# API overview

## Conventions
- JSON payloads use camelCase and RFC 7807 for problem details.
- Streaming endpoints support SSE or NDJSON.
- Timestamps are UTC ISO 8601.

## Major API groups
- Scanner: scan submission, status, SBOM retrieval, diffs, reports.
- Policy: policy import/export, validation, preview, and simulation.
- Scheduler: schedules, runs, and impact selection.
- Notify: rules, channels, deliveries, and test sends.
- VEX and consensus: consensus evaluation and exports.
- Signals: reachability, runtime facts, unknowns.
- Export Center: export runs and offline bundles.
- Authority: token issuance and administrative endpoints.

## OpenAPI specifications
- docs/api/delta-compare-openapi.yaml
- docs/api/evidence-decision-api.openapi.yaml
- docs/api/graph-gateway-spec-draft.yaml
- docs/api/notify-openapi.yaml
- docs/api/proofs-openapi.yaml
- docs/api/taskrunner-openapi.yaml
- docs/api/vexlens-openapi.yaml
- docs/modules/export-center/openapi/export-center.v1.yaml
- docs/modules/findings-ledger/openapi/findings-ledger.v1.yaml
- docs/modules/vuln-explorer/openapi/vuln-explorer.v1.yaml
- docs/schemas/excititor-chunk-api.openapi.yaml
- docs/schemas/findings-evidence-api.openapi.yaml
- docs/schemas/findings-ledger-api.openapi.yaml
- docs/schemas/graph-platform-api.openapi.yaml
- docs/schemas/ledger-time-travel-api.openapi.yaml
- docs/schemas/policy-engine-rest.openapi.yaml
- docs/schemas/policy-registry-api.openapi.yaml

## Schema and contract catalogs
- docs/schemas: JSON schemas and OpenAPI fragments.
- docs/contracts: protocol and contract definitions.
- docs/api: API references and gateway specs.