Skip to content
Xferity

API Reference

API Reference

Section titled “API Reference”

The Xferity HTTP API is an operator-facing control surface used by the Web UI and by administrative integrations.

It is not a public file-upload API for external senders. It is the authenticated API used to inspect state, manage crypto Assets, review posture, and trigger selected operational actions.

What the API covers

Section titled “What the API covers”

The API exposes groups for:

  • flows and flow execution
  • runs, jobs, and logs
  • partners and Partner Crypto Policy views
  • Certificates and PGP Keys
  • security posture and suppressions
  • secrets metadata
  • AS2 message records
  • users, sessions, and profile operations in supported deployments

Common API uses

Section titled “Common API uses”
  • list flows
  • trigger a run
  • inspect recent run history
  • query audit data for a file
  • review Partner Crypto Policy
  • inspect Flow Crypto Requirements
  • review Posture Findings and suppressions
  • manage Certificate and PGP Key inventory

Audience

Section titled “Audience”

This API is intended for:

  • operators
  • platform engineers
  • DevOps teams
  • integration engineers working with the Xferity control plane

Access model

Section titled “Access model”

Depending on deployment, API access may use static token protection or session-backed authenticated operator access.

Authentication and roles

Section titled “Authentication and roles”

Role expectations are broadly:

  • Viewer for read-oriented APIs such as flows, partners, runs, and audit queries
  • Operator for selected execution actions
  • Admin for posture, suppressions, settings mutation, Certificate and PGP Key management, and similar control-plane operations

Error model

Section titled “Error model”

Most API errors are returned as JSON using this shape:

{ "error": "message" }

High-value endpoint groups

Section titled “High-value endpoint groups”

Security posture and suppressions

Section titled “Security posture and suppressions”

Important posture-related endpoints include:

  • GET /api/security/posture
  • GET /api/security/suppressions
  • POST /api/security/suppressions
  • DELETE /api/security/suppressions/{id}

These endpoints are central to the Xferity control plane because they expose Posture Findings, Active Findings, and suppression behavior.

Certificate endpoints

Section titled “Certificate endpoints”

Important Certificate endpoints include:

  • GET /api/certificates
  • GET /api/certificates/{id}

PGP Key endpoints

Section titled “PGP Key endpoints”

Important PGP Key endpoints include:

  • GET /api/pgp-keys
  • GET /api/pgp-keys/{id}
  • GET /api/pgp-keys/{id}/export

Partner crypto endpoints

Section titled “Partner crypto endpoints”

Important partner crypto endpoints include:

  • GET /api/partners/{id}/crypto/policy
  • GET /api/partners/{id}/crypto/health

These expose the product’s Partner Crypto Policy views and partner-facing crypto validation results.

Backend note

Section titled “Backend note”

Some API features depend on backend capabilities. For example, posture snapshots, suppressions, richer auth state, and parts of the crypto inventory model depend on the Postgres backend.

When implementation and documentation disagree, implementation is authoritative.

Section titled “Related pages”