API reference¶
The full machine-readable specification for the CredWatch API. This page is rendered from the live OpenAPI spec at https://app.cred-watch.com/openapi.json — it always reflects the deployed version.
For a high-level overview of conventions, envelopes, and pagination see the API overview. For authentication see Authentication. For rate limits see Rate limits & errors.
{!swagger:https://app.cred-watch.com/openapi.json!}
Filter cheatsheet for GET /api/v1/findings¶
The most common query — listing findings. All filters are optional and combine with AND.
| Query parameter | Type | Example | Effect |
|---|---|---|---|
status |
string | ?status=active |
One of active, resolved, false_positive, customer_restricted, stale |
source_type |
string | ?source_type=commit |
One of repo, gist, commit, endpoint, js_bundle |
validation |
string | ?validation=valid |
One of valid, invalid, unvalidated, error, unreachable |
min_score |
float | ?min_score=70 |
Composite score floor (0–100) |
date_from |
ISO date | ?date_from=2026-01-01 |
First-seen on or after |
date_to |
ISO date | ?date_to=2026-05-31 |
First-seen on or before |
q |
string | ?q=acme/web |
Full-text search across source URL, file path, repo name |
page |
int | ?page=2 |
1-based page index |
per_page |
int | ?per_page=100 |
Results per page; max 200 |
order_by |
string | ?order_by=first_seen_at |
Sort field: composite_score, first_seen_at, last_seen_at |
order_dir |
string | ?order_dir=asc |
asc or desc |
Combined example — last week's high-score validated findings, sorted by score:
curl -G https://app.cred-watch.com/api/v1/findings \
-H "Authorization: Bearer $CREDWATCH_API_KEY" \
-d status=active \
-d validation=valid \
-d min_score=80 \
-d date_from=2026-05-14 \
-d order_by=composite_score \
-d order_dir=desc \
-d per_page=100