REST API

Hyprwatch provides a REST API for programmatic access to your fleet.

Interactive API Docs: Explore and test all endpoints in our Swagger UI.

Authentication

All API requests require an API key. Include it in the Authorization header:

Authorization: Bearer hw_live_xxxxx

Base URL

https://hyprwatch.cloud/api/v1

Core Endpoints

GET /whoami

Get information about the current API key and organization.

POST /query

Execute a SQL query across your fleet. Returns results from all targeted hosts.

GET /hosts

List all hosts in your organization. Filter by platform, group, or labels.

GET /hosts/:id

Get detailed information about a specific host.

GET /queries

List saved queries. Create, update, delete, and schedule queries.

GET /schema/tables

List all available osquery tables. Search by name or filter by platform.

POST /webhooks

Create a webhook to receive event notifications. See Webhooks docs for details.

GET /webhooks

List all webhooks for your organization.

Rate Limits

API requests are rate limited to 100 requests per minute per organization. Rate limit headers are included in all responses:

X-RateLimit-Limit - Maximum requests per minute
X-RateLimit-Remaining - Remaining requests in current window
Retry-After - Seconds until rate limit resets (when limited)

Example: Execute a Query

curl -X POST https://hyprwatch.cloud/api/v1/query \
-H "Authorization: Bearer hw_live_xxx" \
-H "Content-Type: application/json" \
-d '{
"sql": "SELECT pid, name, cmdline FROM processes WHERE name LIKE '%ssh%'",
"targets": "all",
"timeout": 30000
}'

Response:

{
"query_id": "q_abc123",
"results": [
{
  "host_id": "uuid",
  "hostname": "server-01",
  "status": "success",
  "rows": [
    {"pid": "1234", "name": "sshd", "cmdline": "/usr/sbin/sshd -D"}
  ]
}
],
"summary": {
"total": 5,
"success": 5,
"timeout": 0,
"error": 0,
"duration_ms": 2340
}
}