Skip to content
API ReferenceEndpoints

Reports

HarborGuard reports come in two families:

  • Technical reports (/api/reports) — generic posture, executive, SLA, and SBOM reports stored in the reports table.
  • Compliance evidence packs (/api/reports/compliance-pack) — framework-specific bundles stored in the compliance_reports table.

Both kinds expose the same retrieval, sharing, and download endpoints.

Base path: /api/reports

MethodPathMin role
GET/api/reportsviewer
POST/api/reportsdeveloper
GET/api/reports/{reportId}viewer
DELETE/api/reports/{reportId}admin
GET/api/reports/{reportId}/artifactviewer
GET/api/reports/{reportId}/downloadviewer
POST/api/reports/{reportId}/regeneratedeveloper
POST/api/reports/{reportId}/shareadmin
POST/api/reports/compliance-packadmin
GET/api/reports/complianceviewer (any)
GET/api/reports/executiveviewer
GET/api/reports/postureviewer
GET/api/reports/technicalviewer
GET/api/reports/slaviewer
GET/api/reports/sla/entriesviewer
GET
/reports
/reports?sort=createdAt%3Adesc

The Authorization access token

Authorization

X-API-Key<token>

Organization API key (hg_ak_*). Created from Settings → API Keys.

In: header

Authorization
Required
Bearer <token>

Authorization: Bearer hg_ak_... for organization API keys, or Authorization: Bearer hg_pat_... for Personal Access Tokens that impersonate a specific user.

In: header

next-auth.session-token<token>

NextAuth session cookie. Web only — set automatically at sign-in. Not usable for server-to-server.

In: cookie

Query Parameters

pageinteger

Page number (1-indexed)

Default: 1Minimum: 1

limitinteger

Page size (1–200)

Default: 50Minimum: 1Maximum: 200

typestring

Value in: "posture" | "executive" | "sla" | "technical" | "sbom_report"

statusstring

sortstring

Sortable: createdAt, type, status.

curl -X GET "https://harborguard.co/api/reports?page=1&limit=50&type=posture&status=string&sort=createdAt%3Adesc" \
  -H "X-API-Key: <token>"

OK

{
  "data": [
    {
      "id": "string",
      "type": "posture",
      "format": "PDF",
      "status": "QUEUED",
      "scope": "string",
      "frequency": "ONE_TIME",
      "createdAt": "2019-08-24T14:15:22Z",
      "completedAt": "2019-08-24T14:15:22Z",
      "sizeBytes": 0
    }
  ],
  "meta": {
    "page": 1,
    "pageSize": 50,
    "total": 312,
    "totalPages": 7,
    "hasNext": true,
    "hasPrev": true
  },
  "links": {
    "self": "/api/scans?page=1&limit=50",
    "next": "string",
    "prev": "string"
  }
}

POST
/reports
/reports

The Authorization access token

Authorization

X-API-Key<token>

Organization API key (hg_ak_*). Created from Settings → API Keys.

In: header

Authorization
Required
Bearer <token>

Authorization: Bearer hg_ak_... for organization API keys, or Authorization: Bearer hg_pat_... for Personal Access Tokens that impersonate a specific user.

In: header

next-auth.session-token<token>

NextAuth session cookie. Web only — set automatically at sign-in. Not usable for server-to-server.

In: cookie

Request Body

application/jsonRequired

type
Required
string

Value in: "posture" | "executive" | "sla" | "technical" | "sbom_report"

formatstring

Default: "PDF"Value in: "PDF" | "CSV" | "JSON" | "XLSX"

scopestring

Value in: "org" | "registry" | "custom"

tagIdsarray<string>

sectionsarray<string>

frequencystring

Value in: "ONE_TIME" | "DAILY" | "WEEKLY" | "MONTHLY"

scanIdstring

layerIdstring

packageIdstring

curl -X POST "https://harborguard.co/api/reports" \
  -H "X-API-Key: <token>" \
  -H "Content-Type: application/json" \
  -d '{
    "type": "executive",
    "format": "PDF",
    "scope": "org",
    "frequency": "MONTHLY"
  }'

Created

GET
/reports/{reportId}
/reports/{reportId}

The Authorization access token

Authorization

X-API-Key<token>

Organization API key (hg_ak_*). Created from Settings → API Keys.

In: header

Authorization
Required
Bearer <token>

Authorization: Bearer hg_ak_... for organization API keys, or Authorization: Bearer hg_pat_... for Personal Access Tokens that impersonate a specific user.

In: header

next-auth.session-token<token>

NextAuth session cookie. Web only — set automatically at sign-in. Not usable for server-to-server.

In: cookie

Path Parameters

reportId
Required
string

curl -X GET "https://harborguard.co/api/reports/string" \
  -H "X-API-Key: <token>"

OK

{
  "data": {
    "id": "string",
    "type": "posture",
    "format": "PDF",
    "status": "QUEUED",
    "scope": "string",
    "frequency": "ONE_TIME",
    "createdAt": "2019-08-24T14:15:22Z",
    "completedAt": "2019-08-24T14:15:22Z",
    "sizeBytes": 0,
    "intelligence": {}
  }
}

DELETE
/reports/{reportId}
/reports/{reportId}

The Authorization access token

Authorization

X-API-Key<token>

Organization API key (hg_ak_*). Created from Settings → API Keys.

In: header

Authorization
Required
Bearer <token>

Authorization: Bearer hg_ak_... for organization API keys, or Authorization: Bearer hg_pat_... for Personal Access Tokens that impersonate a specific user.

In: header

next-auth.session-token<token>

NextAuth session cookie. Web only — set automatically at sign-in. Not usable for server-to-server.

In: cookie

Path Parameters

reportId
Required
string

curl -X DELETE "https://harborguard.co/api/reports/string" \
  -H "X-API-Key: <token>"

OK

GET
/reports/{reportId}/artifact
/reports/{reportId}/artifact

The Authorization access token

Authorization

X-API-Key<token>

Organization API key (hg_ak_*). Created from Settings → API Keys.

In: header

Authorization
Required
Bearer <token>

Authorization: Bearer hg_ak_... for organization API keys, or Authorization: Bearer hg_pat_... for Personal Access Tokens that impersonate a specific user.

In: header

next-auth.session-token<token>

NextAuth session cookie. Web only — set automatically at sign-in. Not usable for server-to-server.

In: cookie

Path Parameters

reportId
Required
string

curl -X GET "https://harborguard.co/api/reports/string/artifact" \
  -H "X-API-Key: <token>"

OK

{}

GET
/reports/{reportId}/download
/reports/{reportId}/download

The Authorization access token

Authorization

X-API-Key<token>

Organization API key (hg_ak_*). Created from Settings → API Keys.

In: header

Authorization
Required
Bearer <token>

Authorization: Bearer hg_ak_... for organization API keys, or Authorization: Bearer hg_pat_... for Personal Access Tokens that impersonate a specific user.

In: header

next-auth.session-token<token>

NextAuth session cookie. Web only — set automatically at sign-in. Not usable for server-to-server.

In: cookie

Query Parameters

formatstring

Default: "PDF"Value in: "PDF" | "CSV" | "XLSX" | "JSON"

Path Parameters

reportId
Required
string

curl -X GET "https://harborguard.co/api/reports/string/download?format=PDF" \
  -H "X-API-Key: <token>"

OK

{}

POST
/reports/{reportId}/regenerate
/reports/{reportId}/regenerate

The Authorization access token

Authorization

X-API-Key<token>

Organization API key (hg_ak_*). Created from Settings → API Keys.

In: header

Authorization
Required
Bearer <token>

Authorization: Bearer hg_ak_... for organization API keys, or Authorization: Bearer hg_pat_... for Personal Access Tokens that impersonate a specific user.

In: header

next-auth.session-token<token>

NextAuth session cookie. Web only — set automatically at sign-in. Not usable for server-to-server.

In: cookie

Path Parameters

reportId
Required
string

curl -X POST "https://harborguard.co/api/reports/string/regenerate" \
  -H "X-API-Key: <token>"

Created

POST
/reports/{reportId}/share
/reports/{reportId}/share

The Authorization access token

Authorization

X-API-Key<token>

Organization API key (hg_ak_*). Created from Settings → API Keys.

In: header

Authorization
Required
Bearer <token>

Authorization: Bearer hg_ak_... for organization API keys, or Authorization: Bearer hg_pat_... for Personal Access Tokens that impersonate a specific user.

In: header

next-auth.session-token<token>

NextAuth session cookie. Web only — set automatically at sign-in. Not usable for server-to-server.

In: cookie

Request Body

application/jsonOptional

expiresInHoursinteger

Default: 72Minimum: 1Maximum: 720

Path Parameters

reportId
Required
string

curl -X POST "https://harborguard.co/api/reports/string/share" \
  -H "X-API-Key: <token>" \
  -H "Content-Type: application/json" \
  -d '{
    "expiresInHours": 168
  }'

OK

POST
/reports/compliance-pack
/reports/compliance-pack

The Authorization access token

Authorization

X-API-Key<token>

Organization API key (hg_ak_*). Created from Settings → API Keys.

In: header

Authorization
Required
Bearer <token>

Authorization: Bearer hg_ak_... for organization API keys, or Authorization: Bearer hg_pat_... for Personal Access Tokens that impersonate a specific user.

In: header

next-auth.session-token<token>

NextAuth session cookie. Web only — set automatically at sign-in. Not usable for server-to-server.

In: cookie

Request Body

application/jsonRequired

templateId
Required
string

Framework key, e.g. soc2, pci-dss, nist-800-53, hipaa, fedramp, iso-27001, cmmc, cis-docker.

name
Required
string

period
Required
object

scope
Required
object

Registry / org / image filter.

selectedSectionsarray<string>

outputFormatsarray<string>

Default: ["PDF","JSON"]
curl -X POST "https://harborguard.co/api/reports/compliance-pack" \
  -H "X-API-Key: <token>" \
  -H "Content-Type: application/json" \
  -d '{
    "templateId": "string",
    "name": "string",
    "period": {
      "start": "2019-08-24",
      "end": "2019-08-24"
    },
    "scope": {},
    "selectedSections": [
      "string"
    ],
    "outputFormats": [
      "PDF",
      "JSON"
    ]
  }'

Created

GET
/reports/compliance
/reports/compliance

The Authorization access token

Authorization

X-API-Key<token>

Organization API key (hg_ak_*). Created from Settings → API Keys.

In: header

Authorization
Required
Bearer <token>

Authorization: Bearer hg_ak_... for organization API keys, or Authorization: Bearer hg_pat_... for Personal Access Tokens that impersonate a specific user.

In: header

next-auth.session-token<token>

NextAuth session cookie. Web only — set automatically at sign-in. Not usable for server-to-server.

In: cookie

curl -X GET "https://harborguard.co/api/reports/compliance" \
  -H "X-API-Key: <token>"

OK

GET
/reports/executive
/reports/executive

The Authorization access token

Authorization

X-API-Key<token>

Organization API key (hg_ak_*). Created from Settings → API Keys.

In: header

Authorization
Required
Bearer <token>

Authorization: Bearer hg_ak_... for organization API keys, or Authorization: Bearer hg_pat_... for Personal Access Tokens that impersonate a specific user.

In: header

next-auth.session-token<token>

NextAuth session cookie. Web only — set automatically at sign-in. Not usable for server-to-server.

In: cookie

curl -X GET "https://harborguard.co/api/reports/executive" \
  -H "X-API-Key: <token>"

OK

GET
/reports/posture
/reports/posture

The Authorization access token

Authorization

X-API-Key<token>

Organization API key (hg_ak_*). Created from Settings → API Keys.

In: header

Authorization
Required
Bearer <token>

Authorization: Bearer hg_ak_... for organization API keys, or Authorization: Bearer hg_pat_... for Personal Access Tokens that impersonate a specific user.

In: header

next-auth.session-token<token>

NextAuth session cookie. Web only — set automatically at sign-in. Not usable for server-to-server.

In: cookie

curl -X GET "https://harborguard.co/api/reports/posture" \
  -H "X-API-Key: <token>"

OK

GET
/reports/technical
/reports/technical

The Authorization access token

Authorization

X-API-Key<token>

Organization API key (hg_ak_*). Created from Settings → API Keys.

In: header

Authorization
Required
Bearer <token>

Authorization: Bearer hg_ak_... for organization API keys, or Authorization: Bearer hg_pat_... for Personal Access Tokens that impersonate a specific user.

In: header

next-auth.session-token<token>

NextAuth session cookie. Web only — set automatically at sign-in. Not usable for server-to-server.

In: cookie

curl -X GET "https://harborguard.co/api/reports/technical" \
  -H "X-API-Key: <token>"

OK

GET
/reports/sla
/reports/sla

The Authorization access token

Authorization

X-API-Key<token>

Organization API key (hg_ak_*). Created from Settings → API Keys.

In: header

Authorization
Required
Bearer <token>

Authorization: Bearer hg_ak_... for organization API keys, or Authorization: Bearer hg_pat_... for Personal Access Tokens that impersonate a specific user.

In: header

next-auth.session-token<token>

NextAuth session cookie. Web only — set automatically at sign-in. Not usable for server-to-server.

In: cookie

curl -X GET "https://harborguard.co/api/reports/sla" \
  -H "X-API-Key: <token>"

OK

GET
/reports/sla/entries
/reports/sla/entries

The Authorization access token

Authorization

X-API-Key<token>

Organization API key (hg_ak_*). Created from Settings → API Keys.

In: header

Authorization
Required
Bearer <token>

Authorization: Bearer hg_ak_... for organization API keys, or Authorization: Bearer hg_pat_... for Personal Access Tokens that impersonate a specific user.

In: header

next-auth.session-token<token>

NextAuth session cookie. Web only — set automatically at sign-in. Not usable for server-to-server.

In: cookie

curl -X GET "https://harborguard.co/api/reports/sla/entries" \
  -H "X-API-Key: <token>"

OK

Previous

Vulnerabilities

Next

Trust & Security