API Reference
The Native Security REST API is accessible at https://api.natives-security.com/v1/. All endpoints require Bearer token authentication.
Authentication
Pass your API key as a Bearer token in the Authorization header:
Authorization: Bearer ns_live_xxxxxxxxxxxxxxxxxxxx
API keys are generated from the Native Security dashboard under Settings > API Keys.
Accounts
List connected accounts
GET /v1/accounts
Returns all cloud accounts connected to your organization.
{
"accounts": [
{
"id": "acct_aws_123456789012",
"cloud": "aws",
"external_id": "123456789012",
"display_name": "prod-account-01",
"status": "connected",
"last_scan": "2026-06-30T14:22:18Z",
"policy_count": 847
},
{
"id": "acct_azure_sub_abcdef",
"cloud": "azure",
"external_id": "sub-abcdef-1234",
"display_name": "prod-subscription",
"status": "connected",
"last_scan": "2026-06-30T14:22:19Z",
"policy_count": 312
}
],
"total": 2
}
Controls
List controls for an account
GET /v1/accounts/{account_id}/controls
Returns the control inventory for a connected account, including attachment status and coverage.
{
"controls": [
{
"id": "ctrl_aws_scp_p-abc123",
"account_id": "acct_aws_123456789012",
"type": "aws_scp",
"name": "SCP-DenyPublicAccess",
"status": "attached",
"targets": [
{"type": "root", "id": "r-xxxx", "coverage": "all_accounts"}
],
"gap_detected": false,
"nist_mapping": ["PR.AC-1", "PR.DS-5"],
"soc2_mapping": ["CC6.1"]
}
]
}
Guardrails
List guardrail configurations
GET /v1/guardrails
Returns your configured guardrail enforcement levels.
{
"guardrails": [
{
"id": "gr_001",
"control_id": "ctrl_aws_scp_p-abc123",
"enforcement_level": "block",
"active": true,
"created_at": "2026-03-15T09:00:00Z"
}
]
}
Evaluations
Submit a plan for evaluation
POST /v1/evaluations
Submit a Terraform plan JSON for policy gate evaluation. Returns PASS or FAIL with violation details.
Request body:
{
"account_id": "acct_aws_123456789012",
"plan": { ... },
"enforcement_level": "block"
}
Response:
{
"evaluation_id": "eval_xzq7ab8c",
"status": "fail",
"result": "FAIL",
"violations": [
{
"resource": "aws_iam_role.app_deployer",
"control": "SCP-DenyAdminRoleWithoutBoundary",
"action": "iam:CreateRole",
"reason": "PermissionsBoundary condition not met",
"suggested_fix": "Add permissions_boundary = 'arn:aws:iam::*:policy/OrgPermBoundary'"
}
],
"resources_checked": 12,
"violations_count": 1,
"duration_ms": 1104
}
Reports
Generate compliance coverage report
GET /v1/reports/compliance?framework=soc2&account_id=acct_aws_123456789012
Returns a compliance coverage report mapping your controls to the requested framework. Supported frameworks: soc2, nist_csf, cis_aws_l1.
{
"framework": "soc2",
"coverage_percent": 78,
"controls": [
{
"framework_control": "CC6.1",
"description": "Logical access security",
"status": "covered",
"native_policies": ["SCP-DenyAdminWithoutBoundary", "SCP-DenyPublicS3"]
},
{
"framework_control": "CC6.7",
"description": "Data transmission encryption",
"status": "gap",
"native_policies": []
}
]
}