This reference describes the REST APIs you can use to interact with the Ghost platform.

You may want to create an API key before you start.

Authentication

The Ghost API uses API keys for authentication. Create and manage API keys in your platform settings.

Remember that your API key is a secret! Do not share it with others or commit it to source control. API keys should be securely loaded from an environment variable or key management mechanism.

If necessary, you can disable an API key if it has been compromised.

API keys should be provided in the Authorization header as a Bearer token.

Authorization: Bearer <api_key>

An example request using curl:

curl "https://api.ghostsecurity.ai/v1/findings" \
     -H "Authorization: Bearer <api_key>"

Organizations

API keys are scoped to an organization. If you belong to multiple organizations, you must create API keys within each organization.