API Reference

The IdentityOps REST API uses session-based authentication for browser access and API key authentication for programmatic access. All endpoints return JSON.

API keys: EnterpriseSession access: All plans

Read-only enforced by Microsoft Graph. No write scopes. No background agents.

Authentication

Session: Browser requests use HTTP-only session cookies (automatic).

API Key: Include your key in the Authorization header: Bearer idops_xxx

Rate limits: FREE 20/min · Starter 100/min · Pro 500/min · Enterprise 2,000/min

Scans

Used by: App Governance · License Optimization · Risk Scoring Engine

POST/api/scanStart a new tenant scan

Session

GET/api/scansList scan history

Session

GET/api/scans/[id]Get scan detail with findings

Session

Apps & Credentials

Used by: App Governance · Risk Scoring Engine

GET/api/appsList all apps from the latest scan

Session

GET/api/apps/[id]Get app detail with credentials

Session

POST/api/apps/[id]/acknowledgeAcknowledge a risk finding

RISK_ACKNOWLEDGEMENTSession

Groups & Enterprise Apps

Used by: Group Governance

GET/api/groupsList Entra groups

GROUPS_ENTERPRISE_APPSSession

GET/api/enterprise-appsList enterprise applications

GROUPS_ENTERPRISE_APPSSession

Licenses

Used by: License Governance · Cost Optimization

GET/api/licensesList license assignments

Session

GET/api/licenses/wasteGet license waste analysis

Session

Devices

Used by: Device Management · Compliance Monitoring

GET/api/devicesList managed devices

DEVICE_POSTURESession

Alerts

Used by: Activity & Alerts

GET/api/alert-subscriptionsList alert subscriptions

Session

POST/api/alert-subscriptionsCreate an alert subscription

Session

DELETE/api/alert-subscriptions/[id]Delete an alert subscription

Session

Team & Invites

Used by: Settings

GET/api/teamList team members

Session

GET/api/team/invitesList pending invites

Session

POST/api/team/invitesCreate a single invite

Session

POST/api/team/invites/bulkBulk invite up to 50 users

Session

Billing

Used by: Subscription Management

GET/api/billingGet current plan and billing info

Session

POST/api/billing/subscribeStart a checkout session

Session

POST/api/billing/downgradeSchedule a plan downgrade

Session

GET/api/usageGet usage metrics and limits

Session

Integrations

Used by: Webhooks · External Automation

GET/api/api-keysList API keys

API_KEYSSession

POST/api/api-keysCreate an API key

API_KEYSSession

DELETE/api/api-keys/[id]Revoke an API key

API_KEYSSession

GET/api/webhooksList webhook endpoints

WEBHOOKSSession

POST/api/webhooksCreate a webhook endpoint

WEBHOOKSSession

GET/api/chat-integrationsList Slack/Teams integrations

WEBHOOKSSession

POST/api/chat-integrationsAdd a Slack/Teams integration

WEBHOOKSSession

Data Export

Used by: Compliance Reporting · GDPR

POST/api/export/fullRequest a full GDPR data export

Session

GET/api/export/fullCheck export status or download

Session

GET/api/export/schedulesList scheduled exports

TENANT_INTELLIGENCESession

POST/api/export/schedulesCreate a scheduled export

TENANT_INTELLIGENCESession

Notifications

Used by: Alert Preferences

GET/api/notification-preferencesGet notification preferences

Session

PUT/api/notification-preferencesUpdate a notification preference

Session

Public

Used by: Status Page · Changelog

GET/api/statusSystem health and active incidents

Public

GET/api/changelogPublished changelog entries

Public

Error Responses

All errors return a consistent JSON envelope:

{
  "error": {
    "code": "FEATURE_NOT_AVAILABLE",
    "message": "This feature is available on the Pro plan.",
    "requestId": "req_abc123",
    "details": { "feature": "WEBHOOKS", "currentPlan": "STARTER" }
  }
}

Common codes: UNAUTHENTICATED (401), UNAUTHORIZED (403), VALIDATION_ERROR (400), FEATURE_NOT_AVAILABLE (403), RATE_LIMITED (429), NOT_FOUND (404), INTERNAL_ERROR (500)