API Reference

The Ephor API is a REST API served under the base path /api/v1.

Interactive Documentation

The canonical API reference is the Swagger UI served by the application:

URL	Description
/api/v1/swagger-ui/index.html	Interactive Swagger UI
/api/v1/api-docs	Raw OpenAPI specification (JSON)

Swagger UI is enabled when the local Spring profile is active (default in development). In production, enable it via springdoc.api-docs.enabled=true and springdoc.swagger-ui.enabled=true.

Endpoints Overview

Authentication

Method	Path	Description
GET	/auth/me	Current user identity, groups, and permissions
GET	/auth/status	Authentication status
GET	/auth/config	Client-facing auth config (login/logout URLs, provider)
GET	/auth/logout	Logout URL

Vulnerabilities

Method	Path	Description
GET	/vulnerabilities	List findings with filtering and pagination
GET	/vulnerabilities/{id}	Get a single vulnerability
PUT	/vulnerabilities/{id}	Update a vulnerability record

Escalations

Method	Path	Description
GET	/escalations	List escalations
POST	/escalations	Create an escalation
GET	/escalations/{id}	Get a single escalation
PUT	/escalations/{id}	Update an escalation

Triage

Method	Path	Description
GET	/triage	List triage records
POST	/triage	Create a triage entry
PUT	/triage/{id}	Update a triage entry
GET	/triage/{id}/comments	List comments
POST	/triage/{id}/comments	Add a comment

Remediations

Method	Path	Description
GET	/remediations	List remediation records
POST	/remediations	Create a remediation
GET	/remediations/{id}	Get a single remediation
PUT	/remediations/{id}	Update a remediation

Scan Ingestion

Method	Path	Description
POST	/scans/ingest	Ingest a vulnerability scan report

Authentication

All endpoints except /auth/status and /auth/config require a valid authenticated session. Requests without proper identity headers receive a 401 Unauthorized response.

Detailed Reference

For full request/response schemas, query parameters, and error codes, use the interactive Swagger UI or download the OpenAPI spec from /api/v1/api-docs.