Vulnerability Management

One single API to push and pull data from multiple connectors.

API Versionv1.0.0

Introduction

Welcome to the Vulnerability Management API.

You can use this API to access all Vulnerability Management API endpoints across multiple source code platforms through a single, unified interface.

Base URL

The base URL for all API requests is:

https://api.unizo.ai/api/v1

Headers

Custom headers that are expected as part of the request. Note that RFC7230 states header names are case insensitive.

Name	Type	Required	Description
`apiKey`	String	Yes	Your Unizo API key for authentication. Available at https://app.unizo.ai/console/api-key
`integrationId`	String	Yes	The ID of the integration instance. This identifies which connected service to use for the request
`x-unizo-raw`	Boolean	No	Include raw response from the underlying service. Mostly used for debugging purposes

Authentication

To access our API, you need to sign up and obtain your unique API key. Each Unizo application is assigned API keys that can be found in the API Keys section of your Unizo console.

Authenticate your API requests by including your API key in the request header:

API Key header: apiKey: "YOUR_API_KEY_HERE"
Integration ID header: integrationId: "YOUR_INTEGRATION_ID_HERE"

Security Best Practice

Do not share or include your API keys in client-side code. Your API keys carry significant privileges. Please ensure to keep them 100% secure and never share your API keys in publicly accessible areas like GitHub.

Learn how to set the Authorization header inside Postman

Go to Unizo Console to manage your API keys.

Pagination

All API resources support bulk retrieval via list APIs. Unizo uses offset-based pagination via the optional offset and limit parameters.

Query Parameters

Name	Type	Required	Description
`offset`	Integer	No	The number of records to skip before starting to collect the result set. Used for pagination. Possible values: >= 0
`limit`	Integer	No	The number of records to return

Response Body

The pagination information is returned in the pagination object:

Name	Type	Description
`pagination.total`	Integer	Total number of records available
`pagination.limit`	Integer	The limit value used in the request
`pagination.offset`	Integer	The offset value used in the request
`pagination.previous`	Integer	The offset value for the previous page (0 if no previous page)
`pagination.next`	Integer	The offset value for the next page (0 if no next page)

Example response:

{
  "pagination": {
    "total": 100,
    "limit": 20,
    "offset": 40,
    "previous": 20,
    "next": 60
  },
  "data": [
    // Array of records
  ]
}

SDKs and API Clients

We currently offer SDKs for:

Node.js - Full TypeScript support with async/await
Python - Type hints and asyncio support
Go - Idiomatic Go with context support
Java - Compatible with Java 8+

Need another SDK? Contact our team to request the SDK of your choice.

Debugging

Due to the abstraction layer in Unizo's Unified API, we provide the option to receive raw requests and responses from the underlying services. By including the query parameter nativeResponse=true in your requests, you can receive the full raw response from the underlying service provider. Please note that using native responses increases the response size and can introduce extra latency as the raw data is not optimized.

Example:

GET https://api.unizo.ai/api/v1/scm/repositories?nativeResponse=true

Enterprise Feature

The native response capability is available exclusively for Enterprise and Launch customer subscriptions. Contact our sales team to upgrade your plan.

Error Handling

The API returns standard HTTP response codes to indicate success or failure of API requests. For errors, we also return a customized error message inside the JSON response.

HTTP Status Codes

Code	Title	Description
`200`	OK	The request was successfully processed
`201`	Created	The request resulted in one or more new resources being created
`204`	No Content	The request was successful with no content to return
`400`	Bad Request	The request cannot be processed due to malformed syntax
`401`	Unauthorized	The request lacks valid authentication credentials
`403`	Forbidden	You do not have the appropriate permissions
`404`	Not Found	The requested resource was not found
`409`	Conflict	The request conflicts with the current state of the resource
`422`	Unprocessable Entity	The request syntax is correct but contains invalid data
`429`	Too Many Requests	Rate limit exceeded. Try again later
`5xx`	Server Errors	Something went wrong with the Unizo API

Error Response Schema

All error responses follow a consistent JSON structure:

{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "details": "string"
    }
  ]
}

Field	Type	Description
`code`	String	A machine-readable error code identifying the type of error
`message`	String	A human-readable message describing the error
`details`	String	Additional context or information about the error (optional)

Error Types

ValidationError
Request is not valid for the current endpoint. Check the spelling and types of your attributes.

UnsupportedFiltersError
Filters in the request are valid but not supported by the connector.

InvalidCursorError
Pagination cursor in the request is not valid for the current connector.

ConnectorExecutionError
A request to the underlying service returned an unexpected error.

UnauthorizedError
Unable to authorize the request. Verify your API key is set correctly.

ConnectorRateLimitError
Too many requests sent to a connector. Rate limits vary by service.

IntegrationNotFoundError
The requested integration could not be found for your account.

API Design

REST API

The API is organized around REST, providing simple and predictable URIs to access and modify objects. Requests support standard HTTP methods like GET, PUT, POST, PATCH, and DELETE. JSON is returned by all API responses, including errors.

All API requests must:

Set the Content-Type header to application/json
Be made over HTTPS

Schema

All API requests and response bodies adhere to a common JSON format representing individual items, collections of items, links to related items, and additional metadata.

Field Types

Dates
All dates are represented in UTC (ISO8601 format): 2024-01-15T00:55:31.820Z

Identifiers
All resource identifiers are strings to ensure compatibility across different platforms.

Support

If you need help with your integration, you can:

Visit our documentation
Contact our support team
Join our developer community

Data Security

Unizo is in pursuit of SOC 2 Type II compliance and implements industry-standard security practices.

Next Steps

Ready to unify your vulnerability management integrations? Explore our comprehensive documentation to understand implementation patterns, best practices, and platform-specific considerations.

Get Started

View API Reference - Detailed endpoint documentation
Browse Connectors - See all supported vulnerability management platforms
Authentication Guide - Set up API access
Webhook Setup - Configure vulnerability event notifications

Ready to Build?

Start Your Free Trial - Experience Unizo's vulnerability management capabilities with no commitment

Schedule a Demo - See how Unizo can transform your vulnerability management program

Introduction​

Base URL​

Headers​

Authentication​

Pagination​

Query Parameters​

Response Body​

SDKs and API Clients​

Debugging​

Error Handling​

HTTP Status Codes​

Error Response Schema​

Error Types​

API Design​

REST API​

Schema​

Field Types​

Support​

Data Security​

Next Steps​