Platform Runtime Detection SBOM & SCA Container Scanning Supply Chain Solutions Fintech Engineering SaaS Engineering Regulated SaaS Integrations Pricing Docs Blog
Sign in Start Free Trial

API Reference

The Runtimekindle REST API lets you retrieve events, export SBOMs, manage policies, and configure webhooks programmatically. Base URL: https://api.runtimekindle.com/v1

Authentication

All API requests require a Bearer token in the Authorization header:

Authorization: Bearer YOUR_API_KEY

API keys are scoped per environment (production / staging) and can be rotated from your account settings. Requests without a valid key return 401 Unauthorized.

Events

GET
/events

Returns a paginated list of runtime detection events for your account. Filterable by severity, namespace, pod, and time range.

GET /v1/events?severity=critical&namespace=payments&limit=50&since=2026-01-01T00:00:00Z

{
  "events": [
    {
      "id": "evt_01J8X2K3M...",
      "timestamp": "2026-01-15T14:23:11Z",
      "severity": "critical",
      "namespace": "payments",
      "pod": "payment-service-7d4b9f-xkrwp",
      "rule": "unexpected_outbound_connection",
      "details": {
        "process": "node",
        "dst_ip": "185.220.101.42",
        "dst_port": 4444
      }
    }
  ],
  "next_cursor": "cursor_01J8X3...",
  "total": 847
}

SBOMs

GET
/sboms/{artifact_digest}

Retrieve the CycloneDX SBOM for a specific container image digest. Returns JSON (CycloneDX 1.5) or XML depending on the Accept header.

GET /v1/sboms/sha256:a1b2c3d4...

Accept: application/vnd.cyclonedx+json

{
  "bomFormat": "CycloneDX",
  "specVersion": "1.5",
  "serialNumber": "urn:uuid:...",
  "version": 1,
  "metadata": {
    "timestamp": "2026-01-15T12:00:00Z",
    "component": {
      "type": "container",
      "name": "payment-service",
      "version": "1.23.4"
    }
  },
  "components": [...]
}

Audit Export

POST
/audit-export

Generate a time-bounded audit evidence package. Returns a signed ZIP containing runtime detection logs, SBOM exports, and supply-chain provenance records organized by SOC 2 control category.

POST /v1/audit-export
Content-Type: application/json

{
  "period_start": "2025-10-01T00:00:00Z",
  "period_end": "2026-01-01T00:00:00Z",
  "controls": ["CC6", "CC7", "CC9"],
  "format": "zip"
}

// Response: 202 Accepted
{
  "export_id": "exp_01J9...",
  "status": "generating",
  "estimated_ready": "2026-01-15T14:30:00Z",
  "download_url": null
}

Rate Limits

Endpoint categoryRate limit
Event retrieval1000 req/min
SBOM retrieval200 req/min
Audit export generation10 req/hour
Policy management100 req/min

Rate limit headers are included in every response: X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset. On limit exceeded: 429 Too Many Requests with Retry-After header.