Updated 1 year ago by TruSTAR

Version 2.0 of the TruSTAR REST API was introduced in May, 2021. While TruSTAR still supports version 1.3, you should use version 2.0 when building new custom applications.

The TruSTAR REST API enables you to easily synchronize report information available in TruSTAR with the monitoring tools and analysis workflows you use in your infrastructure. All API access is over HTTPS, and all data is transmitted securely in JSON format.

API Coverage

The API provides endpoints for these functional areas of the TruSTAR platform:



Basic commands

Endpoints for Ping, Version, and for requesting your API quota information.


Endpoints that manage reports, including submit, update, share (with or without redaction), copy, move, delete, search for reports, find correlated reports, and get report status.


Endpoints that work with Indicators, including submit, find/search, and summaries.

This section also includes commands for working with safelists (whitelists), including fetching the safelist contents and adding and deleting items from the safelist.


Endpoints for using tags with Reports and Indicators.


Fetches the list of all enclaves that the user has access to, as well as whether they can read, create, and update reports in that enclave.

Phishing Triage

Endpoints to retrieve prioritized phishing emails and their associated indicators, as well as to set the status of the email.

In addition, the API provides error codes that can help you troubleshoot an integration.

How Did We Do?