Docs

Developers

Every index365 result has two first-class interfaces: a dashboard your team reads and an agent-readable contract your tools consume. This section covers the agent side: the authenticated REST API, webhooks, the CLI, and the MCP server. The API is the source of truth; everything else wraps it.

REST API

Agency workspaces can start audits, poll runs, and read structured findings over /api/v1 with scoped API keys. OpenAPI reference included.

Webhooks

HMAC-signed event deliveries for run.completed, run.failed, and more. Replay-protected with bounded retries.

CLI

The index365 command line for terminals and CI: start audits, wait for completion, and read findings as JSON.

MCP server

Give Claude Code, Codex, or Cursor direct access to your audit results through the Model Context Protocol.

Get an API key

  1. Use an active Agency workspace, then open your workspace settings (Org settings, API keys panel).
  2. Create a key. Keys are read-only by default; grant audit-start or webhook scopes only when the integration needs them.
  3. Copy the secret immediately. It is shown once and stored hashed; afterwards only the prefix is visible.

Authenticate every request with Authorization: Bearer i365_.... Keys are scoped to your organization, rate limited per key, and every request is logged to an audit trail you can review.