API Overview

Integrate TARA Flow into your workflow with our REST API

Last updated: December 13, 20245 min read

TARA Flow provides a comprehensive REST API that allows you to integrate threat modeling and compliance automation into your existing workflows, CI/CD pipelines, and toolchains.

API Access

API access is available on Professional and Enterprise plans. Contact us to get your API credentials.

Authentication

All API requests require authentication using an API key passed in the Authorization header:

bash

curl -X GET "https://api.taraflow.io/v1/projects" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json"

Base URL

All API endpoints are relative to:

text

https://api.taraflow.io/v1

Available Endpoints

Endpoint	Method	Description
/projects	GET	List all projects
/projects	POST	Create a new project
/projects/:id	GET	Get project details
/projects/:id/upload	POST	Upload a diagram
/projects/:id/analyze	POST	Trigger AI analysis
/projects/:id/threats	GET	Get threat model
/projects/:id/export	GET	Export documentation

Example: Create and Analyze a Project

typescript·example.ts

// 1. Create a new project
const project = await fetch("https://api.taraflow.io/v1/projects", {
  method: "POST",
  headers: {
    "Authorization": "Bearer YOUR_API_KEY",
    "Content-Type": "application/json"
  },
  body: JSON.stringify({
    name: "Vehicle Gateway ECU",
    standard: "ISO_21434"
  })
});

// 2. Upload a diagram
const formData = new FormData();
formData.append("file", diagramFile);

await fetch(`https://api.taraflow.io/v1/projects/${project.id}/upload`, {
  method: "POST",
  headers: { "Authorization": "Bearer YOUR_API_KEY" },
  body: formData
});

// 3. Trigger analysis
const analysis = await fetch(
  `https://api.taraflow.io/v1/projects/${project.id}/analyze`,
  {
    method: "POST",
    headers: { "Authorization": "Bearer YOUR_API_KEY" }
  }
);

// 4. Get results
const threats = await fetch(
  `https://api.taraflow.io/v1/projects/${project.id}/threats`,
  {
    headers: { "Authorization": "Bearer YOUR_API_KEY" }
  }
);

Rate Limits

Plan	Requests/min	Requests/day
Professional	60	10,000
Enterprise	300	Unlimited

Webhooks

Configure webhooks to receive real-time notifications when analysis completes, threats are updated, or exports are ready.

Need Full API Documentation?

Complete API documentation with request/response schemas and interactive examples is available to customers with API access. Contact us to get started.

Request API Access

Was this page helpful?

Compliance Automation

FAQ