'
  /runtimeIncidents:
    get:
      operationId: listRuntimeIncidents
      tags: [Runtime Security]
      summary: List runtime incidents
      description: Returns eBPF-based runtime threat detection incidents.
      responses:
        '200':
          description: Runtime incidents.
          content:
            application/json:
              schema:
                type: array
                items:
                  $ref: '#/components/schemas/RuntimeIncident'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /runtimeIncidents/{guid}/alerts:
    get:
      operationId: getRuntimeIncidentAlerts
      tags: [Runtime Security]
      summary: Get alerts for an incident
      parameters:
        - $ref: '#/components/parameters/Guid'
      responses:
        '200':
          description: Alerts.
          content:
            application/json:
              schema:
                type: array
                items:
                  type: object
        '401':
          $ref: '#/components/responses/Unauthorized'
  /runtimeIncidents/{guid}/resolve:
    post:
      operationId: resolveRuntimeIncident
      tags: [Runtime Security]
      summary: Resolve a runtime incident
      description: Marks an incident as FalsePositive or Suspicious.
      parameters:
        - $ref: '#/components/parameters/Guid'
      responses:
        '200':
          description: Resolved.
        '401':
          $ref: '#/components/responses/Unauthorized'
  /attackChains:
    post:
      operationId: getAttackChains
      tags: [Runtime Security]
      summary: Get attack path (attack chain) analysis
      requestBody:
        $ref: '#/components/requestBodies/ListRequest'
      responses:
        '200':
          description: Attack chains.
          content:
            application/json:
              schema:
                type: object
        '401':
          $ref: '#/components/responses/Unauthorized'
  /securityRisks:
    get:
      operationId: getSecurityRisks
      tags: [Runtime Security]
      summary: Get prioritized security risks
      responses:
        '200':
          description: Security risks.
          content:
            application/json:
              schema:
                type: object
        '401':
          $ref: '#/components/responses/Unauthorized'
  /networkPolicies:
    get:
      operationId: getNetworkPolicies
      tags: [Network Policies]
      summary: Retrieve generated network policies
      responses:
        '200':
          description: Network policies.
          content:
            application/json:
              schema:
                type: array
                items:
                  type: object
        '401':
          $ref: '#/components/responses/Unauthorized'
  /networkPolicies/generate:
    post:
      operationId: generateNetworkPolicies
      tags: [Network Policies]
      summary: Generate least-privilege NetworkPolicies
      description: Generates Kubernetes NetworkPolicies from observed workload behavior (Bill of Behavior).
      requestBody:
        $ref: '#/components/requestBodies/ListRequest'
      responses:
        '200':
          description: Generated policies.
          content:
            application/json:
              schema:
                type: object
        '401':
          $ref: '#/components/responses/Unauthorized'
  /seccompProfiles/generate:
    post:
      operationId: generateSeccompProfiles
      tags: [Network Policies]
      summary: Generate seccomp profiles
      requestBody:
        $ref: '#/components/requestBodies/ListRequest'
      responses:
        '200':
          description: Generated seccomp profiles.
          content:
            application/json:
              schema:
                type: object
        '401':
          $ref: '#/components/responses/Unauthorized'
  /registry/scan:
    post:
      operationId: scheduleRegistryScan
      tags: [Registry & Repository]
      summary: Schedule a registry scan
      description: Schedules a container registry scan (ECR, GAR, ACR, Harbor, Quay, Nexus, GitLab).
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/RegistryScanRequest'
      responses:
        '200':
          description: Registry scan scheduled.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ScanAccepted'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /repositoryPosture/failedControls:
    post:
      operationId: getRepositoryFailedControls
      tags: [Registry & Repository]
      summary: Get repository failed controls
      requestBody:
        $ref: '#/components/requestBodies/ListRequest'
      responses:
        '200':
          description: Failed controls for a Git repository.
          content:
            application/json:
              schema:
                type: object
        '401':
          $ref: '#/components/responses/Unauthorized'
  /authentication/accessKeys:
    get:
      operationId: listAccessKeys
      tags: [Access Keys]
      summary: List agent access keys
      responses:
        '200':
          description: Access keys.
          content:
            application/json:
              schema:
                type: array
                items:
                  $ref: '#/components/schemas/AccessKey'
        '401':
          $ref: '#/components/responses/Unauthorized'
    post:
      operationId: createAccessKey
      tags: [Access Keys]
      summary: Create an agent access key
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/AccessKey'
      responses:
        '200':
          description: Created access key.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AccessKey'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /authentication/accessKeys/{guid}:
    delete:
      operationId: deleteAccessKey
      tags: [Access Keys]
      summary: Revoke an agent access key
      parameters:
        - $ref: '#/components/parameters/Guid'
      responses:
        '200':
          description: Revoked.
        '401':
          $ref: '#/components/responses/Unauthorized'
components:
  securitySchemes:
    apiKeyAuth:
      type: apiKey
      in: header
      name: X-API-KEY
      description: >-
        Agent Access Key generated in ARMO Platform under Settings > Agent
        Access Keys, sent in the X-API-KEY request header.
  parameters:
    Guid:
      name: guid
      in: path
      required: true
      description: The GUID of the target resource.
      schema:
        type: string
  requestBodies:
    ListRequest:
      description: Standard ARMO list/query body with pagination, sorting, and field filters.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ListRequest'
  responses:
    Unauthorized:
      description: Missing or invalid X-API-KEY.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
  schemas:
    ListRequest:
      type: object
      description: Query body used across ARMO list endpoints.
      properties:
        pageSize:
          type: integer
          default: 50
        pageNum:
          type: integer
          default: 0
        orderBy:
          type: string
        innerFilters:
          type: array
          items:
            type: object
            additionalProperties: true
    FrameworkSummary:
      type: object
      properties:
        name:
          type: string
          example: cis-v1.10.0
        complianceScore:
          type: number
          format: float
        failedControls:
          type: integer
        totalControls:
          type: integer
    ControlResult:
      type: object
      properties:
        id:
          type: string
          example: C-0016
        name:
          type: string
          example: Allow privilege escalation
        severity:
          type: string
          enum: [Low, Medium, High, Critical]
        status:
          type: string
          enum: [passed, failed, skipped]
        affectedResourcesCount:
          type: integer
    AffectedResource:
      type: object
      properties:
        resourceID:
          type: string
        kind:
          type: string
          example: Deployment
        namespace:
          type: string
        name:
          type: string
        cluster:
          type: string
    ScanRequest:
      type: object
      properties:
        cluster:
          type: string
        namespace:
          type: string
        imageTag:
          type: string
    RegistryScanRequest:
      type: object
      properties:
        registryName:
          type: string
        registryProvider:
          type: string
          enum: [ecr, gar, acr, harbor, quay, nexus, gitlab]
        cron:
          type: string
          description: Cron schedule for recurring scans.
    ScanAccepted:
      type: object
      properties:
        status:
          type: string
          example: accepted
        jobID:
          type: string
    Vulnerability:
      type: object
      properties:
        name:
          type: string
          example: CVE-2024-3094
        severity:
          type: string
          enum: [Negligible, Low, Medium, High, Critical]
        packageName:
          type: string
        packageVersion:
          type: string
        fixedInVersion:
          type: string
        isRelevant:
          type: boolean
          description: Whether the vulnerability is in a component observed in use at runtime.
    RuntimeIncident:
      type: object
      properties:
        guid:
          type: string
        name:
          type: string
        severity:
          type: string
          enum: [Low, Medium, High, Critical]
        cluster:
          type: string
        namespace:
          type: string
        workload:
          type: string
        status:
          type: string
          enum: [Active, FalsePositive, Suspicious]
        creationTime:
          type: string
          format: date-time
    AccessKey:
      type: object
      properties:
        guid:
          type: string
        name:
          type: string
        expirationDate:
          type: string
          format: date-time
    Error:
      type: object
      properties:
        error:
          type: string
        code:
          type: integer