# API

The API integration allows external systems to retrieve findings, incidents, and other security events generated by the Inopli platform. This enables seamless integration with third-party systems such as SIEMs, dashboards, GRC platforms, or custom automation workflows.

Access to the API is **read-only** and secured through a private token provided by the platform. No configuration is required on the user’s side.

***

#### How It Works

Each company receives a **private API token** generated by the Inopli platform. This token is scoped to the organization and must be included in the `Authorization` header of all API requests.

The API provides structured, RESTful endpoints for accessing:

* Confirmed findings
* Incident records
* VIP exposure data
* Asset and profile information

All requests return data in JSON format, and the platform logs all access attempts for security and auditing purposes.

***

#### Access Details

* **Token Delivery**: The token is issued by the Diazero Technologies team and delivered securely to the company
* **Rate Limiting**: Access is rate-limited per company
* **Expiration**: Tokens do not expire by default but can be manually rotated by the platform administrator upon request

> 📌 **Security Note**: This token provides access to sensitive organizational data. It must be stored securely and treated as a credential.

***

#### Example Use Cases

* Pull all true positive findings in the last 48 hours for correlation in a SIEM
* Retrieve open incidents to auto-create tickets in an ITSM platform
* Export VIP-related alerts into a GRC system for continuous risk monitoring