Secrets & Data API

Query secrets and PII findings via the Nullify API

Base URL

https://api.<TENANT>.nullify.ai

Events

Stream events for new secrets, suppressions, and rotations:

Get Secret Events

get

Returns events after a specified timestamp or event ID. All events are returned if no timestamp or event ID is provided

Query parameters

nextTokenstring · nullableOptional

limitinteger · nullableOptional

branchstring · nullableOptional

fromTimestring · nullableOptional

numItemsinteger · nullableOptional

eventTypestring[]Optional

fileOwnerNamestring[]Optional

sortstring · nullableOptional

azureOrganizationIdstringOptional

The Azure organization ID

bitbucketWorkspaceIdstringOptional

The Bitbucket workspace ID

githubOwnerIdinteger · int64Optional

The Github owner ID

gitlabGroupIdinteger · int64Optional

The GitLab group ID

installationIdstringOptional

The Nullify installation ID

azureRepositoryIdstring[]Optional

githubRepositoryIdinteger · int64[]Optional

githubTeamIdinteger · int64Optional

bitbucketRepositoryIdstring[]Optional

Responses

200

application/json

400

Bad Request

application/json

403

Forbidden

application/json

500

Internal Server Error

application/json

get

/secrets/events

GET /secrets/events HTTP/1.1
Accept: */*

{
  "events": [
    {
      "data": null,
      "id": "text",
      "time": "text",
      "timestampUnix": 1,
      "type": "account-scan-completed"
    }
  ],
  "nextToken": "text",
  "numItems": 1,
  "version": "text"
}

curl -s \
  -H "Accept: application/json" \
  -H "Authorization: Bearer <TOKEN>" \
  'https://api.<TENANT>.nullify.ai/secrets/events?githubOwnerId=1234'

List Findings

Enumerate active secret or PII findings for a repository or tenant:

Get Secrets Findings

get

Returns a filtered set of Secrets findings based on query parameters. One unique secret hash per repository.

Query parameters

nextTokenstring · nullableOptional

limitinteger · nullableOptional

branchstring · nullableOptional

secretTypestring · nullableOptional

fileOwnerNamestring[]Optional

isResolvedboolean · nullableOptional

isAllowlistedboolean · nullableOptional

isFalsePositiveboolean · nullableOptional

sortBystring · nullableOptional

sortstring · nullableOptional

azureOrganizationIdstringOptional

The Azure organization ID

bitbucketWorkspaceIdstringOptional

The Bitbucket workspace ID

githubOwnerIdinteger · int64Optional

The Github owner ID

gitlabGroupIdinteger · int64Optional

The GitLab group ID

installationIdstringOptional

The Nullify installation ID

azureRepositoryIdstring[]Optional

githubRepositoryIdinteger · int64[]Optional

githubTeamIdinteger · int64Optional

bitbucketRepositoryIdstring[]Optional

Responses

200

application/json

400

Bad Request

application/json

403

Forbidden

application/json

500

Internal Server Error

application/json

get

/secrets/findings

GET /secrets/findings HTTP/1.1
Accept: */*

{
  "findings": [
    {
      "aiDevTitle": "text",
      "aiTitle": "text",
      "allowlistReason": "text",
      "allowlistType": "AI",
      "author": "text",
      "branch": "text",
      "commit": "text",
      "createdAt": "text",
      "endLine": 1,
      "entropy": 1,
      "fileOwners": [
        {
          "name": "text",
          "type": "email"
        }
      ],
      "filePath": "text",
      "id": "text",
      "installationId": "text",
      "isAllowlisted": true,
      "isArchived": true,
      "isDefaultBranch": true,
      "isFalsePositive": true,
      "isResolved": true,
      "match": "text",
      "owner": "text",
      "ownerType": "text",
      "priorityLabel": "text",
      "priorityOverride": "text",
      "priorityScore": 1,
      "projectId": "text",
      "projectName": "text",
      "redactedSecret": "text",
      "repository": "text",
      "repositoryId": "text",
      "repositoryName": "text",
      "ruleId": "text",
      "scopes": [
        "text"
      ],
      "secretHash": "text",
      "secretType": "text",
      "startLine": 1,
      "tenantId": "text",
      "ticket": {
        "azure": {},
        "github": {
          "issueId": 1,
          "nodeId": "text",
          "number": 1,
          "repositoryName": "text",
          "url": "text"
        },
        "gitlab": {},
        "jira": {
          "issueId": "text",
          "issueKey": "text",
          "url": "text"
        },
        "linear": {
          "issueId": "text",
          "teamId": "text",
          "url": "text"
        },
        "providerId": "Nullify"
      },
      "timeStamp": "text",
      "timestampUnix": 1,
      "triageEnd": "2026-02-13T15:33:46.183Z",
      "triageStart": "2026-02-13T15:33:46.183Z",
      "updatedAt": "text"
    }
  ],
  "nextToken": "text",
  "numItems": 1,
  "version": "text"
}

curl -s \
  -H "Accept: application/json" \
  -H "Authorization: Bearer <TOKEN>" \
  'https://api.<TENANT>.nullify.ai/secrets/findings?githubOwnerId=1234&secretType=aws_access_key'

Get a Finding

Fetch full details, including detector type, remediation guidance, and history:

Get Finding

get

Returns a given finding

Path parameters

findingIdstringRequired

Query parameters

azureOrganizationIdstringOptional

The Azure organization ID

bitbucketWorkspaceIdstringOptional

The Bitbucket workspace ID

githubOwnerIdinteger · int64Optional

The Github owner ID

gitlabGroupIdinteger · int64Optional

The GitLab group ID

installationIdstringOptional

The Nullify installation ID

azureRepositoryIdstring[]Optional

githubRepositoryIdinteger · int64[]Optional

githubTeamIdinteger · int64Optional

bitbucketRepositoryIdstring[]Optional

Responses

200

application/json

400

Bad Request

application/json

403

Forbidden

application/json

404

Not Found

application/json

500

Internal Server Error

application/json

get

/secrets/findings/{findingId}

GET /secrets/findings/{findingId} HTTP/1.1
Accept: */*

{
  "finding": {
    "aiDevTitle": "text",
    "aiTitle": "text",
    "allowlistReason": "text",
    "allowlistType": "AI",
    "author": "text",
    "branch": "text",
    "commit": "text",
    "createdAt": "text",
    "description": "text",
    "devDescription": "text",
    "endColumn": 1,
    "endLine": 1,
    "entropy": 1,
    "exploitabilityConfidence": "text",
    "exploitabilityLabel": "text",
    "failedTriage": true,
    "falsePositiveReason": "text",
    "fileOwners": [
      {
        "name": "text",
        "type": "email"
      }
    ],
    "filePath": "text",
    "id": "text",
    "impactConfidence": "text",
    "impactLabel": "text",
    "installationId": "text",
    "isAllowlisted": true,
    "isArchived": true,
    "isDefaultBranch": true,
    "isDuplicate": true,
    "isFalsePositive": true,
    "isResolved": true,
    "match": "text",
    "owner": "text",
    "ownerType": "text",
    "platform": "text",
    "priorityLabel": "text",
    "priorityLabelReason": "text",
    "priorityOverride": "text",
    "priorityScore": 1,
    "projectId": "text",
    "projectName": "text",
    "redactedSecret": "text",
    "repository": "text",
    "repositoryId": "text",
    "repositoryName": "text",
    "ruleId": "text",
    "scanner": "text",
    "scopes": [
      "text"
    ],
    "secretHash": "text",
    "secretType": "text",
    "secretValue": "text",
    "severityConfidence": "text",
    "severityLabel": "text",
    "severityOverride": "text",
    "severityScore": 1,
    "startColumn": 1,
    "startLine": 1,
    "tenantId": "text",
    "ticket": {
      "azure": {},
      "github": {
        "issueId": 1,
        "nodeId": "text",
        "number": 1,
        "repositoryName": "text",
        "url": "text"
      },
      "gitlab": {},
      "jira": {
        "issueId": "text",
        "issueKey": "text",
        "url": "text"
      },
      "linear": {
        "issueId": "text",
        "teamId": "text",
        "url": "text"
      },
      "providerId": "Nullify"
    },
    "timeStamp": "text",
    "timestampUnix": 1,
    "triageAgentVersion": "text",
    "triageDurationSeconds": 1,
    "triageEnd": "2026-02-13T15:33:46.183Z",
    "triageLangfuseSessionId": "text",
    "triageLangfuseTraceId": "text",
    "triageLlmCostUsd": 1,
    "triageStart": "2026-02-13T15:33:46.183Z",
    "triageTokenCount": 1,
    "triageTraceId": "text",
    "updatedAt": "text",
    "userId": "text",
    "userNotes": "text",
    "verified": true,
    "verifiedAt": "text"
  },
  "presignedUrl": "text",
  "version": "text"
}

curl -s \
  -H "Accept: application/json" \
  -H "Authorization: Bearer <TOKEN>" \
  'https://api.<TENANT>.nullify.ai/secrets/findings/01J6EEXK3NKYKWW9XTPQYAF41N?githubOwnerId=1234'

Allowlist a Finding

Suppress an individual secret or data alert with an audit trail:

Allowlist Finding

post

Allowlist a secret

Path parameters

findingIdstringRequired

Query parameters

azureOrganizationIdstringOptional

The Azure organization ID

bitbucketWorkspaceIdstringOptional

The Bitbucket workspace ID

githubOwnerIdinteger · int64Optional

The Github owner ID

gitlabGroupIdinteger · int64Optional

The GitLab group ID

installationIdstringOptional

The Nullify installation ID

azureRepositoryIdstring[]Optional

githubRepositoryIdinteger · int64[]Optional

githubTeamIdinteger · int64Optional

bitbucketRepositoryIdstring[]Optional

Body

allowlistReasonstringRequired

The reason for allowlisting the finding

allowlistTypestring · enumRequiredPossible values:

Responses

204

No Content

400

Bad Request

application/json

403

Forbidden

application/json

404

Not Found

application/json

500

Internal Server Error

application/json

post

/secrets/findings/{findingId}/allowlist

POST /secrets/findings/{findingId}/allowlist HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 47

{
  "allowlistReason": "text",
  "allowlistType": "AI"
}

No content

curl -s -X POST \
  -H "Accept: application/json" \
  -H "Authorization: Bearer <TOKEN>" \
  -H "Content-Type: application/json" \
  -d '{"reason": "Credential rotated"}' \
  'https://api.<TENANT>.nullify.ai/secrets/findings/01J6EEXK3NKYKWW9XTPQYAF41N/allowlist?githubOwnerId=1234'

Finding Events

Retrieve the decision history for a specific secret or data alert:

Get Finding Events

get

Returns a list of events for a given finding.

Path parameters

findingIdstringRequired

Query parameters

azureOrganizationIdstringOptional

The Azure organization ID

bitbucketWorkspaceIdstringOptional

The Bitbucket workspace ID

githubOwnerIdinteger · int64Optional

The Github owner ID

gitlabGroupIdinteger · int64Optional

The GitLab group ID

installationIdstringOptional

The Nullify installation ID

azureRepositoryIdstring[]Optional

githubRepositoryIdinteger · int64[]Optional

githubTeamIdinteger · int64Optional

bitbucketRepositoryIdstring[]Optional

Responses

200

application/json

400

Bad Request

application/json

403

Forbidden

application/json

500

Internal Server Error

application/json

get

/secrets/findings/{findingId}/events

GET /secrets/findings/{findingId}/events HTTP/1.1
Accept: */*

{
  "events": [
    {
      "data": null,
      "id": "text",
      "time": "text",
      "timestampUnix": 1,
      "type": "account-scan-completed"
    }
  ],
  "numItems": 1,
  "version": "text"
}

curl -s \
  -H "Accept: application/json" \
  -H "Authorization: Bearer <TOKEN>" \
  'https://api.<TENANT>.nullify.ai/secrets/findings/01J6EEXK3NKYKWW9XTPQYAF41N/events?githubOwnerId=1234'

PreviousDependency Analysis API NextPentester API

Last updated 3 months ago

hashtagBase URL

hashtagEvents

hashtagGet Secret Events

hashtagList Findings

hashtagGet Secrets Findings

hashtagGet a Finding

hashtagGet Finding

hashtagAllowlist a Finding

hashtagAllowlist Finding

hashtagFinding Events

hashtagGet Finding Events

Base URL

Events

Get Secret Events

List Findings

Get Secrets Findings

Get a Finding

Get Finding

Allowlist a Finding

Allowlist Finding

Finding Events

Get Finding Events