Auth Service
auth.knogin.com
Handles all authentication, user management, MFA, SSO, API keys, roles, permissions, and session management. This is where you obtain tokens for accessing the API Service.
- 80+ Endpoints
- OAuth2/OIDC
- TOTP/Passkey/Voice MFA
API Docs
API Reference
Complete documentation for all Argus APIs including GraphQL, REST, and WebSocket endpoints. All endpoints require a valid argus_auth_token to return data.
API Overview
Argus Command Center exposes two primary API services with over 200 REST endpoints and 180+ GraphQL operations. All authenticated endpoints require a valid argus_auth_token obtained through the Auth Service.
API Service
api.knogin.com
The core intelligence platform API providing REST endpoints and GraphQL for investigations, cases, profiles, evidence, alerts, monitors, AI services, and real-time communication.
- 130+ REST Endpoints
- 180+ GraphQL Operations
- WebSocket
Base URLs
Auth Service (Production)
https://auth.knogin.comAPI Service (Production)
https://api.knogin.comAuth Service (Staging)
https://auth-staging.knogin.comAPI Service (Staging)
https://api-staging.knogin.comAuthentication
All authenticated API requests require a valid argus_auth_token. Tokens are obtained through the Auth Service and must be included in all subsequent requests to both services. API keys can be generated in the Auth Service dashboard under your user profile for programmatic access.
HTTP-Only Cookie (Recommended for browsers)
After successful login, cookies are set automatically:
platform_access_token=eyJhbGc... # Short-lived access token
knogin_refresh_token=eyJhbGc... # Long-lived refresh tokenBearer Token (For programmatic access)
Include the token in the Authorization header:
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...Obtaining a Token
# Using username/password (OAuth2 form)
curl -X POST https://auth.knogin.com/v1/token \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "username=user@example.com&password=your_password"
# Using API Key (recommended for service-to-service)
curl -X POST https://auth.knogin.com/v1/auth/token \
-H "Content-Type: application/json" \
-d '{"api_key": "your_api_key", "platform": "argus"}'
# Response
{
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"token_type": "bearer",
"expires_in": 3600
}Auth Service Endpoints
The Auth Service (auth.knogin.com) handles all authentication, authorization, user management, MFA, SSO, API keys, roles, permissions, feature flags, and multi-tenant management. It contains 80+ endpoints organized by functionality.
Token & Session Management
Core authentication endpoints for obtaining, refreshing, and managing access tokens and sessions.
POST
/v1/tokenLogin with Credentials (OAuth2 Form)
OAuth2-compatible login endpoint that accepts form-encoded email and password. Issues platform-specific access tokens and sets HTTP-only cookies (platform_access_token, knogin_refresh_token) for browser sessions. If MFA is enabled, returns a challenge cookie instead requiring verification via /v1/mfa/verify-login. Supports redirect_uri for post-login navigation.
Public5/min
POST
/v1/auth/tokenLogin with API Key
Authenticate using an API key to receive a platform-specific JWT token. Ideal for service-to-service authentication, CI/CD pipelines, and programmatic access. API keys can be generated in the Auth Service dashboard under your user profile. Request body requires api_key and platform fields.
Public
POST
/v1/auth/refreshRefresh Access Token
Refresh expired access tokens using the knogin_refresh_token cookie. Returns new access token cookies without requiring re-authentication. Supports optional platform path parameter for platform-specific token refresh. Essential for maintaining long-lived sessions in browser applications.
Public
POST
/v1/auth/logoutLogout & Terminate Session
Terminates the current user session by invalidating all tokens and deleting authentication cookies. Removes the session from the server-side session store. Supports optional platform path parameter. Returns 204 No Content on success.
Auth Required
POST
/v1/auth/revoke-user-sessions/{user_id}Revoke All User Sessions (Admin)
Forcefully terminates all active sessions for a specific user across all devices and platforms. Used for security incidents or when a user's access needs to be immediately revoked. Returns count of sessions revoked. Requires admin or superuser role.
Admin/Superuser
User Profile & Self-Service
Endpoints for users to manage their own profiles, view their information, and update their settings.
GET
/v1/users/meGet Current User Profile
Returns the complete profile of the currently authenticated user including email, display name, organization, roles, permissions, MFA status, created date, and last login timestamp. Used by frontend applications to populate user dashboards and check permissions.
Auth Required
PUT
/v1/users/meUpdate Own Profile
Allows users to update their own profile information including display name, phone number, and password. If password is changed, all other sessions are automatically terminated for security. Requires current password verification for sensitive changes.
Auth Required
GET
/v1/auth/meGet Profile with Feature Flags
Returns current user profile along with evaluated feature flags for the user's tenant and any user-specific overrides. Used by frontend applications to determine which features to display based on the user's subscription tier and enabled experiments.
Auth Required
POST
/v1/users/createSelf-Registration
Public endpoint for new users to create an account. Accepts email and password, creates the user in the system, and sends a verification email. Rate limited to 2 requests per hour per IP to prevent abuse. Returns the created user object.
Public2/hour
Multi-Factor Authentication (MFA)
Comprehensive MFA support including TOTP (authenticator apps), WebAuthn passkeys, and voice verification. Users can enable multiple methods for layered security.
TOTP (Authenticator Apps)
POST
/v1/portal/mfa/totp/enableEnable TOTP - Generate Secret
Generates a new TOTP secret and returns it along with a QR code image (base64 encoded) for scanning with authenticator apps like Google Authenticator, Authy, or 1Password. The secret is stored in pending state until verified.
Auth Required
POST
/v1/portal/mfa/totp/verify-and-activateVerify and Activate TOTP
Verifies a TOTP code from the user's authenticator app and activates TOTP MFA for their account. Requires the 6-digit code from the authenticator app. Once activated, TOTP will be required for all future logins.
Auth Required
POST
/v1/portal/mfa/totp/disableDisable TOTP
Disables TOTP-based MFA for the current user. All active sessions are terminated for security after disabling. User must have another MFA method enabled or MFA must not be required by organization policy.
Auth Required
POST
/v1/mfa/verify-loginVerify MFA During Login
Validates the MFA code (TOTP) during the login challenge flow. Called after initial login when MFA is required. Requires the TF_AUTH challenge cookie and the 6-digit TOTP code. On success, issues full access tokens.
Public5/min
WebAuthn Passkeys
POST
/v1/portal/mfa/passkey/generate-registrationGenerate Passkey Registration Options
Generates WebAuthn registration options for creating a new passkey credential. Returns challenge, relying party info, and supported algorithms. Used by the browser's WebAuthn API (navigator.credentials.create) to create a new passkey.
Auth Required
POST
/v1/portal/mfa/passkey/verify-registrationVerify and Save Passkey
Verifies the WebAuthn attestation response from the browser and saves the new passkey credential. Stores the public key, credential ID, and metadata. Users can register multiple passkeys for different devices.
Auth Required
DELETE
/v1/portal/mfa/passkey/{credential_id}Delete Passkey
Removes a specific passkey credential by its ID. Users can manage their registered passkeys and remove old or compromised devices. Returns 204 No Content on success.
Auth Required
POST
/v1/portal/mfa/passkey/generate-authenticationGenerate Passkey Login Options
Generates WebAuthn authentication options for passkey-based login. Accepts email address and returns challenge with allowed credentials. Used by navigator.credentials.get for passwordless login initiation.
Public
POST
/v1/portal/mfa/passkey/verify-authenticationVerify Passkey and Login
Verifies the WebAuthn assertion response and completes passkey-based login. On successful verification, issues full access tokens and cookies. Supports redirect_uri for post-login navigation.
Public
Voice Verification
POST
/v1/portal/mfa/voice/enrollEnroll Voice Profile
Enrolls a voice sample for voice-based MFA. Accepts base64-encoded audio data of the user speaking a passphrase. The voice print is processed and stored for future verification. Requires multiple samples for accurate enrollment.
Auth Required
POST
/v1/portal/mfa/voice/verifyVerify Voice Sample
Verifies a voice sample against the enrolled voice profile during MFA challenge. Accepts base64-encoded audio and returns match score. Requires MFA challenge cookie. Used as alternative to TOTP for users who prefer voice authentication.
Public5/min
DELETE
/v1/portal/mfa/voiceDisable Voice MFA
Disables voice-based MFA and deletes the stored voice profile. Returns 204 No Content on success. User must have another MFA method enabled if MFA is required by organization policy.
Auth Required
GET
/v1/portal/mfa/challenge-infoGet Available MFA Methods
Returns information about which MFA methods are available for the pending login challenge. Response includes totp_enabled, voice_enabled, and passkey_enabled flags. Used by login UI to show appropriate MFA options.
Public
Single Sign-On (SSO)
OAuth2/OIDC-based single sign-on integration with enterprise identity providers including Google Workspace and Microsoft Entra ID (Azure AD).
GET
/v1/portal/sso/available-providersList Available SSO Providers
Returns a list of SSO providers configured for the current tenant. Response includes provider names and count. Used by login UI to display available SSO login buttons (e.g., 'Sign in with Google', 'Sign in with Microsoft').
Public
GET
/v1/portal/login/{provider}Initiate SSO Login
Initiates the OAuth2/OIDC authorization flow with the specified identity provider. Redirects the user to the provider's login page (Google, Microsoft). Accepts redirect_uri for post-login navigation.
Public
GET
/v1/portal/auth/{provider}SSO Callback Handler
OAuth2/OIDC callback endpoint that handles the authorization code returned by the identity provider. Exchanges code for tokens, creates or updates user account, and establishes session with cookies.
Public
API Key Management
Create and manage API keys for programmatic access. API keys can be scoped to specific platforms and have configurable expiration.
POST
/v1/portal/users/me/keysCreate API Key
Creates a new API key for programmatic access. The full key is only returned once at creation time - store it securely. Supports platform scoping and optional expiration date. Returns key prefix for identification.
Auth Required
GET
/v1/portal/users/me/keysList API Keys
Returns all API keys for the current user. Shows key prefix, created date, last used date, and associated platforms. Does not return the full key value for security.
Auth Required
DELETE
/v1/portal/users/me/keys/{key_id}Revoke API Key
Permanently revokes an API key, immediately invalidating all tokens issued using this key. Any applications using this key will immediately lose access. Cannot be undone.
Auth Required
User Management (Admin)
Administrative endpoints for managing users, roles, and permissions. Access varies based on role hierarchy.
GET
/v1/portal/admin/usersList Users
Returns all users based on the caller's role. Managers see users in their organization only. Superusers see all users across all organizations. Supports pagination and filtering by role, status, and organization.
Admin/Manager
POST
/v1/portal/admin/usersCreate User
Creates a new user with specified email, password, roles, and organization assignment. Optionally sends welcome email. Can assign initial platform access and security clearance level. Superuser only.
Admin/Superuser
GET
/v1/portal/admin/users/{user_id}Get User by ID
Returns detailed user information including profile, roles, permissions, MFA status, and activity history. Managers can only view users in their organization.
Admin/Manager
PUT
/v1/portal/admin/users/{user_id}Update User
Updates user details including roles, permissions, platform access, and security clearance. Can activate/deactivate users. Role changes take effect on next token refresh. Superuser only for cross-org changes.
Admin/Superuser
DELETE
/v1/portal/admin/users/{user_id}Delete User
Permanently deletes a user account and all associated data including API keys and sessions. This action is irreversible. Superuser only. Deleted users cannot be recovered.
Admin/Superuser
PATCH
/v1/users/{user_id}/permissionsUpdate User Permissions
Updates a user's granular permissions independent of their role-based permissions. Allows fine-tuning access control. Admin or superuser only. Returns updated permission set.
Admin/Superuser
Role & Permission Management
Define custom roles and granular permissions for fine-grained access control within organizations.
GET
/v1/rolesList Available Roles
Returns all roles available in the system including built-in roles (admin, manager, analyst, viewer) and custom roles defined for the organization. Includes permissions associated with each role.
Public
POST
/v1/rolesCreate Custom Role
Creates a new custom role with specified permissions. Custom roles extend the built-in role hierarchy. Superuser only. Role names must be unique within the organization.
Admin/Superuser
PUT
/v1/roles/{role_id}Update Role
Updates a custom role's name, description, or permissions. Changes affect all users with this role on their next token refresh. Cannot modify built-in roles. Superuser only.
Admin/Superuser
DELETE
/v1/roles/{role_id}Delete Custom Role
Deletes a custom role. Users with this role will lose associated permissions. Cannot delete roles currently assigned to users. Cannot delete built-in roles. Superuser only.
Admin/Superuser
Feature Flags
Control feature availability at tenant and user level for gradual rollouts and A/B testing.
GET
/v1/feature-flags/tenantGet Tenant Feature Flags
Returns all feature flags and their values for the current tenant. These are the base flags that apply to all users in the organization unless overridden at the user level.
Admin/Manager
PUT
/v1/feature-flags/tenantUpdate Tenant Feature Flags
Updates feature flags for the tenant. Changes apply to all users in the organization unless they have user-level overrides. Used to enable/disable features for the entire organization.
Admin/Manager
GET
/v1/feature-flags/user/{user_id}Get User Feature Flag Overrides
Returns user-specific feature flag overrides. These override tenant-level flags for individual users. Used for beta testing with specific users or providing premium features to select accounts.
Admin/Manager
PUT
/v1/feature-flags/user/{user_id}Update User Feature Flag Overrides
Sets user-specific feature flag overrides. Overrides can only be a subset of organization flags - cannot enable flags not available to the tenant. Returns updated user flags.
Admin/Manager
Multi-Tenant & Systems Integrator Management
Manage the multi-tenant hierarchy including Systems Integrators (SI) who resell and manage Argus deployments for their customers.
POST
/v1/systems-integratorsCreate Systems Integrator
Creates a new Systems Integrator organization that can manage multiple customer tenants. Knogin admin only. SI receives their own admin portal and can create/manage customer deployments.
Knogin Admin
GET
/v1/systems-integratorsList Systems Integrators
Returns all Systems Integrators in the platform. Knogin admin only. Includes metadata like customer count, subscription tier, and contact information.
Knogin Admin
GET
/v1/systems-integrators/{si_id}Get Systems Integrator Details
Returns detailed information about a specific Systems Integrator including their customers, usage statistics, and configuration. SI admins can only access their own SI.
SI Admin
GET
/v1/systems-integrators/{si_id}/customersList SI Customers
Returns all customer tenants managed by a Systems Integrator. SI admins can only view their own customers. Includes tenant status, user count, and feature enablement.
SI Admin
POST
/v1/systems-integrators/{si_id}/customersCreate Customer Tenant
Creates a new customer tenant under a Systems Integrator. The SI becomes the managing entity for billing and support. Configures initial features based on SI's subscription tier.
SI Admin
GET
/v1/tenants/{tenant_id}Get Tenant Details
Returns detailed information about a specific tenant including configuration, features, usage quotas, and billing status. SI admins can only access tenants they manage.
SI Admin
PUT
/v1/tenants/{tenant_id}Update Tenant
Updates tenant configuration including name, features, quotas, and metadata. Used to enable/disable features or adjust resource limits for a customer.
SI Admin
DELETE
/v1/tenants/{tenant_id}Delete/Archive Tenant
Archives or deletes a tenant and all associated data. Knogin admin only. Data is retained for 30 days before permanent deletion. Used when customer churns or during cleanup.
Knogin Admin
Utility & Configuration
Administrative configuration and utility endpoints.
GET
/v1/portal/admin/configGet Admin Configuration
Returns configuration data for the admin UI including available roles, permissions catalog, country list, supported platforms, and feature availability. Used to populate admin dashboard dropdowns and forms.
Admin/Manager
GET
/v1/portal/data/countriesGet Countries List
Returns a list of all countries with their regions/states for address forms. Includes ISO codes, names, and subdivisions. Public endpoint used by registration and profile forms.
Public
GET
/healthHealth Check
Simple health check endpoint that returns service status. Used by load balancers and monitoring systems. Returns status: healthy, service: auth_service.
Public
GET
/v1/platforms/supportedList Supported Platforms
Returns the list of platforms that can be specified when issuing tokens. Platforms represent different Argus products/modules that a user might access. Retrieved from Firestore configuration.
Public
GET
/audit/logsGet Audit Logs
Returns security audit logs for the authentication service. Includes login attempts, permission changes, and administrative actions. Administrator with audit permission required.
Administrator
API Service Endpoints
The API Service (api.knogin.com) is the core intelligence platform providing 130+ REST endpoints for investigations, cases, profiles, evidence, alerts, AI services, real-time communication, and more. All endpoints require authentication unless marked as public.
Health & System Capabilities
System health monitoring and capability discovery endpoints for integration and monitoring.
GET
/api/v1/healthComprehensive Health Check
Returns detailed health status of all system components including Neo4j graph database, PostgreSQL relational database, Redis cache, AI services (OpenAI, Anthropic, Google AI), and external integrations. Response includes latency metrics and connection status for each component. Used for operations monitoring and incident response.
Public
GET
/api/v1/health/simpleSimple Health Check
Lightweight health check returning minimal response for load balancers and orchestration systems (Kubernetes, Cloud Run). Returns 200 OK if service is running. Does not check downstream dependencies for faster response time.
Public
GET
/api/v1/health/db-checkDatabase Connectivity Check
Verifies connectivity to all database systems (Neo4j, PostgreSQL, Firestore). Returns individual status for each database. Used for deployment verification and troubleshooting connectivity issues.
Public
GET
/api/v1/health/connectivityExternal Service Connectivity
Checks connectivity to all external services including AI providers, OSINT data sources, storage systems, and notification services. Returns detailed status for each integration point.
Public
GET
/api/v1/capabilitiesSystem Capabilities
Returns comprehensive system capabilities for frontend configuration including supported domains, available intelligence providers, accepted file formats, API endpoints, enabled features, rate limits, and maximum file sizes. Essential for dynamic UI configuration.
Public
Intelligence Processing
AI-powered document processing for extracting entities, relationships, and intelligence from text, images, audio, and video files.
POST
/api/v1/intelligence/process-textProcess Text Document
Upload and process text, PDF, or DOCX files for investigation. Uses AI to extract entities (people, organizations, locations), relationships, events, and key intelligence from documents. Supports files up to 50MB. Results are stored and linked to the investigation.
Auth Required
POST
/api/v1/intelligence/process-text/base64Process Text Document (Base64)
Cloudflare-compatible endpoint for processing base64-encoded document files. Accepts JSON body with file_content, filename, and mime_type. Supports .txt, .pdf, and .docx formats. Ideal for serverless environments.
Auth Required
POST
/api/v1/process-image-fileProcess Image
Upload and process images for AI-powered visual analysis. Performs OCR text extraction, object detection, face detection, location identification, and scene classification. Supports JPEG, PNG, GIF, and WebP formats.
Auth Required
POST
/api/v1/process-image-file/base64Process Image (Base64)
Cloudflare-compatible endpoint for processing base64-encoded images. Returns extracted text, detected objects, faces, and identified locations. Ideal for serverless environments with request body size limits.
Auth Required
POST
/api/v1/process-audio-fileProcess Audio
Upload and process audio files for transcription and speaker identification. Uses advanced speech-to-text and speaker diarization. Supports MP3, WAV, OGG, and M4A formats up to 100MB.
Auth Required
POST
/api/v1/process-audio-file/base64Process Audio (Base64)
Cloudflare-compatible endpoint for processing base64-encoded audio. Returns full transcription with timestamps and speaker labels. Note: Large audio files should use direct upload endpoint.
Auth Required
POST
/api/v1/process-video-fileProcess Video
Upload and process video files for comprehensive analysis. Extracts audio transcription, detects faces across frames, identifies scenes and objects, and generates visual timeline. Supports MP4, MOV, AVI, WebM up to 500MB.
Auth Required
POST
/api/v1/process-video-file/base64Process Video (Base64)
Cloudflare-compatible endpoint for processing base64-encoded video. Limited to smaller files due to encoding overhead. For larger videos, use presigned URL upload.
Auth Required
Profile Management
Create, update, and enrich entity profiles with data from intelligence providers. Supports individual and batch operations.
POST
/api/v1/profilesCreate Profile
Creates a new entity profile (person, organization, vehicle, etc.). Accepts initial data and automatically validates/normalizes fields. Triggers background enrichment if auto_enrich is enabled.
Auth Required
GET
/api/v1/profiles/{profile_id}Get Profile
Returns complete profile data including all attributes, linked entities, timeline, and enrichment data. Supports field selection for performance optimization.
Auth Required
PUT
/api/v1/profiles/{profile_id}Update Profile
Updates profile fields. Supports partial updates. Maintains audit trail of all changes. Triggers re-enrichment if core identifying fields are modified.
Auth Required
DELETE
/api/v1/profiles/{profile_id}Delete Profile
Soft-deletes a profile and all linked data. Profile can be recovered within 30 days. Permanently deletes after retention period. Audit trail is preserved.
Auth Required
POST
/api/v1/profiles/{profile_id}/enrichEnrich Profile
Enriches a profile with data from intelligence providers. Optionally specify which providers to use (social, criminal, financial, etc.). Returns aggregated data including social media presence, public records, and open-source intelligence.
Auth Required
POST
/api/v1/batch/profilesBatch Get Profiles
Retrieves multiple profiles by ID in a single request. Maximum 100 profiles per request. Returns profiles in the same order as requested IDs. Missing profiles return null.
Auth Required
POST
/api/v1/batch/enrichBatch Enrich Profiles
Enriches multiple profiles in a single request. Maximum 10 profiles per request to manage provider rate limits. Returns individual success/failure status for each profile.
Auth Required
GET
/api/v1/profiles/searchSearch Profiles
Full-text search across all profile fields. Supports filters by type, status, date range, and custom fields. Returns paginated results with relevance scoring.
Auth Required
POST
/api/v1/profiles/linkLink Profiles
Creates a relationship between two profiles (e.g., 'works_for', 'related_to', 'owns'). Stores relationship metadata and evidence. Bidirectional relationships are created automatically.
Auth Required
DELETE
/api/v1/profiles/linkUnlink Profiles
Removes a relationship between two profiles. Maintains audit trail of the removal. Original relationship data is preserved for compliance.
Auth Required
Investigations & Cases
Manage investigations, cases, tasks, and the complete investigation lifecycle.
POST
/api/v1/investigationsCreate Investigation
Creates a new investigation workspace with title, description, and classification level. Automatically assigns the creator as lead investigator. Returns investigation ID for subsequent operations.
Auth Required
GET
/api/v1/investigations/{investigation_id}Get Investigation
Returns complete investigation details including metadata, team members, cases, profiles, files, and activity timeline. Supports field selection for large investigations.
Auth Required
PUT
/api/v1/investigations/{investigation_id}Update Investigation
Updates investigation metadata including title, description, status, and classification. Changes trigger notifications to team members. Audit logged.
Auth Required
DELETE
/api/v1/investigations/{investigation_id}Delete Investigation
Soft-deletes an investigation and all contained data. Requires confirmation for investigations with active cases. Data retained for compliance period.
Auth Required
GET
/api/v1/investigationsList Investigations
Returns investigations accessible to the current user. Supports filtering by status, date, team member, and search query. Paginated with sorting options.
Auth Required
POST
/api/v1/investigations/{investigation_id}/filesAdd Files to Investigation
Associates uploaded files with an investigation. Files are automatically queued for AI processing based on type. Triggers indexing for search.
Auth Required
Alerts & Monitors
Configure monitoring rules and manage alerts triggered by real-time data streams.
POST
/api/v1/alertsCreate Alert
Programmatically creates an alert. Typically alerts are created by monitors, but manual creation is supported for integrations. Requires title, severity, and at least one entity reference.
Auth Required
GET
/api/v1/alerts/{alert_id}Get Alert
Returns complete alert details including triggering data, matched entities, decision history, and linked investigations. Supports expansion of related entities.
Auth Required
PUT
/api/v1/alerts/{alert_id}Update Alert
Updates alert metadata or status. Status transitions are validated (e.g., cannot reopen a dismissed alert). All changes are audit logged with user and timestamp.
Auth Required
POST
/api/v1/alerts/{alert_id}/decideDecide Alert
Records a decision on an alert: escalate, investigate, dismiss, or false positive. Decision includes rationale and optional entity disposition. Closed alerts may trigger follow-up workflows.
Auth Required
GET
/api/v1/alertsList Alerts
Returns alerts matching filter criteria. Supports filtering by severity, status, monitor, date range, and entity. Paginated with configurable page size.
Auth Required
Alerts & Monitors
Configure monitoring rules and manage alerts triggered by real-time data streams.
POST
/api/v1/monitorsCreate Monitor
Creates a monitoring rule that triggers alerts based on data stream patterns. Supports complex conditions with entity matching, geographic bounds, temporal patterns, and threshold triggers.
Auth Required
GET
/api/v1/monitors/{monitor_id}Get Monitor
Returns monitor configuration and statistics including alert count, last trigger time, and performance metrics. Includes condition details and notification settings.
Auth Required
PUT
/api/v1/monitors/{monitor_id}Update Monitor
Updates monitor conditions, thresholds, or notification settings. Changes take effect immediately. Pausing a monitor stops new alerts but preserves history.
Auth Required
DELETE
/api/v1/monitors/{monitor_id}Delete Monitor
Permanently deletes a monitor. Associated alerts are preserved but marked as orphaned. Consider pausing instead for audit trail preservation.
Auth Required
GET
/api/v1/monitorsList Monitors
Returns all monitors for the current tenant. Supports filtering by status, type, and alert activity. Includes summary statistics for each monitor.
Auth Required
POST
/api/v1/ai/generate-monitor-specGenerate Monitor from Description
Uses AI to convert natural language descriptions into structured monitor specifications. Includes safety analysis, parameter extraction, and estimated alert volume. Helps non-technical users create complex monitors.
Auth Required
AI Services
Direct access to AI capabilities including text analysis, entity extraction, relationship mapping, and natural language processing.
POST
/api/v1/ai/analyze-textAnalyze Text with AI
Performs comprehensive AI analysis on text content. Extracts entities, relationships, events, sentiment, and key themes. Supports multiple languages with automatic detection.
Auth Required
POST
/api/v1/ai/generate-graphGenerate Graph from Text
Creates a knowledge graph from unstructured text. Identifies entities, infers relationships, and generates structured graph data suitable for visualization or Neo4j import.
Auth Required
POST
/api/v1/ai/summarizeSummarize Content
Generates concise summaries of long-form content. Supports multiple summary lengths and styles (executive, technical, bullet points). Preserves key entities and facts.
Auth Required
POST
/api/v1/ai/translateTranslate Content
Translates content between supported languages while preserving entity names and technical terms. Returns both translation and detected source language.
Auth Required
POST
/api/v1/ai/extract-entitiesExtract Named Entities
Extracts and classifies named entities from text. Returns entity spans, types, confidence scores, and resolved identifiers where available. Supports custom entity types.
Auth Required
File Management
Upload, download, and manage files with full RBAC enforcement and audit logging.
POST
/api/v1/filesUpload File
Uploads a file to secure storage. Automatically detects file type and queues for appropriate processing. Returns file ID and processing status. Supports chunked uploads for large files.
Auth Required
GET
/api/v1/files/{file_id}/downloadDownload File
Downloads a file with full RBAC enforcement and audit logging. Verifies user has access to the associated investigation/case. Supports range requests for large files. Returns file with appropriate content-type headers.
Auth Required
GET
/api/v1/files/{file_id}/streamStream File
Streams a file for progressive loading of large files. Supports HTTP range requests for seeking in audio/video files. More efficient than full download for large media files.
Auth Required
GET
/api/v1/files/{file_id}/presigned-urlGet Presigned URL
Generates a time-limited presigned URL for direct file access from Cloudflare R2 storage. URL expires after configurable duration (default 1 hour). Useful for embedding files in reports or sharing with external tools.
Auth Required
GET
/api/v1/admin/filesList All Files (Admin)
Returns all files in the system with metadata and access statistics. Admin or superuser only. Supports tenant filtering for multi-tenant deployments. Used for storage management and auditing.
Admin/Superuser
GET
/api/v1/admin/files/{file_id}/auditFile Audit Trail (Admin)
Returns complete audit trail for a specific file including all access events, downloads, and modifications. Admin or superuser only. Essential for chain of custody documentation.
Admin/Superuser
API Metadata & Documentation
Self-describing API endpoints for dynamic integration and documentation.
GET
/api/v1/docs/endpointsAPI Endpoint Documentation
Returns comprehensive documentation of all API endpoints including paths, methods, parameters, and response schemas. Used for generating client SDKs and integration documentation.
Public
GET
/api/v1/metadata/domainsDomain Metadata
Returns metadata about all available domains (entity types) including their properties, relationships, and UI configuration. Essential for building dynamic UIs that adapt to schema changes.
Public
GET
/api/v1/metadata/enumsEnum Metadata
Returns all enumeration types used in the API including status codes, priority levels, classification levels, and other categorical values. Used for populating dropdown menus.
Public
GET
/api/v1/metadata/providersProvider Metadata
Returns metadata about available OSINT and data providers including capabilities, rate limits, and required credentials. Used for configuring data source preferences.
Public
Audit & Compliance
Cryptographic audit trails with Merkle tree verification for tamper-evident logging.
GET
/api/v1/audit/anchor/latestGet Latest Merkle Anchor
Returns the most recent Merkle tree root hash anchoring the audit log. Used for cryptographic verification of log integrity. Anchor is periodically published to blockchain for immutability.
Public
GET
/api/v1/audit/anchor/proof/{entry_id}Get Inclusion Proof
Returns a Merkle inclusion proof for a specific audit entry. Proof can be independently verified against the published anchor. Essential for forensic chain of custody requirements.
Public
Mission Planning
AI-assisted mission planning and operational support.
POST
/api/v1/mission-plansGenerate Mission Plan
AI-assisted mission planning based on scenario description, target profiles, geographic constraints, and threat assessment. Returns structured plan with resource allocation, timeline, and contingencies.
Auth Required
PUT
/api/v1/mission-plans/{plan_id}Refine Mission Plan
Iteratively refines an existing mission plan based on new constraints or feedback. Maintains plan history for comparison. Supports partial updates to specific plan sections.
Auth Required
Case Management
Full case lifecycle management with workflow, assignments, templates, and timeline tracking.
POST
/api/v1/casesCreate Case
Creates a new case within an investigation. Accepts title, description, priority, status, and assigned user. Automatically generates a unique case number and creates initial timeline entry.
Auth Required
GET
/api/v1/cases/{case_id}Get Case
Returns complete case details including metadata, assigned users, linked profiles, tasks, notes, attachments, and full activity timeline. Supports field selection for performance.
Auth Required
PUT
/api/v1/cases/{case_id}Update Case
Updates case metadata including title, description, priority, status, due date, and custom fields. Changes are audit logged with user and timestamp.
Auth Required
DELETE
/api/v1/cases/{case_id}Delete Case
Soft-deletes a case and all associated data. Requires confirmation for cases with active tasks. Data retained for compliance period before permanent deletion.
Auth Required
GET
/api/v1/casesList Cases
Returns cases with filtering by investigation, status, priority, assignee, date range, and tags. Supports pagination, sorting, and full-text search across case content.
Auth Required
POST
/api/v1/cases/{case_id}/assignAssign Case
Assigns or reassigns a case to a user or team. Supports multiple assignees with primary/secondary designation. Triggers notification to assigned users.
Auth Required
POST
/api/v1/cases/{case_id}/statusUpdate Case Status
Updates case status with workflow validation. Status transitions are validated based on workflow rules. Triggers automated actions based on status (e.g., notifications, task creation).
Auth Required
POST
/api/v1/cases/{case_id}/link-profileLink Profile to Case
Associates an entity profile with a case. Specify the relationship type (subject, witness, victim, etc.) and relevance notes. Creates bidirectional link visible in both case and profile.
Auth Required
DELETE
/api/v1/cases/{case_id}/link-profile/{profile_id}Unlink Profile from Case
Removes the association between a profile and a case. Original link data is preserved in audit trail for compliance.
Auth Required
GET
/api/v1/cases/{case_id}/timelineGet Case Timeline
Returns the complete activity timeline for a case including status changes, assignments, profile links, task completions, and all modifications with timestamps and actors.
Auth Required
POST
/api/v1/cases/bulk-updateBulk Update Cases
Updates multiple cases in a single request. Supports updating status, priority, assignee, or tags. Maximum 100 cases per request. Returns individual success/failure for each case.
Auth Required
POST
/api/v1/cases/from-templateCreate Case from Template
Creates a new case using a predefined template. Template defines default tasks, checklists, fields, and workflow stages. Accepts overrides for template values.
Auth Required
Task Management
Create and manage tasks with assignments, checklists, dependencies, and progress tracking.
POST
/api/v1/tasksCreate Task
Creates a new task within a case. Accepts title, description, assignee, due date, priority, and optional checklist items. Supports parent task for subtask hierarchies.
Auth Required
GET
/api/v1/tasks/{task_id}Get Task
Returns complete task details including metadata, checklist items, subtasks, comments, attachments, and time tracking information.
Auth Required
PUT
/api/v1/tasks/{task_id}Update Task
Updates task fields including title, description, due date, priority, and progress. Supports partial updates. Changes are audit logged.
Auth Required
DELETE
/api/v1/tasks/{task_id}Delete Task
Deletes a task and optionally its subtasks. Completed tasks are archived rather than deleted. Audit trail is preserved.
Auth Required
GET
/api/v1/cases/{case_id}/tasksList Tasks by Case
Returns all tasks for a case with filtering by status, assignee, due date, and priority. Supports hierarchical view showing subtasks nested under parents.
Auth Required
POST
/api/v1/tasks/{task_id}/assignAssign Task
Assigns or reassigns a task to a user. Triggers notification to assigned user. Updates workload calculations for capacity planning.
Auth Required
POST
/api/v1/tasks/{task_id}/completeComplete Task
Marks a task as completed with optional completion notes. Validates all required checklist items are complete. Updates case progress metrics.
Auth Required
POST
/api/v1/tasks/{task_id}/checklistUpdate Task Checklist
Updates checklist items for a task. Add, remove, or toggle completion status of individual items. Supports reordering checklist items.
Auth Required
GET
/api/v1/tasks/my-tasksGet My Tasks
Returns all tasks assigned to the current user across all cases. Supports filtering by status, due date, and priority. Useful for personal task dashboard.
Auth Required
POST
/api/v1/tasks/bulk-updateBulk Update Tasks
Updates multiple tasks in a single request. Supports updating status, assignee, due date, or priority. Maximum 50 tasks per request.
Auth Required
Notes & Documentation
Investigative notes with rich text, threading, attachments, and visibility controls.
POST
/api/v1/notesCreate Note
Creates a new note attached to a case or investigation. Supports rich text content, mentions (@user), and classification levels. Automatically indexes content for search.
Auth Required
GET
/api/v1/notes/{note_id}Get Note
Returns note content with metadata, attachments, and thread replies. Respects visibility settings (public, team, private).
Auth Required
PUT
/api/v1/notes/{note_id}Update Note
Updates note content or metadata. Maintains version history for audit compliance. Only creator or admins can edit confidential notes.
Auth Required
DELETE
/api/v1/notes/{note_id}Delete Note
Soft-deletes a note. Content is retained for compliance period. Confidential notes require admin approval to delete.
Auth Required
GET
/api/v1/cases/{case_id}/notesList Notes by Case
Returns all notes for a case respecting visibility rules. Supports filtering by note type, author, and date range. Ordered by creation date by default.
Auth Required
POST
/api/v1/notes/{note_id}/attachmentsAdd Attachment to Note
Attaches a file to an existing note. File is automatically processed based on type. Maintains chain of custody for evidence-grade attachments.
Auth Required
POST
/api/v1/notes/{note_id}/replyReply to Note
Creates a threaded reply to an existing note. Supports @mentions to notify specific users. Maintains conversation context for collaboration.
Auth Required
Attachments & Files
Manage file attachments with processing, chain of custody, and integrity verification.
POST
/api/v1/attachmentsCreate Attachment
Uploads and attaches a file to a case, note, or task. Automatically detects file type and queues for appropriate AI processing. Computes integrity hash for evidence chain.
Auth Required
GET
/api/v1/attachments/{attachment_id}Get Attachment
Returns attachment metadata including file info, processing status, extracted content, and access history. Supports thumbnail and preview URLs for media files.
Auth Required
DELETE
/api/v1/attachments/{attachment_id}Delete Attachment
Soft-deletes an attachment. File remains in storage for compliance period. Evidence-grade attachments require approval workflow for deletion.
Auth Required
GET
/api/v1/cases/{case_id}/attachmentsList Attachments by Case
Returns all attachments for a case with filtering by file type, processing status, and upload date. Includes aggregate statistics (total size, file counts by type).
Auth Required
POST
/api/v1/attachments/{attachment_id}/processReprocess Attachment
Triggers reprocessing of an attachment with updated AI models or different processing options. Useful when new extraction capabilities become available.
Auth Required
GET
/api/v1/attachments/{attachment_id}/chain-of-custodyGet Attachment Chain of Custody
Returns the complete chain of custody log for an attachment including all access events, transfers, and modifications. Essential for legal admissibility.
Auth Required
Graph Analysis
Network analysis, pathfinding, centrality metrics, and community detection on the knowledge graph.
GET
/api/v1/graph/node/{node_id}Get Graph Node
Returns a single node from the knowledge graph with all properties and labels. Includes edge counts and sample relationships for context.
Auth Required
GET
/api/v1/graph/node/{node_id}/neighborsGet Node Neighbors
Returns all directly connected nodes within specified depth. Supports filtering by relationship type and node labels. Configurable depth limit (max 5) to prevent performance issues.
Auth Required
GET
/api/v1/graph/pathFind Path Between Nodes
Finds shortest path(s) between two nodes using Dijkstra or A* algorithms. Returns path nodes, relationships, and total weight. Supports weighted edges for intelligent routing.
Auth Required
POST
/api/v1/graph/subgraphGet Subgraph
Extracts a subgraph around specified seed nodes. Returns nodes and edges within specified hops. Useful for focused visualization of entity neighborhoods.
Auth Required
POST
/api/v1/graph/queryExecute Custom Cypher Query
Executes a read-only Cypher query against the graph database. Query is validated and sandboxed for security. Returns results in tabular or graph format. Admin only.
Auth Required
GET
/api/v1/graph/statisticsGet Graph Statistics
Returns aggregate statistics about the knowledge graph including node counts by label, edge counts by type, and graph density metrics.
Auth Required
POST
/api/v1/graph/centralityCalculate Centrality
Calculates centrality metrics (degree, betweenness, PageRank) for specified nodes or the entire graph. Used to identify key entities in a network.
Auth Required
POST
/api/v1/graph/community-detectionDetect Communities
Runs community detection algorithms (Louvain, Label Propagation) to identify clusters of related entities. Returns community assignments and modularity scores.
Auth Required
POST
/api/v1/graph/link-predictionPredict Links
Uses graph ML to predict likely but unobserved relationships between entities. Returns candidate links with confidence scores. Useful for investigation leads.
Auth Required
Geospatial Intelligence
Location-based queries, clustering, heatmaps, routing, and geographic timeline analysis.
POST
/api/v1/geo/searchGeospatial Search
Searches for entities with location data matching spatial criteria. Combines geographic bounds with entity filters (type, date, tags). Returns results with distance from reference point.
Auth Required
POST
/api/v1/geo/within-boundsEntities Within Bounds
Returns all entities with locations within a rectangular bounding box defined by northeast and southwest coordinates. Optimized for map viewport queries.
Auth Required
POST
/api/v1/geo/within-radiusEntities Within Radius
Returns all entities within a specified radius of a center point. Distance calculated using Haversine formula. Results include distance from center.
Auth Required
POST
/api/v1/geo/within-polygonEntities Within Polygon
Returns all entities with locations inside a GeoJSON polygon. Supports complex shapes with holes. Useful for jurisdiction-based filtering.
Auth Required
GET
/api/v1/geo/clustersGet Location Clusters
Returns clustered location data optimized for map display at different zoom levels. Uses spatial clustering algorithms to aggregate nearby points.
Auth Required
GET
/api/v1/geo/heatmapGet Heatmap Data
Returns density data for heatmap visualization. Aggregates entity locations into grid cells with count and weighted values. Configurable grid resolution.
Auth Required
POST
/api/v1/geo/routeCalculate Route
Calculates optimal route between locations considering real-world road networks. Returns polyline geometry, distance, estimated duration, and turn-by-turn directions.
Auth Required
GET
/api/v1/geo/timeline/{entity_id}Get Location Timeline
Returns chronological location history for an entity. Shows movement patterns over time. Useful for tracking investigations and pattern analysis.
Auth Required
POST
/api/v1/geo/geocodeGeocode Address
Converts a text address into geographic coordinates. Returns multiple candidates with confidence scores. Supports international addresses in multiple languages.
Auth Required
POST
/api/v1/geo/reverse-geocodeReverse Geocode
Converts coordinates into a human-readable address. Returns structured address components (street, city, country) and place name at various precision levels.
Auth Required
Dashboards & Visualization
Create customizable dashboards with charts, maps, metrics, and shared team views.
POST
/api/v1/dashboardsCreate Dashboard
Creates a new dashboard with title, description, and layout configuration. Dashboards can be personal or shared with teams. Returns dashboard ID for adding panels.
Auth Required
GET
/api/v1/dashboards/{dashboard_id}Get Dashboard
Returns dashboard configuration including all panels, layout, filters, and refresh settings. Optionally includes pre-calculated panel data for immediate rendering.
Auth Required
PUT
/api/v1/dashboards/{dashboard_id}Update Dashboard
Updates dashboard metadata or layout configuration. Supports panel reordering and resize. Triggers refresh for affected panels.
Auth Required
DELETE
/api/v1/dashboards/{dashboard_id}Delete Dashboard
Deletes a dashboard and all its panels. Shared dashboards require owner permission to delete. Starred dashboards show warning before deletion.
Auth Required
GET
/api/v1/dashboardsList Dashboards
Returns all dashboards accessible to the user including owned, shared, and team dashboards. Supports filtering by type and favorites.
Auth Required
POST
/api/v1/dashboards/{dashboard_id}/panelsAdd Panel to Dashboard
Adds a new panel (chart, table, metric, map) to a dashboard. Configures data source, query, visualization type, and position within layout.
Auth Required
PUT
/api/v1/dashboards/{dashboard_id}/panels/{panel_id}Update Panel
Updates panel configuration including query, visualization settings, and position. Changes trigger immediate data refresh.
Auth Required
DELETE
/api/v1/dashboards/{dashboard_id}/panels/{panel_id}Delete Panel
Removes a panel from a dashboard. Other panels automatically reflow to fill space based on layout mode.
Auth Required
POST
/api/v1/dashboards/{dashboard_id}/shareShare Dashboard
Shares a dashboard with specific users or teams. Configure view-only or edit permissions. Optionally generate public link for external sharing.
Auth Required
POST
/api/v1/dashboards/{dashboard_id}/cloneClone Dashboard
Creates a copy of a dashboard with all panels. Useful for creating variations or personal copies of team dashboards.
Auth Required
Reports & Exports
Generate professional reports, court packages, and data exports in multiple formats.
POST
/api/v1/reports/generateGenerate Report
Generates a report from a template or custom configuration. Supports multiple output formats (PDF, DOCX, HTML, XLSX). Returns report ID for status polling and download.
Auth Required
GET
/api/v1/reports/{report_id}Get Report
Returns report metadata including generation status, parameters used, and download links when complete. Large reports may take several minutes to generate.
Auth Required
GET
/api/v1/reports/{report_id}/downloadDownload Report
Downloads a generated report file. Supports range requests for large files. Access is logged for audit compliance.
Auth Required
GET
/api/v1/reportsList Reports
Returns all reports generated by the user or team. Supports filtering by template, date range, and status. Includes generation metadata and file size.
Auth Required
DELETE
/api/v1/reports/{report_id}Delete Report
Deletes a generated report file. Report metadata is retained for audit. Cannot delete reports marked for legal hold.
Auth Required
POST
/api/v1/exports/case/{case_id}Export Case
Exports a complete case package including all data, notes, attachments, and timeline. Supports redaction of sensitive fields. Returns download link when ready.
Auth Required
POST
/api/v1/exports/investigation/{investigation_id}Export Investigation
Exports an entire investigation with all cases, profiles, and evidence. Large investigations are processed asynchronously with progress notifications.
Auth Required
POST
/api/v1/exports/court-packageGenerate Court Package
Generates a court-ready evidence package with proper chain of custody documentation, exhibit numbering, and legal formatting. Includes integrity certificates.
Auth Required
GET
/api/v1/reports/templatesList Report Templates
Returns available report templates including built-in and custom templates. Templates define layout, data sources, and configurable parameters.
Auth Required
POST
/api/v1/reports/scheduleSchedule Report
Schedules automatic report generation on a recurring basis (daily, weekly, monthly). Reports are delivered via email or saved to specified location.
Auth Required
Search & Discovery
Global full-text search, semantic search, and advanced query capabilities across all data.
POST
/api/v1/searchGlobal Search
Full-text search across all accessible data including profiles, cases, notes, and documents. Returns ranked results with highlighted matches and type indicators.
Auth Required
POST
/api/v1/search/entitiesSearch Entities
Searches specifically within entity profiles with advanced filtering by type, attributes, and relationships. Supports fuzzy matching for names.
Auth Required
POST
/api/v1/search/documentsSearch Documents
Searches within document content including PDFs, Word files, and processed images. Returns relevant excerpts with match highlighting.
Auth Required
POST
/api/v1/search/advancedAdvanced Search
Structured search with complex boolean queries, field-specific filters, date ranges, and nested conditions. Supports saved queries for frequent searches.
Auth Required
POST
/api/v1/search/semanticSemantic Search
AI-powered semantic search that understands query intent. Finds conceptually related content even without exact keyword matches. Ideal for investigative queries.
Auth Required
GET
/api/v1/search/suggestionsGet Search Suggestions
Returns autocomplete suggestions as user types. Includes recent searches, popular queries, and matching entity names for quick navigation.
Auth Required
GET
/api/v1/search/historyGet Search History
Returns the user's recent search queries with timestamps. Supports clearing history or saving queries for reuse.
Auth Required
POST
/api/v1/search/saveSave Search
Saves a search query for quick access. Saved searches can be shared with team members. Optionally configure alerts when new results match.
Auth Required
Tags & Classification
Organize entities with tags for categorization, filtering, and cross-domain discovery.
POST
/api/v1/tagsCreate Tag
Creates a new tag with name, color, and optional description. Tags are scoped to the organization. Tag names must be unique within the organization.
Auth Required
GET
/api/v1/tagsList Tags
Returns all tags available in the organization with usage counts. Supports filtering by prefix for hierarchical tag structures.
Auth Required
PUT
/api/v1/tags/{tag_id}Update Tag
Updates tag properties including name, color, and description. Name changes are propagated to all tagged entities.
Auth Required
DELETE
/api/v1/tags/{tag_id}Delete Tag
Deletes a tag and removes it from all tagged entities. Cannot be undone. Consider merging into another tag instead.
Auth Required
POST
/api/v1/tags/applyApply Tags
Applies one or more tags to an entity (case, profile, note, etc.). Supports bulk tagging of multiple entities. Duplicate tags are ignored.
Auth Required
POST
/api/v1/tags/removeRemove Tags
Removes specified tags from an entity. Tag removal is logged for audit. Returns updated tag list for the entity.
Auth Required
GET
/api/v1/tags/{tag_id}/entitiesGet Entities by Tag
Returns all entities with a specific tag. Supports filtering by entity type. Useful for finding related items across different domains.
Auth Required
Comments & Collaboration
Threaded comments with mentions, reactions, and real-time collaboration features.
POST
/api/v1/commentsCreate Comment
Creates a comment on any entity (case, task, profile, etc.). Supports @mentions for notifications and rich text formatting. Returns created comment with ID.
Auth Required
GET
/api/v1/comments/{comment_id}Get Comment
Returns a single comment with metadata, replies, and reactions. Includes edit history if comment was modified.
Auth Required
PUT
/api/v1/comments/{comment_id}Update Comment
Updates comment content. Edit history is preserved. Only comment author or admins can edit. Notifications sent for @mention changes.
Auth Required
DELETE
/api/v1/comments/{comment_id}Delete Comment
Deletes a comment. Replies remain visible but show 'parent deleted'. Only author or admins can delete. Audit log preserved.
Auth Required
GET
/api/v1/{entity_type}/{entity_id}/commentsList Comments by Entity
Returns all comments for a specific entity. Supports threaded view with nested replies. Ordered by creation date with newest first by default.
Auth Required
POST
/api/v1/comments/{comment_id}/replyReply to Comment
Creates a threaded reply to an existing comment. Notifies parent comment author. Supports unlimited nesting depth.
Auth Required
POST
/api/v1/comments/{comment_id}/reactReact to Comment
Adds or removes a reaction emoji to a comment. Supports standard emoji set. Returns updated reaction counts.
Auth Required
Notifications & Preferences
Manage notifications across channels with customizable preferences and quiet hours.
GET
/api/v1/notificationsList Notifications
Returns all notifications for the current user. Supports filtering by read status, type, and date range. Ordered by creation time, newest first.
Auth Required
GET
/api/v1/notifications/unread-countGet Unread Count
Returns the count of unread notifications. Lightweight endpoint for badge display. Updates in real-time via WebSocket.
Auth Required
POST
/api/v1/notifications/{notification_id}/readMark Notification Read
Marks a single notification as read. Returns 204 No Content on success. Already-read notifications are silently ignored.
Auth Required
POST
/api/v1/notifications/mark-all-readMark All Notifications Read
Marks all notifications as read. Returns count of notifications updated. Useful for 'clear all' functionality.
Auth Required
DELETE
/api/v1/notifications/{notification_id}Delete Notification
Permanently deletes a notification. Cannot be undone. Consider marking as read instead for audit trail.
Auth Required
GET
/api/v1/notifications/preferencesGet Notification Preferences
Returns user's notification preferences including enabled channels (email, push, in-app), frequency settings, and quiet hours configuration.
Auth Required
PUT
/api/v1/notifications/preferencesUpdate Notification Preferences
Updates notification preferences. Configure which events trigger notifications and through which channels. Changes take effect immediately.
Auth Required
Teams & Collaboration
Team management with members, roles, permissions, and organizational hierarchies.
POST
/api/v1/teamsCreate Team
Creates a new team with name, description, and initial members. Team creator becomes the default owner. Teams can be nested for organizational hierarchy.
Admin/Manager
GET
/api/v1/teams/{team_id}Get Team
Returns team details including members, roles, and statistics. Includes aggregate metrics for team workload and performance.
Auth Required
PUT
/api/v1/teams/{team_id}Update Team
Updates team metadata including name, description, and settings. Only team owners or admins can modify team properties.
Admin/Manager
DELETE
/api/v1/teams/{team_id}Delete Team
Deletes a team. Members are not deleted but lose team-based permissions. Cases and resources assigned to team must be reassigned first.
Admin/Superuser
GET
/api/v1/teamsList Teams
Returns all teams the user can see. Includes teams they belong to and teams they manage. Supports filtering by parent team for hierarchy views.
Auth Required
POST
/api/v1/teams/{team_id}/membersAdd Team Member
Adds a user to a team with specified role (member, lead, owner). User receives notification and gains team-based permissions immediately.
Admin/Manager
DELETE
/api/v1/teams/{team_id}/members/{user_id}Remove Team Member
Removes a user from a team. User loses team-based permissions immediately. Cannot remove the last owner - transfer ownership first.
Admin/Manager
PUT
/api/v1/teams/{team_id}/members/{user_id}/roleUpdate Member Role
Changes a team member's role within the team. Role changes affect permissions immediately. Audit logged for compliance.
Admin/Manager
Watchlists & Screening
Monitor entities against watchlists with automatic matching and alert generation.
POST
/api/v1/watchlistsCreate Watchlist
Creates a new watchlist with name, description, and matching criteria. Watchlists can monitor for specific entity types or attribute patterns.
Auth Required
GET
/api/v1/watchlists/{watchlist_id}Get Watchlist
Returns watchlist configuration including entities, matching rules, and statistics. Shows recent match activity and alert settings.
Auth Required
PUT
/api/v1/watchlists/{watchlist_id}Update Watchlist
Updates watchlist configuration including name, rules, and notification settings. Changes to rules trigger reprocessing of recent data.
Auth Required
DELETE
/api/v1/watchlists/{watchlist_id}Delete Watchlist
Deletes a watchlist. Historical matches are preserved in audit log. Active alerts based on this watchlist are closed.
Auth Required
GET
/api/v1/watchlistsList Watchlists
Returns all watchlists accessible to the user. Includes personal watchlists and shared team watchlists. Shows match counts and last activity.
Auth Required
POST
/api/v1/watchlists/{watchlist_id}/entitiesAdd Entity to Watchlist
Adds a specific entity to a watchlist for monitoring. Optionally specify monitoring parameters and alert thresholds.
Auth Required
DELETE
/api/v1/watchlists/{watchlist_id}/entities/{entity_id}Remove Entity from Watchlist
Removes an entity from watchlist monitoring. Existing matches and alerts are preserved in history.
Auth Required
POST
/api/v1/watchlists/{watchlist_id}/checkCheck Against Watchlist
Checks if a given entity or data matches any criteria in the watchlist. Returns matching rules and similarity scores.
Auth Required
POST
/api/v1/watchlists/batch-checkBatch Check Watchlists
Checks multiple entities against all active watchlists in a single request. Efficient for bulk screening operations. Maximum 100 entities per request.
Auth Required
GET
/api/v1/watchlists/{watchlist_id}/matchesGet Watchlist Matches
Returns all matches for a watchlist with match details, timestamps, and disposition status. Supports filtering by date range and disposition.
Auth Required
Evidence Management
Court-admissible evidence tracking with chain of custody, integrity verification, and sealing.
POST
/api/v1/evidenceCreate Evidence Record
Creates a formal evidence record with chain of custody tracking. Computes cryptographic hash for integrity verification. Assigns unique evidence number.
Auth Required
GET
/api/v1/evidence/{evidence_id}Get Evidence
Returns evidence record with metadata, integrity status, and custody chain. Includes associated attachments and analysis results.
Auth Required
PUT
/api/v1/evidence/{evidence_id}Update Evidence
Updates evidence metadata. Content modifications trigger new hash computation and custody record. Sealed evidence cannot be modified.
Auth Required
GET
/api/v1/cases/{case_id}/evidenceList Evidence by Case
Returns all evidence items for a case. Supports filtering by type, status, and date. Ordered by collection date by default.
Auth Required
POST
/api/v1/evidence/{evidence_id}/custody-transferRecord Custody Transfer
Records a custody transfer from one custodian to another. Both parties must acknowledge transfer. Creates immutable custody record.
Auth Required
GET
/api/v1/evidence/{evidence_id}/chain-of-custodyGet Chain of Custody
Returns complete chain of custody history for evidence item. Shows every custody event with timestamps, custodians, and purposes.
Auth Required
POST
/api/v1/evidence/{evidence_id}/verify-integrityVerify Evidence Integrity
Verifies evidence integrity by recomputing hash and comparing to stored value. Returns verification result with detailed comparison.
Auth Required
POST
/api/v1/evidence/{evidence_id}/sealSeal Evidence
Seals evidence item preventing further modifications. Generates digital seal certificate. Sealed evidence can only be copied, not modified.
Auth Required
GET
/api/v1/evidence/{evidence_id}/audit-trailGet Evidence Audit Trail
Returns complete audit trail for evidence including all access events, views, downloads, and analysis activities. Essential for court admissibility.
Auth Required
OSINT & Data Enrichment
Query multiple intelligence providers for person, organization, phone, email, social, vehicle, domain, IP, and cryptocurrency intelligence.
GET
/api/v1/osint/providersList OSINT Providers
Returns all configured OSINT data providers with their capabilities, coverage areas, and current availability status.
Auth Required
GET
/api/v1/osint/providers/{provider_id}/statusGet Provider Status
Returns detailed status for a specific intelligence provider including API health, quota usage, and recent performance metrics.
Auth Required
POST
/api/v1/osint/search/personSearch Person
Searches across OSINT sources for information about a person. Accepts name, DOB, addresses, and identifiers. Aggregates results from multiple providers.
Auth Required
POST
/api/v1/osint/search/organizationSearch Organization
Searches for organization information including corporate records, officers, financial data, and regulatory filings across multiple databases.
Auth Required
POST
/api/v1/osint/search/phoneSearch Phone Number
Reverse phone lookup across carrier databases, social platforms, and public records. Returns owner information, carrier details, and linked accounts.
Auth Required
POST
/api/v1/osint/search/emailSearch Email Address
Email intelligence lookup returning breach exposure, social accounts, and identity verification. Supports bulk email validation.
Auth Required
POST
/api/v1/osint/search/socialSearch Social Media
Searches social media platforms for profiles matching criteria. Returns profile metadata, connections, and content samples where available.
Auth Required
POST
/api/v1/osint/search/vehicleSearch Vehicle
Vehicle lookup by VIN, plate number, or description. Returns registration history, owner information, and incident records from available databases.
Auth Required
POST
/api/v1/osint/search/domainSearch Domain
Domain intelligence including WHOIS history, DNS records, SSL certificates, and hosting information. Identifies related domains and infrastructure.
Auth Required
POST
/api/v1/osint/search/ipSearch IP Address
IP address intelligence including geolocation, ASN, reputation scores, and hosting details. Historical data available for tracking infrastructure changes.
Auth Required
POST
/api/v1/osint/search/cryptoSearch Cryptocurrency
Cryptocurrency address analysis including transaction history, cluster identification, and risk scoring. Supports Bitcoin, Ethereum, and major altcoins.
Auth Required
POST
/api/v1/osint/batch-enrichBatch Enrich
Enriches multiple entities with OSINT data in a single request. Queues requests across providers respecting rate limits. Returns job ID for status polling.
Auth Required
GET
/api/v1/osint/usageGet OSINT Usage
Returns OSINT query usage statistics for the organization including quota consumption by provider, remaining credits, and usage trends.
Auth Required
Templates & Automation
Reusable templates for cases, reports, and workflows to standardize processes.
POST
/api/v1/templates/caseCreate Case Template
Creates a reusable case template with predefined tasks, checklists, fields, and workflow stages. Templates standardize investigation processes.
Admin/Manager
GET
/api/v1/templates/caseList Case Templates
Returns all case templates available to the organization. Includes built-in and custom templates with usage statistics.
Auth Required
GET
/api/v1/templates/case/{template_id}Get Case Template
Returns complete case template configuration including all sections, tasks, and workflow definitions.
Auth Required
PUT
/api/v1/templates/case/{template_id}Update Case Template
Updates case template configuration. Changes do not affect existing cases created from the template.
Admin/Manager
DELETE
/api/v1/templates/case/{template_id}Delete Case Template
Deletes a case template. Template must not be referenced by active workflows. Historical usage statistics are preserved.
Admin/Superuser
POST
/api/v1/templates/reportCreate Report Template
Creates a report template with layout, sections, data bindings, and formatting rules. Templates generate consistent professional reports.
Admin/Manager
GET
/api/v1/templates/reportList Report Templates
Returns all report templates including system templates and custom organization templates. Shows template categories and required parameters.
Auth Required
POST
/api/v1/templates/workflowCreate Workflow Template
Creates an automation workflow template with triggers, conditions, and actions. Workflows automate repetitive investigation tasks.
Admin/Manager
GET
/api/v1/templates/workflowList Workflow Templates
Returns all workflow templates with execution statistics. Shows trigger conditions and action summaries.
Auth Required
Workflows & Automation
Automated workflows with triggers, conditions, and actions for investigation automation.
POST
/api/v1/workflowsCreate Workflow
Creates an automated workflow with defined triggers, conditions, and actions. Workflows execute automatically based on events or schedules.
Admin/Manager
GET
/api/v1/workflows/{workflow_id}Get Workflow
Returns workflow configuration including all steps, conditions, and execution history. Shows current status and performance metrics.
Auth Required
PUT
/api/v1/workflows/{workflow_id}Update Workflow
Updates workflow configuration. Active workflows continue running current executions; new triggers use updated configuration.
Admin/Manager
DELETE
/api/v1/workflows/{workflow_id}Delete Workflow
Deletes a workflow. Running executions complete but no new executions start. Execution history is preserved for audit.
Admin/Superuser
GET
/api/v1/workflowsList Workflows
Returns all workflows accessible to the user. Supports filtering by status, trigger type, and execution frequency.
Auth Required
POST
/api/v1/workflows/{workflow_id}/executeExecute Workflow
Manually triggers a workflow execution with provided input parameters. Returns execution ID for monitoring progress.
Auth Required
GET
/api/v1/workflows/{workflow_id}/executionsList Workflow Executions
Returns execution history for a workflow. Shows status, duration, and outputs for each run. Supports filtering by date and status.
Auth Required
POST
/api/v1/workflows/{workflow_id}/pausePause Workflow
Pauses an active workflow. Running executions complete but new triggers are queued. Useful for maintenance or investigation.
Auth Required
POST
/api/v1/workflows/{workflow_id}/resumeResume Workflow
Resumes a paused workflow. Queued triggers begin processing. Returns count of pending executions.
Auth Required
Real-Time Communication
WebSocket-based real-time messaging and collaboration endpoints.
POST
/api/v1/channelsCreate Channel
Creates a real-time messaging channel for team collaboration. Channels can be linked to cases or investigations. Returns channel ID for WebSocket subscription.
Auth Required
GET
/api/v1/channels/{channel_id}Get Channel
Returns channel details including members, recent activity, and configuration. Shows unread count for the requesting user.
Auth Required
GET
/api/v1/channelsList Channels
Returns all channels the user has access to. Includes direct messages, case channels, and team channels. Ordered by recent activity.
Auth Required
POST
/api/v1/channels/{channel_id}/messagesSend Message
Sends a message to a channel. Supports text, mentions, and attachments. Messages are delivered in real-time via WebSocket to connected clients.
Auth Required
GET
/api/v1/channels/{channel_id}/messagesGet Channel Messages
Returns message history for a channel. Supports pagination for loading older messages. Includes reactions and reply counts.
Auth Required
POST
/api/v1/channels/{channel_id}/membersAdd Channel Member
Adds a user to a channel. User receives notification and can see message history from join time. Channel owners can add members.
Auth Required
DELETE
/api/v1/channels/{channel_id}/members/{user_id}Remove Channel Member
Removes a user from a channel. User loses access to channel and future messages. Historical messages remain visible to other members.
Auth Required
GET
/api/v1/users/presenceGet User Presence
Returns online/offline status and last activity time for specified users or all team members. Updates in real-time via WebSocket.
Auth Required
GraphQL API
The primary GraphQL API (api.knogin.com/graphql) provides 100+ queries, 80+ mutations, and real-time subscriptions using the Strawberry GraphQL framework. GraphQL offers flexible data fetching, allowing clients to request exactly the data they need in a single request.
GraphQL Endpoint
GraphQL Endpoint
POST https://api.knogin.com/graphqlGraphQL Playground
GET https://api.knogin.com/graphqlInvestigations
Create, manage, and track investigations with full lifecycle support including team assignment, file management, and progress tracking.
Queries
getInvestigation(investigationId: ID!)getInvestigations(status: [Status], limit: Int, offset: Int)investigationTimeline(investigationId: ID!)investigationStatistics(investigationId: ID!)investigationTeam(investigationId: ID!)
Mutations
startNewInvestigation(input: CreateInvestigationInput!)updateInvestigation(investigationId: ID!, input: UpdateInvestigationInput!)deleteInvestigation(investigationId: ID!)addFilesToInvestigation(investigationId: ID!, fileIds: [ID!]!)assignInvestigationTeam(investigationId: ID!, userIds: [ID!]!)
Cases
Full case management with templates, workflows, status tracking, profile linking, and bulk operations for efficient case handling.
Queries
case(caseId: ID!)cases(investigationId: ID, status: [CaseStatus], priority: [Priority], limit: Int, offset: Int)caseByNumber(caseNumber: String!)caseTimeline(caseId: ID!)caseStatistics(caseId: ID!)myCases(status: [CaseStatus], limit: Int)caseTemplates(category: String)
Mutations
createCase(input: CreateCaseInput!)createCaseFromTemplate(templateId: ID!, input: CreateCaseInput!)updateCase(caseId: ID!, input: UpdateCaseInput!)deleteCase(caseId: ID!)assignCase(caseId: ID!, userId: ID!)updateCaseStatus(caseId: ID!, status: CaseStatus!)linkProfileToCase(caseId: ID!, profileId: ID!, role: ProfileRole!)bulkUpdateCases(caseIds: [ID!]!, input: BulkUpdateCaseInput!)
Tasks
Task management with assignments, checklists, dependencies, and progress tracking for structured investigation workflows.
Queries
task(taskId: ID!)tasks(caseId: ID!, status: [TaskStatus], assignee: ID)myTasks(status: [TaskStatus], dueDate: DateRange)taskChecklist(taskId: ID!)taskDependencies(taskId: ID!)
Mutations
createTask(input: CreateTaskInput!)updateTask(taskId: ID!, input: UpdateTaskInput!)deleteTask(taskId: ID!)assignTask(taskId: ID!, userId: ID!)completeTask(taskId: ID!, notes: String)updateTaskChecklist(taskId: ID!, items: [ChecklistItemInput!]!)bulkUpdateTasks(taskIds: [ID!]!, input: BulkUpdateTaskInput!)
Notes & Attachments
Investigative notes with rich text, threading, and file attachments. Full chain of custody tracking for evidence-grade files.
Queries
note(noteId: ID!)notes(caseId: ID!, type: NoteType, visibility: Visibility)attachment(attachmentId: ID!)attachments(caseId: ID!, fileType: String)attachmentChainOfCustody(attachmentId: ID!)
Mutations
createNote(input: CreateNoteInput!)updateNote(noteId: ID!, input: UpdateNoteInput!)deleteNote(noteId: ID!)replyToNote(parentNoteId: ID!, content: String!)createAttachment(input: CreateAttachmentInput!)deleteAttachment(attachmentId: ID!)reprocessAttachment(attachmentId: ID!)
Profiles & Entities
Entity profile management for persons, organizations, and other entities with OSINT enrichment and relationship mapping.
Queries
getProfile(profileId: ID!)listProfiles(type: ProfileType, tags: [String], limit: Int, offset: Int)searchProfiles(query: String!, filters: ProfileFilters)getPerson(personId: ID!)listPersons(filters: PersonFilters)getOrganization(orgId: ID!)listOrganizations(filters: OrgFilters)getEntity(entityId: ID!)searchEntities(query: String!, entityTypes: [EntityType])profileRelationships(profileId: ID!, depth: Int)
Mutations
createProfile(input: CreateProfileInput!)updateProfile(profileId: ID!, input: UpdateProfileInput!)deleteProfile(profileId: ID!)enrichProfile(profileId: ID!, providers: [String])batchEnrichProfiles(profileIds: [ID!]!, providers: [String])linkProfiles(sourceId: ID!, targetId: ID!, relationType: String!)unlinkProfiles(sourceId: ID!, targetId: ID!)mergeProfiles(sourceIds: [ID!]!, targetId: ID!)
Alerts & Monitors
Real-time alerting system with configurable monitors, severity levels, and decision workflows for threat detection.
Queries
getAlertById(alertId: ID!)listAlerts(severity: [Severity], status: [AlertStatus], limit: Int)alertsByMonitor(monitorId: ID!, dateRange: DateRange)alertStatistics(dateRange: DateRange)getMonitor(monitorId: ID!)listMonitors(status: MonitorStatus, type: MonitorType)monitorPerformance(monitorId: ID!)
Mutations
createAlert(input: CreateAlertInput!)updateAlert(alertId: ID!, input: UpdateAlertInput!)decideAlert(alertId: ID!, decision: AlertDecision!, notes: String)bulkDecideAlerts(alertIds: [ID!]!, decision: AlertDecision!)createMonitor(input: CreateMonitorInput!)updateMonitor(monitorId: ID!, input: UpdateMonitorInput!)deleteMonitor(monitorId: ID!)pauseMonitor(monitorId: ID!)resumeMonitor(monitorId: ID!)
Graph Analysis
Knowledge graph operations including pathfinding, centrality analysis, community detection, and link prediction for network intelligence.
Queries
graphNode(nodeId: ID!)graphNeighbors(nodeId: ID!, depth: Int, relationTypes: [String])findPath(sourceId: ID!, targetId: ID!, maxDepth: Int)shortestPath(sourceId: ID!, targetId: ID!)subgraph(seedIds: [ID!]!, depth: Int)graphStatistics(investigationId: ID)centrality(nodeIds: [ID!]!, algorithm: CentralityAlgorithm)communities(investigationId: ID!, algorithm: CommunityAlgorithm)linkPrediction(nodeId: ID!, limit: Int)
Mutations
createGraphNode(input: CreateNodeInput!)updateGraphNode(nodeId: ID!, input: UpdateNodeInput!)deleteGraphNode(nodeId: ID!)createGraphEdge(input: CreateEdgeInput!)updateGraphEdge(edgeId: ID!, input: UpdateEdgeInput!)deleteGraphEdge(edgeId: ID!)mergeNodes(sourceIds: [ID!]!, targetId: ID!)
Geospatial Intelligence
Location-based queries, clustering, heatmaps, geofencing, and timeline analysis for geographic intelligence operations.
Queries
getLocation(locationId: ID!)listLocations(bounds: BoundingBox, entityType: EntityType)entitiesWithinBounds(bounds: BoundingBox!, filters: GeoFilters)entitiesWithinRadius(center: LatLng!, radiusKm: Float!)entitiesWithinPolygon(polygon: GeoJSONPolygon!)locationClusters(bounds: BoundingBox!, zoomLevel: Int!)heatmapData(bounds: BoundingBox!, resolution: Int)locationTimeline(entityId: ID!, dateRange: DateRange)geocode(address: String!)reverseGeocode(coordinates: LatLng!)
Mutations
createLocation(input: CreateLocationInput!)updateLocation(locationId: ID!, input: UpdateLocationInput!)deleteLocation(locationId: ID!)linkLocationToEntity(locationId: ID!, entityId: ID!)createGeofence(input: CreateGeofenceInput!)updateGeofence(geofenceId: ID!, input: UpdateGeofenceInput!)
Dashboards & Visualization
Create and manage customizable dashboards with panels, charts, and real-time metrics for operational awareness.
Queries
getDashboard(dashboardId: ID!)listDashboards(type: DashboardType, shared: Boolean)getDashboardMetrics(dashboardId: ID!)panelData(panelId: ID!, dateRange: DateRange)dashboardTemplates(category: String)
Mutations
createDashboard(input: CreateDashboardInput!)updateDashboard(dashboardId: ID!, input: UpdateDashboardInput!)deleteDashboard(dashboardId: ID!)addPanelToDashboard(dashboardId: ID!, input: PanelInput!)updatePanel(panelId: ID!, input: UpdatePanelInput!)deletePanel(panelId: ID!)shareDashboard(dashboardId: ID!, userIds: [ID!]!)cloneDashboard(dashboardId: ID!, newName: String!)
Search & Discovery
Global search with semantic capabilities, advanced filters, and saved queries for rapid intelligence discovery.
Queries
globalSearch(query: String!, limit: Int, offset: Int)semanticSearch(query: String!, entityTypes: [EntityType])advancedSearch(input: AdvancedSearchInput!)searchSuggestions(prefix: String!, limit: Int)searchHistory(limit: Int)savedSearches
Mutations
saveSearch(input: SaveSearchInput!)deleteSavedSearch(searchId: ID!)clearSearchHistory
Evidence Management
Court-admissible evidence tracking with chain of custody, integrity verification, and sealing for legal proceedings.
Queries
evidence(evidenceId: ID!)evidenceByCase(caseId: ID!, type: EvidenceType)evidenceChainOfCustody(evidenceId: ID!)verifyEvidenceIntegrity(evidenceId: ID!)evidenceAuditTrail(evidenceId: ID!)
Mutations
createEvidence(input: CreateEvidenceInput!)updateEvidence(evidenceId: ID!, input: UpdateEvidenceInput!)recordCustodyTransfer(evidenceId: ID!, input: CustodyTransferInput!)sealEvidence(evidenceId: ID!)linkEvidenceToCase(evidenceId: ID!, caseId: ID!)
OSINT & Enrichment
Open source intelligence queries across multiple providers for person, organization, phone, email, social media, vehicle, domain, IP, and cryptocurrency data.
Queries
osintProvidersosintProviderStatus(providerId: ID!)osintUsage(dateRange: DateRange)
Mutations
searchPerson(input: PersonSearchInput!)searchOrganization(input: OrgSearchInput!)searchPhone(phoneNumber: String!, providers: [String])searchEmail(email: String!, providers: [String])searchSocialMedia(input: SocialSearchInput!)searchVehicle(input: VehicleSearchInput!)searchDomain(domain: String!)searchIP(ipAddress: String!)searchCrypto(address: String!, blockchain: String!)batchEnrich(entityIds: [ID!]!, providers: [String])
Teams & Users
Team management with member roles, permissions, and hierarchies for collaborative investigation operations.
Queries
team(teamId: ID!)teams(parentId: ID)teamMembers(teamId: ID!)myTeamsuser(userId: ID!)users(role: Role, status: UserStatus)currentUser
Mutations
createTeam(input: CreateTeamInput!)updateTeam(teamId: ID!, input: UpdateTeamInput!)deleteTeam(teamId: ID!)addTeamMember(teamId: ID!, userId: ID!, role: TeamRole!)removeTeamMember(teamId: ID!, userId: ID!)updateTeamMemberRole(teamId: ID!, userId: ID!, role: TeamRole!)
Workflows & Automation
Automated workflows with triggers, conditions, and actions for streamlined investigation processes.
Queries
workflow(workflowId: ID!)workflows(status: WorkflowStatus, trigger: TriggerType)workflowExecutions(workflowId: ID!, status: ExecutionStatus)workflowExecution(executionId: ID!)workflowTemplates(category: String)
Mutations
createWorkflow(input: CreateWorkflowInput!)updateWorkflow(workflowId: ID!, input: UpdateWorkflowInput!)deleteWorkflow(workflowId: ID!)executeWorkflow(workflowId: ID!, input: JSON)pauseWorkflow(workflowId: ID!)resumeWorkflow(workflowId: ID!)cancelExecution(executionId: ID!)
AI Services
AI-powered text analysis, entity extraction, summarization, translation, and document processing capabilities.
Queries
aiProcessingStatus(jobId: ID!)aiProcessingHistory(entityId: ID!)aiCapabilities
Mutations
analyzeText(text: String!, options: AnalysisOptions)extractEntities(text: String!, entityTypes: [EntityType])generateSummary(text: String!, style: SummaryStyle)translateText(text: String!, targetLanguage: String!)generateGraph(text: String!)processDocument(fileId: ID!, options: ProcessingOptions)processImage(fileId: ID!, options: ImageProcessingOptions)processAudio(fileId: ID!, options: AudioProcessingOptions)processVideo(fileId: ID!, options: VideoProcessingOptions)
Notifications & Comments
Real-time notifications with preferences, threaded comments, mentions, and reactions for team collaboration.
Queries
notifications(status: NotificationStatus, limit: Int)unreadNotificationCountnotificationPreferencescomments(entityId: ID!, entityType: EntityType)comment(commentId: ID!)
Mutations
markNotificationRead(notificationId: ID!)markAllNotificationsReadupdateNotificationPreferences(input: NotificationPreferencesInput!)createComment(input: CreateCommentInput!)updateComment(commentId: ID!, content: String!)deleteComment(commentId: ID!)replyToComment(parentId: ID!, content: String!)reactToComment(commentId: ID!, reaction: String!)
Real-Time Subscriptions
Subscribe to real-time updates via WebSocket for live data streaming across all domains.
Alerts
alertStreamalertUpdates(alertId: ID!)monitorAlerts(monitorId: ID!)
Investigations
investigationProgress(investigationId: ID!)caseUpdates(caseId: ID!)taskUpdates(caseId: ID!)
Dashboards
dashboardUpdates(dashboardId: ID!)panelData(panelId: ID!)metricsStream(dashboardId: ID!)
Collaboration
channelMessages(channelId: ID!)userPresence(userIds: [ID!]!)typingIndicator(channelId: ID!)
Processing
processingProgress(jobId: ID!)enrichmentProgress(profileId: ID!)workflowExecution(executionId: ID!)
Notifications
notificationStreammentionStreamsystemAnnouncements
Example: Query Investigation with Cases
query GetInvestigationWithCases($investigationId: ID!) {
getInvestigation(investigationId: $investigationId) {
id
title
status
createdAt
profiles {
id
name
type
riskScore
}
}
cases(investigationId: $investigationId) {
id
title
status
priority
assignedTo {
id
displayName
}
tasks {
id
title
status
dueDate
}
}
}Example: Create Alert Mutation
mutation CreateAlert($input: CreateAlertInput!) {
createAlert(input: $input) {
id
title
severity
confidence
createdAt
entities {
id
name
type
}
}
}
# Variables
{
"input": {
"title": "Suspicious Activity Detected",
"summary": "Multiple failed login attempts from unusual location",
"severity": "HIGH",
"confidence": 0.85,
"entities": ["entity-123"],
"monitorId": "monitor-456"
}
}WebSocket & Real-Time
Real-time communication via WebSocket for live updates, GraphQL subscriptions, and collaboration features.
WebSocket Endpoints
WS
wss://api.knogin.com/graphqlGraphQL Subscriptions
WebSocket endpoint for GraphQL subscriptions using the graphql-ws protocol. Supports all subscription operations including alert streams, investigation updates, and real-time collaboration.
Auth Required
WS
wss://api.knogin.com/wsGeneral Event Stream
WebSocket endpoint for general real-time event streaming including investigation updates, system notifications, and user presence. Supports channel-based subscriptions.
Auth Required
Subscription Example
subscription AlertStream {
alertStream {
id
title
severity
confidence
createdAt
entities {
id
name
}
locations {
latitude
longitude
}
}
}Response Formats
Standard response structures used across the API.
Success Response
{
"success": true,
"data": { ... },
"message": "Operation completed successfully",
"timestamp": "2024-01-15T10:30:00Z",
"request_id": "req_abc123"
}Error Response
{
"error": "VALIDATION_ERROR",
"message": "Invalid input parameters",
"code": "ERR_VALIDATION_001",
"details": {
"field": "email",
"reason": "Invalid email format"
},
"timestamp": "2024-01-15T10:30:00Z"
}HTTP Status Codes
Common status codes returned by the API.
- 200OK - Request succeeded
- 201Created - Resource created
- 204No Content - Success with no body
- 400Bad Request - Invalid parameters
- 401Unauthorized - Authentication required
- 403Forbidden - Access denied
- 404Not Found - Resource not found
- 422Unprocessable Entity - Validation error
- 429Too Many Requests - Rate limited
- 500Internal Server Error
Rate Limits
API rate limits to ensure fair usage and system stability.
- Standard Endpoints1000 requests per minute
- Authentication Endpoints5 requests per minute (login, MFA verification)
- Batch Operations100 profiles per batch request, 10 for enrichment
- File Uploads50MB maximum file size
- AI ProcessingSubject to token limits per organization tier