API Reference Overview

The Slim.io REST API enables programmatic access to connectors, scans, findings, and governance features. All endpoints are JSON-based and require authentication via Firebase JWT tokens.

Base URLs

All API paths referenced in this documentation are relative to the base URL. For example, GET /connectors means GET https://api.slim.io/api/v1/connectors.

Versioning

The API is versioned via URL path. The current version is v1. When breaking changes are introduced, a new version (v2) will be released with a migration period.

Request Format

• Content-Type: application/json for all request bodies
• Authorization: Bearer <firebase-jwt-token> header on all requests
• YAML Bodies: Policy and classifier endpoints also accept application/yaml content type

Response Format

All responses follow a consistent envelope:

{
  "status": "success",
  "data": { ... },
  "metadata": {
    "request_id": "req-abc123",
    "timestamp": "2024-03-15T14:30:00Z"
  }
}

Error Responses

{
  "status": "error",
  "error": {
    "code": "CONNECTOR_NOT_FOUND",
    "message": "No connector found with ID 'conn-xyz'",
    "details": {}
  },
  "metadata": {
    "request_id": "req-abc456",
    "timestamp": "2024-03-15T14:30:00Z"
  }
}

Common HTTP Status Codes

Pagination

List endpoints support cursor-based pagination:

GET /api/v1/connectors?limit=20&cursor=eyJsYXN0X2lkIjoiY29ubi0xMjMifQ

Response includes a next_cursor field when more results are available:

{
  "status": "success",
  "data": [ ... ],
  "pagination": {
    "limit": 20,
    "next_cursor": "eyJsYXN0X2lkIjoiY29ubi0xNDMifQ",
    "has_more": true
  }
}

API Sections

• Authentication — JWT tokens, authorization headers, token refresh
• Connectors API — CRUD operations for cloud storage connectors
• Scans API — Trigger scans, monitor progress, retrieve results
• Governance API — Policies, drift events, risk scores
• Rate Limits — Per-tenant rate limiting and throttling