API Docs
To create integrations, retrieve/ingest data and automate workflows use Interlynk's GraphQL api. Interlynk's GraphQL api offers precise and flexible queries to match your integration needs.
API Details
Authentication
The primary method of authenticating your API is via Security Tokens. You can obtain your security token by logging into the dashboard and following the steps below.
Login to the Interlynk's dashboard
Click on settings on the left-hand bar
Click on "Personal" on the top right.
Click on "Security Tokens"
Click on "+" to generate a new token.
You can name your security token at this stage and set its expiration date. Depending on the type of integration being done, its recommended to choose the appropriate expiration date. Interlynk's security token looks like lynk_live_CgzGW2qLk5C73o7SgsKyBT3wVcm*********
Please remember to copy the token once generated, you will not be able to retrieve it once you close the window.
The security token assumes the role of the user who created it. If a user with admin role creates the token it will have admin privileges.
Endpoint
Interlynk's GraphQL has a single endpoint. The same endpoint supports both queries and mutations.
https://api.interlynk.io/lynkapi
Requests
The curl command below demonstrates a simple call to the endpoint to retrieve your organizations name.
curl 'https://api.interlynk.io/lynkapi' \
-H 'authorization: Bearer _<SECURITY_TOKEN>' \
-H 'content-type: application/json' \
-d '{
"operationName": "GetOrgName",
"variables": {},
"query": "query GetOrgName { organization { name } }"
}'
Pagination
For most of the queries we support cursor based pagination. Cursor-based pagination is an efficient method for traversing large datasets in GraphQL. It uses a unique identifier (cursor) to determine the starting point for each subsequent query, allowing for consistent and performant data retrieval.
For all queries we always provide the total number of records for each query. If the number of entries to be returned is not provided it always defaults to 25.
The below example provides an example of a pagination request.
query GetProjectGroups() {
organization {
id
projectGroups(
first: $first
last: $last
after: $after
before: $before
) {
totalCount
pageInfo {
endCursor
hasNextPage
startCursor
hasPreviousPage
__typename
}
nodes {
id
}
}
}
}
Things to note
ProjectGroup takes params to control the pagination e.g first, last, after, before
(first, after): these params go together, first 100 starting after this offset.
(last, before): these params go together, last 30 before this offset.
totalCount is requested, which provides the total number of items in the dataset.
PageInfo: Server provided response which can be used for the next request.
(hasNextPage, endCursor): these allow for forward progression, if hasNextPage is true.
(hasPreviousPage, startCursor): these allow for backward progression, if hasPreviousPage is true.
Introspection
The production endpoint does not support introspection.
Search
For most of the queries we support search. The search fields are context dependent.
Ordering
For most of the queries we support ordering.
Use-cases
Below are a list of use cases which can help you build integrations
Get all projects and associated environments
query GetProjectsAndEnv($search: String, $enabled: Boolean, $first: Int, $last: Int, $after: String, $before: String, $field: ProjectGroupOrderByFields!, $direction: OrderByDirection!) {
organization {
id
projectGroups(
search: $search
enabled: $enabled
first: $first
last: $last
after: $after
before: $before
orderBy: {field: $field, direction: $direction}
) {
totalCount
pageInfo {
endCursor
hasNextPage
startCursor
hasPreviousPage
}
nodes {
id
name
enabled
versionCount: sbomsCount
updatedAt
environments: projects {
id
name
versionCount: sbomsCount
}
}
}
}
}
List versions for project id
query GetVersions($id: Uuid!, $first: Int, $after: String, $last: Int, $before: String, $search: String, $field: SbomOrderByFields!, $direction: OrderByDirection!) {
project(id: $id) {
id
versions: sbomVersions(
first: $first
after: $after
last: $last
before: $before
search: $search
orderBy: {direction: $direction, field: $field}
) {
totalCount
pageInfo {
endCursor
hasNextPage
startCursor
hasPreviousPage
}
nodes {
id
createdAt
updatedAt
lifecycle
projectVersion
vulnRunStatus
}
}
}
}
Upload SBOM as version for Project
mutation UploadSbom($doc: Upload!, $projectId: ID!) {
sbomUpload(input: {doc: $doc, projectId: $projectId}) {
errors
}
}
Download CycloneDX SBOM for a version
query downloadSbom($environmentId: Uuid!, $versionId: Uuid!, $includeVulns: Boolean) {
sbom(projectId: $environmentId, sbomId: $sbomId) {
download(sbomId: $versionId, includeVulns: $includeVulns)
__typename
}
}
Version Quality Score
query GetVersionQualityScores($versionIds: [ID!]!, $reportFormat: ComplianceReportFormat) {
complianceReports(sbomIds: $versionIds, reportFormat: $reportFormat) {
nodes {
reportFormat
score
scoreByCategory {
category
score
}
}
}
}
Version Status
After an sbom is uploaded to a version, various post-processing tasks are run. Tasks like vulnerability detection, automation and policies. All of these tasks have statuses associated with them, which can help determine if its the right time to download the SBOM.
STARTED and FINISHED are the only two statuses that are displayed.
query GetVersion($projectId: Uuid!, $versionId: Uuid!) {
sbom(projectId: $projectId, sbomId: $versionId) {
id
vulnRunStatus
automationRunStatus
policyRunStatus
}
}
Last updated