API Reference
import { Aside } from ‘@astrojs/starlight/components’;
The Bastion backend exposes a REST API on port 8080. All endpoints require a valid JWT Authorization: Bearer <token> header except /api/v1/auth/login.
Authentication
Section titled “Authentication”POST /api/v1/auth/loginContent-Type: application/json
{ "username": "admin", "password": "your-password"}Response:
{ "access_token": "eyJ...", "refresh_token": "eyJ...", "token_type": "Bearer", "expires_in": 3600}Use the access_token as a Bearer header on all subsequent requests.
Route groups
Section titled “Route groups”| Group | Prefix | Description |
|---|---|---|
| Auth | /api/v1/auth | Login, logout, register, refresh, change password |
| SAML SSO | /api/v1/auth/saml | Metadata, login, ACS, SLS |
| Users | /api/v1/users | Current user, user list |
| Endpoints | /api/v1/endpoints | Fleet management, isolation, quarantine |
| Threats | /api/v1/threats | Threat list, details, resolve |
| Policies | /api/v1/policies | Security policy CRUD |
| Incidents | /api/v1/incidents | Correlated incident management |
| IOCs | /api/v1/iocs | IOC management and threat intelligence feeds |
| Behavioral | /api/v1/behavioral | Behavioral profiles and anomalies |
| Compliance | /api/v1/compliance | HIPAA + FERPA dashboards, breach notification |
| Notifications | /api/v1/notifications | Alert rule CRUD, test notifications |
| Audit | /api/v1/audit | Audit log query, export, integrity verify |
| Response | /api/v1/response | Playbooks, commands, retry queue |
| Integrations | /api/v1/integrations | SIEM test, network events |
| MITRE | /api/v1/mitre | ATT&CK navigator export, coverage report |
| Security Admin | /api/v1/admin/security | User roles, token revocation |
| Encryption | /api/v1/security/encryption | PHI encryption status and audit |
| License | /api/v1/license | License status, activation, upgrade |
| Updates | /api/v1/updates | Agent update campaign management |
Key endpoints
Section titled “Key endpoints”List endpoints
Section titled “List endpoints”GET /api/v1/endpointsAuthorization: Bearer <token>Isolate an endpoint
Section titled “Isolate an endpoint”POST /api/v1/endpoints/{endpoint_id}/isolateAuthorization: Bearer <token>List active threats
Section titled “List active threats”GET /api/v1/threats?severity=high&status=openAuthorization: Bearer <token>HIPAA compliance dashboard
Section titled “HIPAA compliance dashboard”GET /api/v1/compliance/hipaa/dashboardAuthorization: Bearer <token>FERPA PII timeline
Section titled “FERPA PII timeline”GET /api/v1/compliance/ferpa/pii-timeline?from=2025-01-01&to=2025-03-31Authorization: Bearer <token>License status
Section titled “License status”GET /api/v1/license/statusAuthorization: Bearer <token>Activate license
Section titled “Activate license”POST /api/v1/license/activateAuthorization: Bearer <token>Content-Type: application/json
{ "license_key": "eyJ..."}Pagination
Section titled “Pagination”List endpoints support cursor-based pagination:
GET /api/v1/threats?limit=50&offset=0Response includes total, limit, and offset fields.
Error responses
Section titled “Error responses”All errors return a consistent JSON body:
{ "error": "Not found", "message": "Endpoint with ID abc-123 does not exist", "status": 404}Common status codes:
| Code | Meaning |
|---|---|
| 401 | Missing or invalid token |
| 403 | Insufficient role/permissions |
| 402 | License limit exceeded or expired |
| 429 | Rate limit exceeded |
| 500 | Internal server error (check backend logs) |