# AIRiskDB API Overview



## What is AIRiskDB API?

The AIRiskDB API provides read access to AI asset intelligence, enrichment findings, AI-BOM data, and threat intelligence. Use these endpoints to retrieve normalized asset records, look up assets by fingerprint or model and package metadata, inspect risk findings, and list matching threats.

***

## Base URL

Production API root:

```text
https://api.airiskdb.com
```

Versioned API root:

```text
https://api.airiskdb.com/v1
```

***

## Authentication

All `/v1/*` endpoints require a bearer API key:

```http
Authorization: Bearer <API_KEY>
```

API keys are scoped:

| Scope         | Allows                                                          |
| ------------- | --------------------------------------------------------------- |
| `assets:read` | Read assets, findings, AI-BOMs, and threats matched to an asset |

***

## Common Conventions

Every response includes a request ID header:

```http
X-Request-Id: req_1234567890abcdef12345678
```

Use this value when debugging or contacting support.

### Cursor Pagination

List endpoints use cursor pagination:

| Parameter        | Type    | Description                                                            |
| ---------------- | ------- | ---------------------------------------------------------------------- |
| `limit`          | integer | Optional. Defaults to `20`. Minimum `1`, maximum `100`.                |
| `starting_after` | string  | Optional forward cursor. Set to the previous response's `next_cursor`. |
| `ending_before`  | string  | Optional reverse cursor where supported.                               |

List response shape:

```json
{
  "object": "list",
  "data": [],
  "has_more": false,
  "url": "/v1/assets",
  "next_cursor": null
}
```

***

## Endpoints

| Method | Endpoint                            | Purpose                                                                                            |
| ------ | ----------------------------------- | -------------------------------------------------------------------------------------------------- |
| `GET`  | `/v1/assets/lookup`                 | Look up assets by fingerprint, exact name, fuzzy name, version, ecosystem, or fallback fingerprint |
| `GET`  | `/v1/assets/{fingerprint}`          | Retrieve the resolved asset record                                                                 |
| `GET`  | `/v1/assets/{fingerprint}/findings` | Retrieve findings for the resolved asset                                                           |
| `GET`  | `/v1/assets/{fingerprint}/aibom`    | Retrieve the AI-BOM for the resolved asset                                                         |
| `GET`  | `/v1/assets/{fingerprint}/threats`  | Retrieve threats matched to the resolved asset                                                     |