API Reference

The Native Security REST API is accessible at https://api.natives-security.com/v1/. All endpoints require Bearer token authentication.

Authentication

Pass your API key as a Bearer token in the Authorization header:

Authorization: Bearer ns_live_xxxxxxxxxxxxxxxxxxxx

API keys are generated from the Native Security dashboard under Settings > API Keys.

Accounts

List connected accounts

GET /v1/accounts

Returns all cloud accounts connected to your organization.

{
  "accounts": [
    {
      "id": "acct_aws_123456789012",
      "cloud": "aws",
      "external_id": "123456789012",
      "display_name": "prod-account-01",
      "status": "connected",
      "last_scan": "2026-06-30T14:22:18Z",
      "policy_count": 847
    },
    {
      "id": "acct_azure_sub_abcdef",
      "cloud": "azure",
      "external_id": "sub-abcdef-1234",
      "display_name": "prod-subscription",
      "status": "connected",
      "last_scan": "2026-06-30T14:22:19Z",
      "policy_count": 312
    }
  ],
  "total": 2
}

Controls

List controls for an account

GET /v1/accounts/{account_id}/controls

Returns the control inventory for a connected account, including attachment status and coverage.

{
  "controls": [
    {
      "id": "ctrl_aws_scp_p-abc123",
      "account_id": "acct_aws_123456789012",
      "type": "aws_scp",
      "name": "SCP-DenyPublicAccess",
      "status": "attached",
      "targets": [
        {"type": "root", "id": "r-xxxx", "coverage": "all_accounts"}
      ],
      "gap_detected": false,
      "nist_mapping": ["PR.AC-1", "PR.DS-5"],
      "soc2_mapping": ["CC6.1"]
    }
  ]
}

Guardrails

List guardrail configurations

GET /v1/guardrails

Returns your configured guardrail enforcement levels.

{
  "guardrails": [
    {
      "id": "gr_001",
      "control_id": "ctrl_aws_scp_p-abc123",
      "enforcement_level": "block",
      "active": true,
      "created_at": "2026-03-15T09:00:00Z"
    }
  ]
}

Evaluations

Submit a plan for evaluation

POST /v1/evaluations

Submit a Terraform plan JSON for policy gate evaluation. Returns PASS or FAIL with violation details.

Request body:

{
  "account_id": "acct_aws_123456789012",
  "plan": { ... },
  "enforcement_level": "block"
}

Response:

{
  "evaluation_id": "eval_xzq7ab8c",
  "status": "fail",
  "result": "FAIL",
  "violations": [
    {
      "resource": "aws_iam_role.app_deployer",
      "control": "SCP-DenyAdminRoleWithoutBoundary",
      "action": "iam:CreateRole",
      "reason": "PermissionsBoundary condition not met",
      "suggested_fix": "Add permissions_boundary = 'arn:aws:iam::*:policy/OrgPermBoundary'"
    }
  ],
  "resources_checked": 12,
  "violations_count": 1,
  "duration_ms": 1104
}

Reports

Generate compliance coverage report

GET /v1/reports/compliance?framework=soc2&account_id=acct_aws_123456789012

Returns a compliance coverage report mapping your controls to the requested framework. Supported frameworks: soc2, nist_csf, cis_aws_l1.

{
  "framework": "soc2",
  "coverage_percent": 78,
  "controls": [
    {
      "framework_control": "CC6.1",
      "description": "Logical access security",
      "status": "covered",
      "native_policies": ["SCP-DenyAdminWithoutBoundary", "SCP-DenyPublicS3"]
    },
    {
      "framework_control": "CC6.7",
      "description": "Data transmission encryption",
      "status": "gap",
      "native_policies": []
    }
  ]
}