Skip to content
monsys.ai

REST API

Base URL: https://api.monsys.ai/api/v1. Authentication:

  • Agents: Authorization: Bearer <agent-token>
  • Dashboard / CLI: signed session cookie or API-key

Agent endpoints

MethodPathPurpose
POST/ingestBatch metrics/heartbeat/inventory/alerts. Required X-Monsys-Signature when signing_pubkey is pinned — see Agent payload signing
POST/agents/registerIdempotent agent registration + TOFU-pin of signing_pubkey
POST/agents/:id/heartbeatLive status
GET/ws/agents/:idWebSocket for emergency-token push + console RPC

Dashboard endpoints

Agents & telemetry

MethodPath
GET/agents
GET/agents/:id
GET/agents/:id/metrics?from&to&interval
GET/agents/:id/inventory
GET/agents/:id/processes
DELETE/agents/:id
GET/alerts
PATCH/alerts/:id/resolve

Asset Intelligence (Session 12)

MethodPath
GET/agents/:id/governance
PUT/agents/:id/governance
GET/agents/:id/inventory/containers
GET/agents/:id/inventory/systemd
GET/agents/:id/inventory/users
GET/agents/:id/inventory/sudo
GET/agents/:id/inventory/ssh-keys
GET/agents/:id/inventory/backups
GET/compliance?framework=&agent_id=&status=
POST/compliance/run
GET/compliance/export/:tool (trustos/vanta/cyberday/generic)

Cloud Asset Discovery

MethodPath
GET/cloud/accounts
POST/cloud/accounts (live credential validation)
DELETE/cloud/accounts/:id
POST/cloud/accounts/:id/discover (trigger direct run)
GET/cloud/resources?account_id=&type=&has_agent=&is_public=
GET/cloud/resources/:id
GET/cloud/resources/:id/install (agent install commands)
GET/cloud/summary
GET/cloud/findings?severity=&status=
GET/cloud/runs?account_id=

Supported providers: aws, azure, gcp, hetzner, proxmox, digitalocean, scaleway, ovh, ionos. Requires CLOUD_ENCRYPTION_KEY (32 bytes hex) on the hub for at-rest credential encryption.

Topology & diagrams

MethodPath
GET/topology/nodes · POST · PATCH /:id · DELETE /:id
GET/topology/edges · POST · DELETE /:id
GET/topology/zones · POST
GET/topology/detected[?unmatched=1]
POST/topology/detected/:id/promote
GET/topology/snapshots · POST
GET/topology/export/mermaid
GET/diagrams · POST /generate · GET /templates
POST/diagrams/from-template/:id
GET/diagrams/:id · PUT · DELETE
POST/diagrams/:id/share · unshare
GET/diagrams/share/:token (public, no auth)

Audit-grade hardening

MethodPath
POST/agents/:id/rotate-token (admin/owner)
POST/agents/:id/rotate-signing-key (admin/owner)
GET/integrity-anomalies?include_resolved=0|1
PATCH/integrity-anomalies/:id/resolve

Emergency console (Session 6b)

MethodPath
POST/agents/:id/console/start (admin/owner + TOTP)
GET/console/sessions
GET/console/sessions/:id/recording (asciicast v2)
DELETE/console/sessions/:id (admin terminate)
GET/ws/console/:session_id (browser → hub WebSocket)

Auth / session

MethodPath
POST/auth/login
POST/auth/totp/challenge
POST/auth/totp/setup / /verify / /disable
POST/auth/forgot-password · /reset-password
POST/auth/accept-invite · /invitations

Miscellaneous

MethodPath
POST/agents/:id/emergency
GET/blast-radius/:id
GET/inventory/cves
GET/ai/explain?log=…&agent_id=…&lang=en
GET/security (honeypots / DNA / silent agents)
GET/webhooks · POST · DELETE

Health & metrics

GET /api/v1/health{ "status": "ok" } GET /metrics → Prometheus exposition.

Rate limits

EndpointLimit
/ingest60 / minute / agent
/agents/:id/emergency5 / hour / user
/agents/:id/console/start5 / hour / user
/agents/:id/rotate-token10 / hour / user
/agents/:id/rotate-signing-key10 / hour / user
/auth/login10 / minute / IP
/auth/forgot-password5 / hour / IP
/auth/totp/challenge10 / minute / IP
/compliance/run10 / hour / user
/invitations POST20 / hour / tenant
Other user-endpoints1000 / minute / IP

Audit log

Every security-sensitive action writes a row to audit_log. Events that you can expect in an audit:

event_typeTrigger
agent_token_rotatedPOST /agents/:id/rotate-token
agent_signing_key_clearedPOST /agents/:id/rotate-signing-key
console_session_started / _ended / _terminated_by_adminEmergency console
agent_version_seenIntegrityCheckWorker checkpoint