SMARTFENSE API

Connect SMARTFENSE with your entire security ecosystem

A documented REST API that gives you programmatic access to your campaign results, risk scoring and user management. Automate workflows, bring your metrics into your BI and unify awareness with the rest of your security stack.

SMARTFENSE API

RESTOAuth 2.0JSONHTTPS requiredPaginated responsesUTC dates (ISO 8601)

From a platform you use to a platform you build on

SMARTFENSE’s native integrations (Microsoft Entra ID, Google, Slack, Teams, SAP SuccessFactors, Vanta, LDAP, SAML 2.0) cover the most common connectors with no configuration. The API covers the rest: any workflow, report or automation specific to your organization that doesn’t come out of the box, you build yourself with direct access to the data.

Looking for a ready-made connector? See the native integrations →

Use cases

Bring your metrics into your BI

Feed PowerBI, Looker or Tableau with your campaign results and risk scoring to build the dashboards and executive reports your organization needs.

Enabled by: Results by campaign type + Risk Scoring by user, group and organization.

Enrich your SIEM or GRC

Bring your users’ risk level into your security stack to correlate the human factor with the rest of your signals and prioritize where to act.

Enabled by: Risk Scoring endpoints (user / group / organization).

Automate user provisioning

Sync your awareness platform with your IdP or HR system: import users and query their information with no manual work.

Enabled by: User import (POST) and general user information.

Centralize your compliance evidence

Export audit logs to your compliance and GRC tools to build consistent evidence of your awareness program.

Enabled by: Administrative and system audit + administrators’ last access.

Unify the results of your whole program

Consolidate the results of phishing, ransomware, smishing, training, exams, videos and more in one place to measure your program’s real progress.

Enabled by: Campaign results for each type of action.

Add the engagement layer

Integrate your users’ progress and achievements into your own portals or internal recognition programs.

Enabled by: Badges by user.

Access to the key areas of your awareness program

Through the API you access the major data areas of your program:

  • Campaign and awareness action resultsHow your users perform across the different actions you run.
  • Risk ScoringThe risk level at user, group and organization level.
  • User and organization managementUser provisioning and information about your organization.
  • Audit and traceabilityPlatform activity logs.
  • ContentInformation about the available content.

The full, always up-to-date catalog of endpoints lives in the documentation. View the API reference →

Standard, predictable and production-ready

Authentication

The API uses OAuth 2.0. It supports the Client Credentials flow for server-to-server integrations and the Authorization Code flow (with PKCE) when your application acts on behalf of a user. Each application is created with the scopes it needs, and every call travels with a bearer token over HTTPS.

Response format

All responses are JSON. Dates are expressed in UTC using ISO 8601. Listings are paginated with a consistent structure (count, next, previous, results), with up to 100 records per page.

Getting started

1. Create your application and get your client_id and client_secret. 2. Request an access token from the OAuth endpoint. 3. Make your calls including the token in the Authorization header.

# Request an access token (OAuth 2.0)
curl -X POST https://tu-instancia.smartfense.com/oauth/token/ \ -d grant_type=client_credentials \ -d client_id=TU_CLIENT_ID \ -d client_secret=TU_CLIENT_SECRET # Call the API with the token
curl https://tu-instancia.smartfense.com/api/... \ -H "Authorization: Bearer ACCESS_TOKEN"

The base URL is your instance’s domain. Check the documentation for the exact endpoints. Your client_secret is secret: never expose it in client-side code or in the browser.

Security and standards

  • OAuth 2.0 authentication with two flows (Client Credentials and Authorization Code with PKCE).
  • HTTPS required: any plain HTTP call is rejected.
  • Scope-based access: each application receives only the permissions it needs.
  • Standard REST design, understandable by any HTTP client, with clear HTTP status codes.

Ready to integrate SMARTFENSE?

Explore the full API documentation or contact us to coordinate access and resolve your integration questions.

The API is part of the SMARTFENSE base platform.

View the documentation

Request API access

Leave us your details and we’ll coordinate your API access and answer your integration questions.