API Reference
The Infracodebase REST API exposes the same surface the web app uses. Authenticate with a personal access token (icb_pat_…) or an enterprise access token (icb_eat_…) and you can list workspaces, attach rulesets, connect repositories, run compliance evaluations, and start agent runs from outside the UI. See Access Tokens for how to mint one.
Open the portal
The interactive reference is generated from the OpenAPI 3.1 spec and includes per-endpoint request/response shapes, an in-browser request runner, and code samples.
- API portal:
/api/v1/docs - OpenAPI spec:
/api/v1/openapi.json
How endpoints are organized
The portal groups endpoints by the entity that owns them, mirroring how the product is structured:
- User: the calling identity. Profile, memberships, and personal rulesets.
- Enterprise: an enterprise and the things attached to it. Enterprise rulesets and the GitHub App integration.
- Workspace: a governed repository tree inside an enterprise. The workspace itself, its attached rulesets (the effective set, including inherited enterprise rulesets), the connected repository, compliance evaluations, and agent runs.
Every URL reflects ownership. Workspace-owned resources sit under /enterprises/{eid}/workspaces/{wid}/...; enterprise-owned resources sit under /enterprises/{eid}/...; user-scoped resources sit under /me/....
Versioning
The v1 surface is semver-style. Additive changes (new fields, new endpoints) ship without a version bump; breaking changes ship at /v2. Endpoints that are documented but pending implementation return 501 not_implemented so the SDK surface is complete ahead of every operation landing.
Authentication
Send the token as a Bearer credential on the Authorization header:
Authorization: Bearer icb_pat_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Both token types are accepted; the server picks the right verification path from the prefix. Tokens carry the permissions of their owner (personal) or the permission set chosen at creation (enterprise).