Devici REST API
Devici provides a REST API for programmatic access to the platform.
The API enables organizations to integrate Devici with external systems, automate workflows, and manage threat modeling data at scale.
What You Can Do with the API
Using the Devici REST API, you can programmatically manage:
- Collections
- Threat models
- Canvases
- Components and attributes
- Threats and mitigations
The API supports standard Create, Read, Update, and Delete (CRUD) operations across supported resources.
API Documentation
The complete developer reference for the Devici REST API is hosted separately:
This reference includes endpoint definitions, request and response schemas, authentication details, and examples.
Authentication and Access
The Devici REST API uses OAuth2 client credentials for authentication.
Access is provided through API tokens, which:
- Are available to Enterprise tier organizations
- Are managed by Super-admin users
- Use fine-grained, scope-based permissions
- Support optional IP allowlisting
API tokens are required for all programmatic access to the API.
Managing API Tokens
API tokens are created and managed within the Devici platform.
For details on creating, configuring, securing, and rotating API tokens, see:
Getting Started
To begin using the API:
- Ensure your organization has an Enterprise subscription
- Have a Super-admin create an API token
- Review the API documentation for available endpoints
- Authenticate requests using the issued token
Support and Feedback
The Devici REST API continues to evolve.
If you need access to additional data or encounter issues, contact the Devici support team.