Cyrisma Partner API Guide

Last updated: January 28, 2026

API Source of Truth
The authoritative documentation for the Cyrisma Partner API—including authentication, endpoint definitions, parameters, and schemas—is available here and should always be referenced first:

https://docs.cyrisma.com/api-reference/getting-started

Overview

The Cyrisma Partner API enables partners to programmatically interact with the Cyrisma risk management platform. It is designed to support automation, reporting, and integration use cases across partner-managed organizations and instances.

Using the API, partners can:

  • Provision and manage organizations and instances

  • Control user access and authentication settings

  • Retrieve security risk summaries and scan results

  • Access vulnerability, secure baseline, and data scan findings

This article provides a high-level overview of API capabilities and how the endpoints are organized. It does not replace the API reference.

How the API Is Organized

The Partner API is grouped into functional areas that align with how Cyrisma is used operationally.

Dashboards

Dashboard endpoints return aggregated risk data for an instance, including:

  • Overall risk grades

  • Data scan risk

  • Vulnerability risk

  • Secure baseline risk

  • CVE summaries

These endpoints are intended for reporting and visibility, not remediation or asset-level analysis.

Instances

Instance endpoints are used to manage the organizational hierarchy within Cyrisma.

They support:

  • Retrieving organizations and instances

  • Creating new organizations or customer instances

  • Suspending and reactivating instances

  • Converting consulting instances to standard

  • Managing MFA configuration

These endpoints are commonly used for partner onboarding and lifecycle management.

Login

Login endpoints handle authentication and credential management, including:

  • Obtaining access tokens

  • Resetting or regenerating API credentials

All API requests require a valid access token.

Scans

Scan endpoints provide visibility into scan activity and history, including:

  • Completed scans across all modules

  • Data scans

  • Vulnerability scans

  • Secure baseline scans

They are typically used for reporting, auditing, and trend analysis.

Vulnerability for Scan ID

This endpoint returns all assets and findings associated with a specific vulnerability scan, including:

  • CVEs

  • Open ports

  • Web application flaws (depending on scan type)

Use this endpoint when you already have a scan ID and need detailed results.

Users

User endpoints allow partners to:

  • Retrieve users under their account

  • Retrieve details for a specific user

  • Disable user access

Users must be assigned at the organization level, not directly to standard or consulting instances.

Vulnerability Assets

Vulnerability asset endpoints return detailed, asset-level findings, based on scan type and available identifiers.

They support:

  • Internal authenticated asset details

  • Internal unauthenticated or external IP-based findings

  • Web application scan findings

These endpoints are typically used for deep analysis and remediation workflows.

Summary

The Cyrisma Partner API enables partners to automate provisioning, manage access, and retrieve security risk data across all managed instances. It supports both high-level reporting and detailed security analysis, depending on the endpoint used.

For implementation details, the API reference remains the single source of truth.

https://docs.cyrisma.com/api-reference/getting-started