API reference
Every API route Infiniview exposes, in one place.
Note
Authentication uses the dashboard session unless noted otherwise. The GitHub webhook receiver verifies signatures from GitHub and rejects anything else.
Health
GET
/api/healthGET
/api/health/readinessGitHub
OAuth handshake, repo discovery, and the signed webhook receiver.
GET
/api/github/connectGET
/api/github/callbackGET
/api/github/disconnectGET
/api/github/reposPOST
/api/github/webhookReviews
Manage reviews and their related views. DELETE archives by default; dev mode can hard-delete.
GET
/api/reviewsPOST
/api/reviewsGET
/api/reviews/{id}PATCH
/api/reviews/{id}DELETE
/api/reviews/{id}archive (default) or hard delete (dev)GET
/api/reviews/{id}/story-insightsGET
/api/reviews/{id}/readinessPOST
/api/reviews/{id}/rerunScan runs
GET
/api/scan-runsGET
/api/scan-runs/{id}DELETE
/api/scan-runs/{id}GET
/api/scan-runs/{id}/progressGET
/api/scan-runs/{id}/liveGET
/api/scan-runs/{id}/csvGET
/api/scan-runs/{id}/compareGET
/api/scan-runs/{id}/trustFindings
GET
/api/security-findingsGET
/api/security-findings/{id}PATCH
/api/security-findings/{id}GET
/api/security-findings/{id}/replayGET
/api/security-findings/{id}/bundleGET
/api/security-findings/exportConfiguration
GET
/api/scan-configPUT
/api/scan-configPOST
/api/validate-infiniview-ymlGET
/api/settingsPUT
/api/settingsGET
/api/repo-secretsPOST
/api/repo-secretsDELETE
/api/repo-secrets/{id}Suppressions
GET
/api/finding-suppressionsPOST
/api/finding-suppressionsDELETE
/api/finding-suppressions/{id}Billing
POST
/api/billing/checkout-sessionGET
/api/billing/statusPOST
/api/billing/webhook