A documented REST API that gives you programmatic access to your campaign results, risk scoring and user management. Automate workflows, bring your metrics into your BI and unify awareness with the rest of your security stack.

SMARTFENSE’s native integrations (Microsoft Entra ID, Google, Slack, Teams, SAP SuccessFactors, Vanta, LDAP, SAML 2.0) cover the most common connectors with no configuration. The API covers the rest: any workflow, report or automation specific to your organization that doesn’t come out of the box, you build yourself with direct access to the data.
Looking for a ready-made connector? See the native integrations →
Feed PowerBI, Looker or Tableau with your campaign results and risk scoring to build the dashboards and executive reports your organization needs.
Enabled by: Results by campaign type + Risk Scoring by user, group and organization.
Bring your users’ risk level into your security stack to correlate the human factor with the rest of your signals and prioritize where to act.
Enabled by: Risk Scoring endpoints (user / group / organization).
Sync your awareness platform with your IdP or HR system: import users and query their information with no manual work.
Enabled by: User import (POST) and general user information.
Export audit logs to your compliance and GRC tools to build consistent evidence of your awareness program.
Enabled by: Administrative and system audit + administrators’ last access.
Consolidate the results of phishing, ransomware, smishing, training, exams, videos and more in one place to measure your program’s real progress.
Enabled by: Campaign results for each type of action.
Integrate your users’ progress and achievements into your own portals or internal recognition programs.
Enabled by: Badges by user.
Through the API you access the major data areas of your program:
The API uses OAuth 2.0. It supports the Client Credentials flow for server-to-server integrations and the Authorization Code flow (with PKCE) when your application acts on behalf of a user. Each application is created with the scopes it needs, and every call travels with a bearer token over HTTPS.
All responses are JSON. Dates are expressed in UTC using ISO 8601. Listings are paginated with a consistent structure (count, next, previous, results), with up to 100 records per page.
1. Create your application and get your client_id and client_secret. 2. Request an access token from the OAuth endpoint. 3. Make your calls including the token in the Authorization header.
# Request an access token (OAuth 2.0) curl -X POST https://tu-instancia.smartfense.com/oauth/token/ \ -d grant_type=client_credentials \ -d client_id=TU_CLIENT_ID \ -d client_secret=TU_CLIENT_SECRET # Call the API with the token curl https://tu-instancia.smartfense.com/api/... \ -H "Authorization: Bearer ACCESS_TOKEN"
The base URL is your instance’s domain. Check the documentation for the exact endpoints. Your client_secret is secret: never expose it in client-side code or in the browser.
Explore the full API documentation or contact us to coordinate access and resolve your integration questions.
The API is part of the SMARTFENSE base platform.
Leave us your details and we’ll coordinate your API access and answer your integration questions.