API Overview
The CSE Registry API provides programmatic access to signals, mappings, and domain metadata. Use it to integrate CSE data into your security tools, compliance platforms, and automation workflows.
Community API Access
Community tier includes 10,000 requests/day. Get your API key or view pricing for higher limits and additional features.
Base URL
https://api.cseregistry.org/v1Key Features
Fast & Reliable
Low-latency responses with 99.9% uptime SLA
RESTful Design
Standard HTTP methods and JSON responses
Generous Limits
10,000 requests/day on Community tier
Authentication
All API requests must include your API key in the Authorization header:
curl https://api.cseregistry.org/v1/signals \
-H "Authorization: Bearer YOUR_API_KEY"API keys are free and can be generated after registering an account. Each key is tied to your account and can be revoked at any time.
Quick Start
1. Get Your API Key
Create an account and generate an API key from your dashboard.
2. Make Your First Request
# List signals in the HIPAA domain
curl "https://api.cseregistry.org/v1/signals?domain=HIPAA" \
-H "Authorization: Bearer YOUR_API_KEY"{
"data": [
{
"id": "CSE-HIPAA-TECH-ENCRYPT-REST-001",
"domain": "HIPAA",
"category": "TECH",
"title": "Data at Rest Encryption Not Enabled",
"severity": "high"
},
...
],
"meta": {
"total": 75,
"page": 1,
"per_page": 20
}
}3. Explore the Endpoints
See the Endpoints documentation for the complete list of available operations.
Available Endpoints
All endpoints are organized by subscription tier. Community tier endpoints are free for all users. Higher tiers include additional features and capabilities.
Community Tier(11 endpoints)
| Method | Endpoint | Description |
|---|---|---|
| GET | /signals | List Signals |
| GET | /signals/:id | Get Signal |
| GET | /domains | List Domains |
| GET | /mappings | List Mappings |
| GET | /frameworks | List Frameworks |
| GET | /stats | Get Statistics |
| GET | /validate | List Schemas |
| POST | /validate | Validate Object |
| POST | /validate/batch | Batch Validate |
| POST | /signals/bulk | Bulk Signal Lookup |
| POST | /mappings/bulk | Bulk Mappings Lookup |
Pro Tier(10 endpoints)
| Method | Endpoint | Description |
|---|---|---|
| GET | /controls | List Controls |
| GET | /controls/:id | Get Control |
| GET | /frameworks/:code/controls | List Framework Controls |
| GET | /gap-analysis | Gap Analysis Info |
| POST | /gap-analysis | Run Gap Analysis |
| GET | /gap-analysis/:id | Get Gap Analysis |
| GET | /gap-analysis/summary | Gap Analysis Summary |
| GET | /crosswalks | Framework Crosswalks |
| GET | /crosswalks/controls | Control Crosswalks |
| GET | /crosswalks/signals | Signal Coverage |
Teams Tier(10 endpoints)
| Method | Endpoint | Description |
|---|---|---|
| GET | /gap-analysis/:id/export | Export Gap Analysis |
| POST | /gap-analysis/compare | Compare Gap Analyses |
| GET | /artifact-types | List Artifact Types |
| GET | /artifact-types/:id | Get Artifact Type |
| POST | /artifact-types/resolve | Resolve Resource Types |
| GET | /finding-templates | List Finding Templates |
| GET | /finding-templates/:id | Get Finding Template |
| GET | /tool-mappings | List Tool Mappings |
| GET | /tool-mappings/lookup | Lookup Tool Mapping |
| GET | /security-tools | List Security Tools |
Response Format
All responses follow a consistent JSON structure:
Success Response
{
"data": { ... },
"meta": {
"total": 1143,
"page": 1,
"per_page": 20,
"total_pages": 57
}
}Error Response
{
"error": {
"code": "invalid_parameter",
"message": "Invalid domain: 'INVALID'. Valid domains are: CMMC, HIPAA, ...",
"details": {
"parameter": "domain",
"value": "INVALID"
}
}
}HTTP Status Codes
| Code | Meaning |
|---|---|
| 200 | Success - Request completed successfully |
| 400 | Bad Request - Invalid parameters |
| 401 | Unauthorized - Missing or invalid API key |
| 403 | Forbidden - Insufficient subscription tier |
| 404 | Not Found - Resource does not exist |
| 429 | Rate Limited - Too many requests |
| 500 | Server Error - Something went wrong on our end |
SDK & Libraries
Official SDKs are planned for popular languages. In the meantime, the REST API works with any HTTP client:
import requests
response = requests.get(
"https://api.cseregistry.org/v1/signals",
headers={"Authorization": "Bearer YOUR_API_KEY"},
params={"domain": "HIPAA", "severity": "high"}
)
signals = response.json()["data"]const response = await fetch(
"https://api.cseregistry.org/v1/signals?domain=HIPAA&severity=high",
{ headers: { Authorization: "Bearer YOUR_API_KEY" } }
);
const { data: signals } = await response.json();Alternative: GitHub Raw URLs
For simple use cases or if you don't need API features like search and filtering, you can fetch data directly from GitHub:
# No authentication required
curl https://raw.githubusercontent.com/DataHubz/cse-registry/v1.0.0/registry/cse-registry.json
# Fetch a specific signal
curl https://raw.githubusercontent.com/DataHubz/cse-registry/v1.0.0/signals/HIPAA/TECH/CSE-HIPAA-TECH-ENCRYPT-REST-001/signal.jsonSee the Quick Start guide for more details on using raw GitHub URLs.