GraphQL API Documentation
Hasura GraphQL API for Sentinel Security Platform
Overview
The Sentinel Security Platform offers a complete GraphQL API based on Hasura. This API allows you to programmatically access all data that is also available via the web interface.
Endpoint: https://api.sentinel-security.tech/v1/graphql
GraphQL Playground: https://api.sentinel-security.tech/v1/graphql
Authentication
All API requests must be authenticated with a valid Bearer Token.
Get Token: After registration, you will receive an API key in your profile under "API Settings".
Header Format
Authorization: Bearer YOUR_API_TOKEN_HERE
Example with curl
curl -X POST https://api.sentinel-security.tech/v1/graphql \
-H "Authorization: Bearer YOUR_API_TOKEN_HERE" \
-H "Content-Type: application/json" \
-d '{"query": "{ vulnerabilities { id } }"}'
GraphQL Schema
The API provides access to the following main entities:
Vulnerability- CVE database entriesAlertList- Custom alert listsAlert- Individual alerts within a listUser- User data (own data only)BlogPost- Blog articles
Example Queries
Fetch Vulnerabilities
query GetVulnerabilities {
vulnerabilities(
limit: 10
offset: 0
where: {
cvss_score: {_gte: 7.0}
published_date: {_gte: "2025-01-01"}
}
order_by: {cvss_score: desc}
) {
id
title
description
cvss_score
cvss_version
published_date
severity
affected_products
}
}
Vulnerability by ID
query GetVulnerability {
vulnerability(id: "CVE-2024-0001") {
id
title
description
cvss_score
cvss_vector
published_date
modified_date
affected_products
references
cwe_id
exploitability_score
}
}
Fetch Alert Lists
query GetAlertLists {
alert_lists {
id
name
description
is_active
created_at
alerts {
id
search_terms
product_name
is_active
}
}
}
Search in Vulnerabilities
query SearchVulnerabilities {
vulnerabilities(
where: {
_or: [
{title: {_ilike: "%apache%"}}
{description: {_ilike: "%remote code%"}}
]
severity: {_eq: "HIGH"}
}
limit: 20
) {
id
title
cvss_score
severity
}
}
Mutations
Create Alert List
mutation CreateAlertList {
insert_alert_lists_one(object: {
name: "Production Servers"
description: "Alerts for production environment"
is_active: true
}) {
id
name
created_at
}
}
Create Alert
mutation CreateAlert {
insert_alerts_one(object: {
alert_list_id: 1
search_terms: ["apache", "httpd"]
product_name: "Apache HTTP Server"
is_active: true
}) {
id
search_terms
created_at
}
}
Update Alert
mutation UpdateAlert {
update_alerts_by_pk(
pk_columns: {id: 1}
_set: {is_active: false}
) {
id
is_active
}
}
Delete Alert
mutation DeleteAlert {
delete_alerts_by_pk(id: 1) {
id
}
}
Subscriptions (Real-time)
Hasura supports GraphQL Subscriptions for real-time updates:
subscription WatchNewVulnerabilities {
vulnerabilities(
where: {
published_date: {_gte: "2025-01-01"}
severity: {_eq: "CRITICAL"}
}
order_by: {published_date: desc}
limit: 10
) {
id
title
cvss_score
published_date
}
}
Rate Limiting
To ensure fair usage, the following limits apply:
- Free Plan: 100 requests per hour
- Professional Plan: 1,000 requests per hour
- Enterprise Plan: Unlimited
Rate Limit Headers are included in every response:
X-RateLimit-Limit: 1000 X-RateLimit-Remaining: 987 X-RateLimit-Reset: 1640000000
Error Handling
GraphQL returns structured error responses:
{
"errors": [
{
"message": "Rate limit exceeded",
"extensions": {
"code": "RATE_LIMIT_EXCEEDED",
"retryAfter": 3600
}
}
]
}
Common Error Codes:
UNAUTHENTICATED- Token missing or invalidFORBIDDEN- No permission for this operationRATE_LIMIT_EXCEEDED- Rate limit exceededVALIDATION_ERROR- Invalid Query/Mutation