Build on Vimy.
Integrate with everything.
Vimy provides API access for programmatic control, inbound webhooks for real-time telemetry ingestion, and outbound webhooks for alerts and notifications. Connect Vimy to your workflows, ticketing systems, and custom tooling.
Three ways to connect.
Programmatic access to Vimy's core capabilities. Manage connectors, query detections, retrieve TRO data, pull posture scores, and export compliance evidence โ all via authenticated REST endpoints.
Use Cases- Pull posture scores into your internal dashboards
- Export TRO data to your ticketing system
- Automate connector management
- Query detection history programmatically
- Retrieve compliance evidence for external systems
Auth: API key authentication via Settings โ API Key Management. All requests are scoped to your tenant โ cross-tenant access is architecturally impossible.
Receive real-time telemetry from external sources. Vimy exposes webhook endpoints for connectors that push data โ Cloudflare Logpush, GitHub Events, and other event-driven integrations send data directly to Vimy for normalization and detection.
Use Cases- Cloudflare Logpush โ WAF events, DNS analytics, audit logs
- Custom telemetry sources โ send OCSF-formatted events directly
- CI/CD pipeline events โ security scan results, deployment notifications
Security: All inbound webhooks are signature-verified. Unsigned or malformed payloads are rejected at ingestion.
Push Vimy alerts and events to your existing tools. Configure outbound webhooks to notify your team via Slack, trigger workflows in your ticketing system, or feed data into your SOAR platform.
Use Cases- Slack notifications โ critical threats, approval requests, posture drift
- Ticketing integration โ auto-create tickets from TROs
- SOAR integration โ trigger external playbooks from Vimy detections
- Custom dashboards โ stream events to your own monitoring
Configuration: Settings โ Notifications โ Webhook URL
What you can do with the API.
| GET | /api/tros | List Threat Response Operations |
| GET | /api/tros/{id} | TRO detail with timeline, evidence, and actions |
| GET | /api/detection | Detection rule inventory |
| GET | /api/fog-of-war | ATT&CK coverage map |
| GET | /api/posture | Current posture scores by domain |
| GET | /api/compliance | Framework compliance status overview |
| GET | /api/compliance/{framework} | Control-level compliance detail |
| GET | /api/batteries | Battery health and detection status |
| GET | /api/connectors | Connector inventory and health |
| GET | /api/agents | Agent fleet status and heartbeat |
| GET | /api/reports | Report inventory |
| POST | /api/reports/{type}/generate | Generate a report on demand |
Full API documentation is in progress. Contact us for early access to the API reference โ
Real-time events. Your endpoints.
Vimy sends webhook payloads to your configured endpoints when key events occur. All payloads are signed with HMAC-SHA256 for verification.
Open schema. No lock-in.
All Vimy telemetry is normalized to the Open Cybersecurity Schema Framework (OCSF) โ the same standard used by AWS Security Lake, Splunk, and CrowdStrike. Events you pull from the API or receive via webhooks are structured, consistent, and portable.
If you ever leave Vimy, your data comes with you in an industry-standard format. No proprietary schemas. No vendor lock-in.
See the API in action.
30-minute demo. We'll show you how Vimy integrates with your existing workflows and tooling.