Interlynk API

Upload, download, and manage SBOMs on the Interlynk platform with a GraphQL API. Every example in these docs uses curl.

The Interlynk API lets you automate everything you can do in the Interlynk dashboard: upload SBOMs, download them in CycloneDX or SPDX, edit metadata, review vulnerabilities, and apply VEX.

The API is GraphQL. There is one endpoint, and it handles both reads (queries) and writes (mutations).

https://api.interlynk.io/lynkapi

How to read these docs

Every request in this documentation is a curl command you can copy, paste, and run. Set your security token as an environment variable first and the examples will work as written:

export INTERLYNK_SECURITY_TOKEN="lynk_live_xxxxxxxxxxxxxxxxxxxx"

If you use the platform from a CI pipeline or a script in another language, the same requests apply. GraphQL over HTTP is just a POST with a JSON body.

Start here

Page

What it covers

Authentication

Create a security token and make an authenticated request

Quickstart

Your first API call, end to end

Data Model

Products, environments, versions, and components

Common tasks

Guide

Use it to

Upload an SBOM

Push an SBOM file to a product

Download an SBOM

Pull an SBOM in CycloneDX or SPDX

List Products and Versions

Find the IDs you need for other calls

Edit SBOM Metadata

Add or change SBOM authors and suppliers

Edit a Component

Change a component's license, copyright, or other fields

Vulnerabilities and VEX

List vulnerabilities and set VEX status

Prefer a CLI?

pylynk is the official command-line tool. It wraps the same API and is a good fit for CI/CD pipelines. These docs cover the raw API for everyone who wants to call it directly.

NextAuthentication

Last updated 20 days ago