REST API

API Reference

Integrate TerraGuard into your applications with our REST API. Programmatically analyze Terraform plans and retrieve security reports.

Authentication

API Key Authentication

All API requests require authentication using an API key passed in the Authorization header.

Authorization: Bearer YOUR_API_KEY

Base URL

https://api.syncrally.com/v1

Endpoints

POST/api/v1/analyze

Analyze a Terraform plan file and return security findings

GET/api/v1/reports/:id

Retrieve a previously generated analysis report

GET/api/v1/reports

List all reports for the authenticated user

DELETE/api/v1/reports/:id

Delete a specific report

GET/api/v1/compliance/frameworks

List available compliance frameworks (SOC2, PCI-DSS, etc.)

GET/api/v1/health

Check API health status (no auth required)

Example Request

cURL

curl -X POST https://api.syncrally.com/v1/analyze \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "plan": "<base64_encoded_tfplan>",
    "format": "json",
    "compliance": ["soc2"]
  }'

Example Response

JSON200 OK

{
  "id": "rpt_a1b2c3d4e5",
  "status": "complete",
  "summary": {
    "resources_analyzed": 47,
    "issues_found": 3,
    "severity": {
      "critical": 1,
      "high": 1,
      "medium": 1
    }
  },
  "compliance": {
    "soc2": {
      "passed": 12,
      "failed": 2
    }
  }
}

Rate Limits

API requests are rate limited based on your subscription plan. Rate limits are applied per API key.

Plan	Requests/Hour	Requests/Day	Max File Size
Beta Access	100	1,000	50 MB
Pro (Coming Soon)	500	10,000	100 MB
Enterprise (Coming Soon)	Unlimited	Unlimited	500 MB

Rate limit headers: Each response includesX-RateLimit-Limit,X-RateLimit-Remaining, andX-RateLimit-Reset headers.

SDKs & Libraries

JavaScript / TypeScript

npm install @syncrally/terraguard

import { TerraGuard } from '@syncrally/terraguard';

const client = new TerraGuard('YOUR_API_KEY');
const result = await client.analyze(planJson);

Python

pip install terraguard

from terraguard import TerraGuard

client = TerraGuard(api_key="YOUR_API_KEY")
result = client.analyze(plan_json)

go get github.com/syncrally/terraguard-go

import "github.com/syncrally/terraguard-go"

client := terraguard.NewClient("YOUR_API_KEY")
result, _ := client.Analyze(planJson)

CLI Tool

cargo install terraguard

# Authenticate
export TERRAGUARD_API_KEY="YOUR_API_KEY"

# Analyze
terraguard tfplan.json --format json

SDKs are currently in beta. View documentation for detailed usage.

Error Codes

Code	Status	Description
200	OK	Request successful
400	Bad Request	Invalid request body or parameters
401	Unauthorized	Missing or invalid API key
403	Forbidden	API key lacks required permissions
429	Too Many Requests	Rate limit exceeded
500	Internal Error	Server error, please retry