Eleion Phalanx API
Autonomous security intelligence for modern infrastructure. Integrate offensive testing, continuous monitoring, self-healing, active defense, compliance automation, endpoint protection, and AI-powered code automation into your workflow through a single unified API.
REST API v1 Stable 100+ Endpoints
Introduction
The Eleion Phalanx API provides programmatic access to ten integrated security products:
- Praetor — Automated offensive security testing, vulnerability scanning, and compliance scoring
- Vigil — Continuous autonomous monitoring with 37 scanners, 5,256 Sigma rules, 21K+ threat intelligence IoCs, NLP threat hunting, and attack path analysis
- Regen — Self-healing engine with 5 specialized healers, learning from every remediation, pre-heal config snapshots, and rollback capability
- Forge — AI-powered code factory with governance pipeline, multi-tier execution (local LLM + cloud AI), SOAR playbook editor, and audit trail
- Aegis — Active defense with honeytokens (7 types), SSH/HTTP/SMTP honeypots, honey files, DNS canaries, and attacker attribution
- Centurion — NIS2 + ISO 27001 compliance engine with 105 controls, 10 automated adapters, and bulk evidence upload
- Aquila — Email security with SPF/DKIM/DMARC/BIMI scoring, phishing simulation with 10 templates, and campaign tracking
- Scutum — Endpoint protection via a Unified Agent supporting 6 platforms (Linux, macOS, Windows, AWS, Azure, GCP) with 95 CIS checks per platform
- Disciplina — Security awareness training with 5 courses, quizzes, certificates, and phishing auto-enrollment
- Praesidium — Physical security checklists, WiFi audit, zone management, and sensor monitoring
Deploy the Unified Agent (Scutum) across Linux, macOS, Windows, AWS, Azure, and GCP for deep visibility without exposing credentials.
Base URL
https://api.eleion.io/v1
All endpoints are relative to this base URL. For example, the status endpoint is at https://api.eleion.io/v1/status.
Request Format
The API accepts and returns JSON. Set Content-Type: application/json for request bodies. All timestamps are ISO 8601 (UTC).
Authentication
All API requests require an API key passed in the X-API-Key header. Keys are prefixed with el_ and can be managed from the Eleion Portal or the Admin Dashboard.
Example Authenticated Request
curl -s https://api.eleion.io/v1/status \
-H "X-API-Key: el_your_api_key_here"
Authentication Errors
Quick Start
Get up and running in 3 steps:
1. Register and get your API key
curl -s -X POST https://api.eleion.io/v1/auth/register \ -H "Content-Type: application/json" \ -d '{ "email": "you@company.com", "password": "your_secure_password", "company": "Your Company", "plan": "sentinel" }'
2. Check platform status
curl -s https://api.eleion.io/v1/status \
-H "X-API-Key: el_your_api_key_here"
3. Run your first scan
curl -s -X POST https://api.eleion.io/v1/praetor/scans \ -H "X-API-Key: el_your_api_key_here" \ -H "Content-Type: application/json" \ -d '{"scan_type": "quick"}'
Status
Check platform health and your tenant information.
Returns platform health, product availability, and tenant metadata including plan and active products.
{
"status": "operational",
"tenant": {
"id": "YOUR_TENANT",
"name": "Your Company",
"plan": "guardian"
},
"products": {
"praetor": "healthy",
"vigil": "healthy",
"regen": "healthy",
"forge": "healthy",
"aegis": "healthy",
"centurion": "healthy",
"aquila": "healthy",
"scutum": "healthy",
"disciplina": "healthy",
"praesidium": "healthy"
},
"version": "1.7.0",
"timestamp": "2026-03-07T12:00:00Z"
}
Praetor Offensive Security
Praetor provides automated offensive security testing — vulnerability scanning, penetration testing, compliance scoring, and automated remediation recommendations. 10 API endpoints.
Security Score
Returns your current security score (0-100) with letter grade and breakdown by category.
{
"score": 82,
"grade": "B+",
"breakdown": {
"network": 85,
"application": 78,
"compliance": 90,
"configuration": 75
},
"trend": "improving",
"last_scan": "2026-03-07T10:30:00Z"
}
Scans
Trigger a new security scan. Returns immediately with scan ID; poll status via GET.
| Body Field | Type | Description |
|---|---|---|
| scan_type | string | Required quick, full, or compliance |
{
"scan_id": "scan_20260307_001",
"status": "queued",
"message": "Scan queued successfully"
}
List recent security scans with status and summary results.
| Parameter | Type | Description |
|---|---|---|
| limit | integer | Optional Max results (default: 20, max: 100) |
Get detailed information about a specific scan including progress, duration, and finding counts.
Stop a running scan. Partial results are preserved.
Findings
List security findings from completed scans, ordered by severity.
| Parameter | Type | Description |
|---|---|---|
| limit | integer | Optional Max results (default: 50, max: 200) |
| severity | string | Optional critical, high, medium, low |
{
"findings": [
{
"id": "f_0042",
"severity": "high",
"category": "configuration",
"title": "TLS 1.0 enabled on port 443",
"description": "Legacy TLS protocol detected...",
"remediation": "Disable TLS 1.0 in nginx config",
"first_seen": "2026-03-01T08:00:00Z",
"scan_id": "scan_20260307_001"
}
],
"total": 1
}
Get detailed information about a specific finding, including full description, evidence, and remediation steps.
Reports & Remediations
List generated security reports.
Generate a new security report. Reports are generated asynchronously.
List AI-generated remediation recommendations based on current findings.
Vigil Autonomous Guardian
Vigil provides continuous autonomous monitoring with auto-discovery, 37 security scanners, 5,256 Sigma detection rules, 570 CIS compliance checks across 6 platforms (Linux, macOS, Windows, AWS, Azure, GCP) via the Unified Agent, 21,000+ threat intelligence IoCs from 7 feed sources, NLP-powered threat hunting, and attack path analysis. 14 API endpoints.
Dashboard
Returns a comprehensive overview: entity counts, recent findings, scanner status, Sigma/CIS stats, and threat intelligence summary.
{
"entities_total": 634,
"findings_24h": 12,
"scanners_active": 37,
"sigma_rules": 5256,
"cis_checks": {
"total": 570,
"per_platform": 95,
"platforms": ["linux", "macos", "windows", "aws", "azure", "gcp"]
},
"threat_iocs": 21000,
"threat_feeds": 7,
"recent_findings": [
{
"id": 1042,
"severity": "medium",
"category": "config",
"title": "Unencrypted Redis port exposed",
"found_at": "2026-03-07T11:45:00Z"
}
]
}
Scans
Trigger an on-demand Vigil scan. Quick scans run critical checks; full scans run all 37 scanners including Sigma matching, CIS compliance, threat intelligence correlation, and entity discovery.
| Body Field | Type | Description |
|---|---|---|
| scan_type | string | Required quick or full |
List Vigil scan history with results and timing.
Findings
Retrieve all findings from continuous monitoring. Supports filtering by severity, category, and entity.
| Parameter | Type | Description |
|---|---|---|
| limit | integer | Optional Max results (default: 50, max: 200) |
| severity | string | Optional critical, high, medium, low |
| category | string | Optional e.g. sigma_match, cis_fail, intruder, config, cert, threat_intel_match |
intruder, orphan, stale, inconsistent, dependency, config, resource, cert, matrix, sigma_match, drift, new_entity, cis_fail, threat_intel_match, broken, disconnected, hardening
Mark a finding as resolved.
Add a finding to the whitelist. Future scans will skip this entity/pattern.
Whitelist
List all whitelisted entities.
Add an entity to the whitelist directly.
NLP Threat Hunter
Launch an AI-powered threat hunt using natural language queries. Searches across Vigil findings, threat intelligence, and knowledge graph. Returns results via Server-Sent Events (SSE) for real-time streaming.
| Body Field | Type | Description |
|---|---|---|
| query | string | Required Natural language query, e.g. "Show me all lateral movement indicators in the last 48 hours" |
curl -s -N -X POST https://api.eleion.io/v1/vigil/hunt \ -H "X-API-Key: el_your_api_key_here" \ -H "Content-Type: application/json" \ -d '{"query": "Find exposed services with no TLS"}'
curl -N or an EventSource client to receive progressive updates as the AI analyzes findings, threat intelligence, and knowledge graph data.
Get AI-generated hunt suggestions based on recent findings and threat landscape.
Attack Paths
Get the full attack path graph — nodes (entities) and edges (relationships/vulnerabilities) for force-directed visualization.
{
"nodes": [
{
"id": "nginx",
"type": "service",
"risk_score": 35,
"findings_count": 3
}
],
"edges": [
{
"source": "nginx",
"target": "api_v3",
"type": "proxies_to"
}
],
"total_nodes": 495,
"total_edges": 1145
}
Get identified attack chains — sequences of findings that together form a potential attack path.
Get attack paths related to a specific entity, including adjacent nodes and risk context.
Vigil service health check with scanner status details.
Regen Self-Healing
Regen is the autonomous self-healing engine. It continuously monitors services, diagnoses issues, and applies remediation — learning from each round to improve future responses. Features 5 specialized healers, an escalation chain (5 failures triggers human alert), pre-heal config snapshots, and rollback capability. 9 API endpoints.
Dashboard & Health
Returns healing statistics, success rate, experience level, active healers, and recent activity.
{
"total_rounds": 256,
"total_heals": 723,
"success_rate": 0.91,
"experience_points": 4340,
"healers": [
"ServiceHealer",
"ProductHealer",
"AgentHealer",
"SecurityHealer",
"DbHealer"
],
"escalation_chain": "5 failures triggers human alert",
"last_round": "2026-03-07T11:50:00Z"
}
Regen service health check with healer status and uptime.
Get detailed experience data: XP per healer, learning history, and improvement trends.
Healing Rounds
List healing rounds. Each round is a full diagnosis and remediation cycle.
| Parameter | Type | Description |
|---|---|---|
| limit | integer | Optional Max results (default: 20, max: 100) |
Manually trigger a healing round of specified type.
| Path Param | Type | Description |
|---|---|---|
| round_type | string | Required full, services, security, database |
Individual Heals
List individual heal operations with target, remedy applied, healer used, and outcome.
| Parameter | Type | Description |
|---|---|---|
| limit | integer | Optional Max results (default: 50, max: 200) |
{
"heals": [
{
"id": 723,
"round_id": 256,
"healer": "ServiceHealer",
"target": "quiron-proxy",
"issue": "High memory usage (92%)",
"remedy": "adaptive_restart",
"success": true,
"healed_at": "2026-03-07T11:50:30Z"
}
],
"total": 723
}
Snapshots & Rollback
List pre-heal configuration snapshots. Regen automatically captures service state before every heal, enabling safe rollback.
| Parameter | Type | Description |
|---|---|---|
| limit | integer | Optional Max results (default: 20) |
| service | string | Optional Filter by service name |
Get snapshot statistics: total count, storage size, rollback success rate.
Rollback a service to a previous configuration snapshot. Use this to undo a heal that caused unintended side effects.
Forge Code Factory
Forge is the autonomous code factory — create development tasks, track progress through a governance pipeline with approval workflows, and review AI-generated code changes. Multi-tier execution: Tier 1 (local Ollama LLM for fast tasks) and Tier 2 (Claude for complex tasks). Includes SOAR playbook editor with visual node-based editing and YAML export. 15 API endpoints.
Tasks
Create a new code factory task. Tasks enter the governance pipeline and require approval before execution.
| Body Field | Type | Description |
|---|---|---|
| title | string | Required Short task title |
| description | string | Required Detailed task description |
| priority | integer | Optional 1 (highest) to 5 (lowest), default: 3 |
| target_files | array | Optional List of file paths to modify |
curl -s -X POST https://api.eleion.io/v1/forge/tasks \ -H "X-API-Key: el_your_api_key_here" \ -H "Content-Type: application/json" \ -d '{ "title": "Add rate limiting to API endpoints", "description": "Implement per-tenant rate limiting using Redis...", "priority": 2, "target_files": ["routers/api_gateway.py"] }'
{
"id": 43,
"title": "Add rate limiting to API endpoints",
"status": "pending",
"message": "Task created, awaiting governance approval"
}
List code factory tasks with status and tier assignment.
| Parameter | Type | Description |
|---|---|---|
| limit | integer | Optional Max results (default: 20, max: 100) |
| status | string | Optional pending, approved, running, completed, failed |
Get detailed information about a task including execution logs, tier, timing, and code diff.
Get the execution log for a task — step-by-step output from the AI agent.
Governance
Approve a pending task for execution. The task will be assigned to a tier and dispatched.
Reject a pending task with an optional reason.
Retry a failed task, optionally escalating to a higher tier.
Statistics & Audit
Factory statistics: total tasks, success rates, average execution time by tier.
{
"total_tasks": 127,
"completed": 118,
"failed": 9,
"success_rate": 0.929,
"avg_execution_s": {
"tier1_ollama": 45,
"tier2_claude": 180
},
"tasks_today": 5
}
Full governance audit trail: who created, approved, rejected, or retried each task.
SOAR Playbooks
Visual node-based playbook editor with 6 node types: trigger, condition, action, notification, delay, and end. Export to YAML for integration with external SOAR tools.
List all SOAR playbooks.
| Parameter | Type | Description |
|---|---|---|
| status | string | Optional active, draft, archived |
Create a new playbook with node graph definition.
Get a specific playbook with full node graph.
Update a playbook's nodes, connections, or metadata.
Delete a playbook (archives it; can be restored).
Export playbook as YAML for use with external SOAR platforms.
Clone a playbook to create a new version based on an existing one.
List available node types and their configuration schemas.
Aegis Active Defense
Aegis is the active defense and deception engine. Deploy honeytokens (7 types: API keys, database credentials, AWS keys, config files, DNS entries, email addresses, webhook URLs), SSH/HTTP/SMTP honeypots, honey files, and DNS canaries across your infrastructure. Attacker interactions are captured and attributed automatically. Tier-gated: Guardian plan and above. 8 API endpoints.
403 with an upgrade hint.
Honeytokens
Create a new honeytoken. When an attacker uses this token, an alert is triggered with attribution data.
| Body Field | Type | Description |
|---|---|---|
| token_type | string | Required api_key, db_credential, aws_key, config_file, dns_entry, email, webhook_url |
| name | string | Required Descriptive name for the token |
| placement | string | Optional Where the token will be deployed |
{
"id": "ht_a1b2c3",
"token_type": "aws_key",
"token_value": "AKIA...",
"name": "S3 backup canary",
"active": true,
"created_at": "2026-03-07T10:00:00Z"
}
List all honeytokens with status and trigger counts.
Get details for a specific honeytoken including trigger history and attribution.
Honeypots
List active honeypots (SSH, HTTP, SMTP) with connection statistics.
Get interaction logs for a specific honeypot including IP addresses, credentials attempted, and payloads.
DNS Canaries
List DNS canary tokens. Each canary has a unique subdomain; resolution triggers an alert.
Get trigger history for a specific DNS canary including resolver IPs and timestamps.
Attribution & Dashboard
Get attacker attribution data aggregated from all deception sources — IP geolocation, ASN, TTP mapping, and threat intelligence correlation.
Aegis overview: active tokens, honeypots, canaries, recent triggers, and top attacker IPs.
Centurion Compliance
Centurion is the NIS2 + ISO 27001 compliance engine. 105 controls with 10 automated adapters that pull evidence from other Eleion products (Vigil, Regen, Praetor, Scutum, SAML, MFA, supply chain, crypto inventory, backup). Bulk evidence upload for manual controls. Per-tenant configuration. 7 API endpoints.
Dashboard & Controls
Returns compliance overview: NIS2 score, ISO 27001 score, controls by status (compliant, partial, non-compliant, not-evaluated), and recent assessment timestamp.
{
"nis2_score": 100,
"iso27001_score": 95.2,
"controls_total": 105,
"compliant": 56,
"partial": 6,
"non_compliant": 0,
"not_evaluated": 43,
"last_assessment": "2026-03-07T06:00:00Z"
}
List all compliance controls with status, framework mapping, and evidence summary.
| Parameter | Type | Description |
|---|---|---|
| framework | string | Optional nis2 or iso27001 |
| status | string | Optional compliant, partial, non_compliant, not_evaluated |
Get detailed control information including evidence chain, adapter source, and remediation guidance.
Evidence
List all uploaded evidence with control mappings.
Bulk upload evidence files for manual controls. Accepts multipart form data with control ID mappings.
Reports & Config
Generate a compliance report (NIS2 or ISO 27001) suitable for auditor review.
Get per-tenant compliance configuration: enabled adapters, assessment schedule, and notification settings.
Aquila Email Security
Aquila provides email security scoring and phishing simulation. Scan domains for SPF, DKIM, DMARC, and BIMI configuration. Run phishing awareness campaigns with 10 built-in templates and track employee response rates. 5 API endpoints.
Domain Scanning
List registered domains with their email security scores.
Scan a domain for SPF, DKIM, DMARC, and BIMI records. Returns a score (0-100) and detailed findings per protocol.
{
"domain": "example.com",
"score": 85,
"spf": { "status": "pass", "record": "v=spf1 include:..." },
"dkim": { "status": "pass", "selectors": ["default"] },
"dmarc": { "status": "pass", "policy": "quarantine" },
"bimi": { "status": "missing" }
}
Phishing Simulation
List phishing simulation campaigns with status, click rates, and report rates.
Get detailed campaign results: per-recipient status, click timestamps, and credential submission tracking.
List available phishing email templates (10 built-in) with preview and difficulty rating.
Scutum Endpoint Protection
Scutum provides endpoint protection via the Unified Agent — a cross-platform agent supporting 6 platforms (Linux, macOS, Windows, AWS, Azure, GCP) with 95 CIS checks per platform (570 total). Token-based registration, heartbeat monitoring, event collection, and per-host CIS scoring. 6 API endpoints.
--platform flag for cloud environments. Install with a single command.
Agent Lifecycle
Register a new agent with a registration token. Returns the agent ID for future communication.
| Body Field | Type | Description |
|---|---|---|
| hostname | string | Required Agent hostname |
| token | string | Required Registration token from portal |
| platform | string | Required linux, macos, windows, aws, azure, gcp |
Agent heartbeat (every 60s). Includes system metrics and agent version.
Data Collection
Submit security events from the agent. Events are matched against Sigma rules and correlated with threat intelligence.
Submit CIS benchmark results (95 checks per platform). Failed checks are automatically created as Vigil findings.
Host Overview
Per-host dashboard with CIS score, finding counts, heal counts, platform, and online/offline status.
{
"hosts": [
{
"agent_id": "ag_x1y2z3",
"hostname": "prod-web-01",
"platform": "linux",
"cis_score": 87,
"findings": 3,
"heals": 12,
"online": true,
"last_seen": "2026-03-07T12:01:00Z"
}
],
"total": 1
}
Installation
Get the bootstrap install script for a specific platform. Returns a shell script (Linux/macOS/cloud) or PowerShell script (Windows).
curl -sL https://app.eleion.io/v1/agent/install/linux | bash
Disciplina Security Awareness
Disciplina provides security awareness training with 5 courses, quizzes, certificate generation, and automatic phishing campaign enrollment for employees who fail assessments. 5 API endpoints.
Courses & Progress
List available security awareness courses with completion statistics.
{
"courses": [
{
"id": "phishing-101",
"title": "Phishing Awareness",
"modules": 4,
"quiz_questions": 20,
"enrolled": 45,
"completed": 38,
"pass_rate": 0.84
}
]
}
Get course details including module breakdown, quiz questions, and per-user progress.
Get training progress for all employees: enrolled courses, completion %, quiz scores.
Certificates & Enrollment
List issued certificates for completed courses. Certificates can be used as compliance evidence in Centurion.
Enroll employees in a training course. Employees who fail phishing simulations (Aquila) are auto-enrolled.
| Body Field | Type | Description |
|---|---|---|
| course_id | string | Required Course identifier |
| user_emails | array | Required List of employee email addresses |
Praesidium Physical Security
Praesidium manages physical security and WiFi auditing. Maintain security checklists for physical locations, run WiFi network scans to detect rogue access points, manage security zones, and monitor sensors. 4 API endpoints.
Checklists & WiFi
Get the physical security checklist with item status (compliant/non-compliant/not-assessed) per location.
Trigger a WiFi security scan. Detects rogue APs, open networks, weak encryption, and evil twin attacks.
{
"networks_found": 12,
"rogue_aps": 1,
"weak_encryption": 2,
"open_networks": 0,
"evil_twin": false,
"scan_time": "2026-03-07T14:00:00Z"
}
Zones & Sensors
List security zones with access control status and sensor coverage.
List physical security sensors (cameras, access readers, motion detectors) with online/offline status and last event.
Unified Agent Cross-Platform
The Unified Agent (Scutum) is a single cross-platform agent supporting Linux, macOS, Windows, AWS, Azure, and GCP. It auto-detects the operating system or accepts a --platform flag for cloud environments. Features token-based registration, heartbeat every 60 seconds, CIS auto-scan (95 checks per platform), and event collection with Sigma matching.
curl -sL https://app.eleion.io/v1/agent/install/linux | bash
Supported Platforms
- Linux — Ubuntu, Debian, RHEL, CentOS, Alpine. 95 CIS checks (filesystem, auth, network, logging, services)
- macOS — Ventura, Sonoma, Sequoia. 95 CIS checks (FileVault, Gatekeeper, firewall, privacy, updates)
- Windows — Windows 10/11, Server 2019/2022. 95 CIS checks (BitLocker, Windows Defender, audit policy, services)
- AWS — CloudTrail, IAM, S3, EC2, RDS, Lambda, VPC. 95 CIS AWS Benchmark checks
- Azure — Activity logs, VMs, Storage, Key Vault, NSGs, SQL. 95 CIS Azure Benchmark checks
- GCP — Cloud Audit, IAM, GCS, Compute, Cloud SQL, VPC. 95 CIS GCP Benchmark checks
Architecture
Agents run inside your infrastructure and communicate outbound only. No inbound ports required. Data is pushed to Eleion via authenticated HTTPS calls. Cloud agents deploy as serverless functions (Lambda/Azure Functions/Cloud Functions).
Per-Host Dashboard
Each registered agent appears in the Scutum host overview with its CIS score, finding count, heal count, platform icon, and online/offline status. Use the /v1/agent/overview/hosts endpoint to retrieve per-host data programmatically.
Alerts & Webhooks Notifications
Manage security alerts across all products. Configure webhook endpoints for real-time notifications. Alert dispatcher runs every 10 minutes with 30-minute cooldown and deduplication. 16 endpoints.
Alerts
List alerts with filtering. Aggregates findings from all ten products.
| Parameter | Type | Description |
|---|---|---|
| severity | string | Optional critical, high, medium, low |
| status | string | Optional open, acknowledged, resolved |
| limit | integer | Optional Max results (default: 50) |
Alert counts by severity and status.
Get full alert details.
Acknowledge an alert.
Mark alert as resolved.
Bulk acknowledge multiple alerts by ID array.
Alert Preferences
Get notification preferences (severity thresholds, channels, cooldown).
Update notification preferences.
Webhooks
List configured webhook endpoints.
Register a webhook endpoint to receive real-time alert notifications.
| Body Field | Type | Description |
|---|---|---|
| url | string | Required Webhook URL (HTTPS) |
| events | array | Optional Event types to subscribe to (default: all) |
| secret | string | Optional Shared secret for HMAC signature verification |
Update a webhook configuration.
Remove a webhook endpoint.
Reports Intelligence
Generate comprehensive security reports combining data from all products.
Generate a security report. Reports are created asynchronously and include findings from all ten products.
| Body Field | Type | Description |
|---|---|---|
| type | string | Optional executive, technical, compliance (default: executive) |
| period_days | integer | Optional Lookback period in days (default: 30) |
List all generated reports.
Get the most recent report.
Get a specific report with full content.
Metering
Track API and product usage for billing and capacity planning.
Usage summary for the current billing period.
{
"period_start": "2026-03-01T00:00:00Z",
"period_end": "2026-03-31T23:59:59Z",
"api_calls": 4521,
"scans": 34,
"heals": 89,
"forge_tasks": 12,
"agent_heartbeats": 8640,
"plan_limits": {
"api_calls": 50000,
"scans": 100,
"heals": "unlimited",
"forge_tasks": 50,
"agents": 50
}
}
Daily usage breakdown for trend analysis.
| Parameter | Type | Description |
|---|---|---|
| days | integer | Optional Number of days (default: 7, max: 30) |
Plans
Four plan tiers are available, each unlocking different product sets and capabilities.
| Plan | Price | Products | Key Features |
|---|---|---|---|
| Sentinel | €99/mo | Praetor + Vigil + basic Centurion | Offensive scanning, monitoring, basic NIS2 compliance, 1 agent |
| Guardian | €299/mo | + Regen + Forge + Aquila + Aegis | Self-healing, code factory, email security, active defense, 10 agents |
| Strategos | €599/mo | + Scutum + Disciplina + Praesidium + full Centurion | Unified Agent, awareness training, physical security, full compliance, 50 agents |
| Enterprise | €999/mo | All 10 products + custom integrations | Unlimited agents, 24/7 dedicated support, custom adapters, SLA |
Rate Limits
API requests are rate-limited per API key based on your plan tier.
| Plan | Requests/Minute | Burst |
|---|---|---|
| Sentinel | 30 | 10 |
| Guardian | 60 | 20 |
| Strategos | 120 | 40 |
| Enterprise | 300 | 100 |
Rate Limit Headers
Every response includes rate limit information:
X-RateLimit-Limit: 120 X-RateLimit-Remaining: 117 X-RateLimit-Reset: 1740393600
X-RateLimit-Reset (Unix epoch). The response body includes retry_after in seconds.
Errors
The API uses standard HTTP status codes and returns errors in a consistent JSON format.
Error Response Format
{
"detail": "Human-readable error message"
}
Status Codes
★ Roma, Italia