Documentation

Aegis Quantum API Reference

The Aegis Quantum REST API provides programmatic access to cryptographic discovery, risk scoring, and reporting. All endpoints use HTTPS and JSON. Authentication is OAuth 2.0 client credentials.

API Status: Operationalv1.8.3

Getting Started

The Aegis Quantum API allows you to programmatically scan your environment, retrieve risk scores, configure connectors, and pull remediation recommendations into your existing security tooling. The base URL for all v1 API requests is:

http

https://api.aegisquantum.io/v1

All requests must include a valid Authorization: Bearer header. Rate limits are enforced per API key at 1,000 requests/minute for Business plans and unlimited for Enterprise.

Authentication

Aegis Quantum uses OAuth 2.0 client credentials flow. Generate API credentials from the Settings → API Keys section of your dashboard. Tokens expire after 1 hour and should be cached and refreshed automatically.

bash

curl -X POST https://api.aegisquantum.io/v1/auth/token \
  -H "Content-Type: application/json" \
  -d '{
    "client_id": "aq_client_xxxxxxxxxxxx",
    "client_secret": "aq_secret_xxxxxxxxxxxx",
    "grant_type": "client_credentials"
  }'

Response:

json

{
  "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
  "token_type": "Bearer",
  "expires_in": 3600,
  "scope": "scans:read scans:write reports:read"
}

Connectors

Connectors define the data sources Aegis Quantum will scan. Supported connector types include: aws, azure, gcp, kubernetes, rest_api, and on_premise_gateway.

bash

curl -X POST https://api.aegisquantum.io/v1/connectors \
  -H "Authorization: Bearer $ACCESS_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "type": "aws",
    "name": "Production AWS Account",
    "config": {
      "account_id": "123456789012",
      "regions": ["us-east-1", "eu-west-1"],
      "role_arn": "arn:aws:iam::123456789012:role/AegisQuantumScanner"
    }
  }'

Scanning

Initiate a cryptographic scan against one or more connectors. Scans are asynchronous — poll the /v1/scans/{scan_id} endpoint or configure a webhook to receive completion notifications.

bash

curl -X POST https://api.aegisquantum.io/v1/scans \
  -H "Authorization: Bearer $ACCESS_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "connector_ids": ["conn_abc123", "conn_def456"],
    "scan_type": "full",
    "options": {
      "include_certificates": true,
      "include_tls_endpoints": true,
      "include_kms_keys": true,
      "depth": "comprehensive"
    }
  }'

Response (202 Accepted):

json

{
  "scan_id": "scan_7f3a9c2e",
  "status": "running",
  "created_at": "2026-05-07T12:00:00Z",
  "estimated_completion_at": "2026-05-07T13:30:00Z",
  "assets_queued": 14829,
  "connector_ids": ["conn_abc123", "conn_def456"]
}

Risk Scoring API

Retrieve paginated findings for a completed scan, including per-asset quantum risk scores, severity classifications, and NIST-aligned remediation recommendations.

bash

curl https://api.aegisquantum.io/v1/scans/scan_7f3a9c2e/findings \
  -H "Authorization: Bearer $ACCESS_TOKEN"

Response (200 OK):

json

{
  "scan_id": "scan_7f3a9c2e",
  "quantum_risk_score": 82,
  "risk_level": "HIGH",
  "summary": {
    "total_assets": 14829,
    "vulnerable_assets": 6231,
    "critical": 142,
    "high": 891,
    "medium": 2340,
    "low": 2858
  },
  "findings": [
    {
      "id": "finding_a1b2c3",
      "asset_type": "tls_endpoint",
      "asset_id": "api.payments.internal:443",
      "algorithm": "RSA-2048",
      "severity": "critical",
      "quantum_vulnerable": true,
      "reason": "RSA-2048 is broken by Shor's algorithm on a CRQC",
      "remediation": {
        "action": "migrate_to_pqc",
        "target_algorithm": "ML-KEM-768",
        "nist_standard": "FIPS 203",
        "estimated_effort_days": 14
      }
    }
  ]
}

Webhooks

Configure webhook endpoints to receive real-time notifications when scans complete, new critical findings are detected, or risk scores change. Payloads are signed with HMAC-SHA256 using your webhook secret.

Security Notice

Always verify the X-Aegis-Signature header before processing webhook payloads. Reject requests with invalid signatures.

json

{
  "event": "scan.completed",
  "scan_id": "scan_7f3a9c2e",
  "timestamp": "2026-05-07T13:28:47Z",
  "payload": {
    "quantum_risk_score": 82,
    "risk_level": "HIGH",
    "new_critical_findings": 3,
    "report_url": "https://app.aegisquantum.io/reports/scan_7f3a9c2e"
  },
  "signature": "sha256=a1b2c3d4e5f6..."
}

SDKs

Official SDKs are available for TypeScript/Node.js, Python, Go, and Java. Install the Node.js SDK with:

bash

npm install @aegis-quantum/sdk

typescript

import { AegisQuantum } from '@aegis-quantum/sdk';

const client = new AegisQuantum({
  clientId: process.env.AQ_CLIENT_ID,
  clientSecret: process.env.AQ_CLIENT_SECRET,
});

// Start a scan
const scan = await client.scans.create({
  connectorIds: ['conn_abc123'],
  scanType: 'full',
});

// Wait for completion and get findings
const findings = await client.scans.findings(scan.id);

console.log(`Quantum Risk Score: ${findings.quantumRiskScore}/100`);
console.log(`Critical findings: ${findings.summary.critical}`);

NIST PQC Reference

Aegis Quantum's remediation recommendations are aligned with the NIST Post-Quantum Cryptography standards finalized in August 2024.

Standard

FIPS 203

Algorithm

ML-KEM (Kyber)

Use Case

Key encapsulation / key exchange

Replaces

RSA, ECDH, DH

Standard

FIPS 204

Algorithm

ML-DSA (Dilithium)

Use Case

Digital signatures

Replaces

RSA-PSS, ECDSA, DSA

Standard

FIPS 205

Algorithm

SLH-DSA (SPHINCS+)

Use Case

Stateless hash-based signatures

Replaces

RSA, ECDSA (backup option)