Get structured threat model board - Cotool Documentation

cURL

curl -X GET "https://app.cotool.ai/api/threat-model/board" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json"

{
  "generatedAt": "<string>",
  "documentGeneratedAt": "<string>",
  "surfaces": [
    {
      "label": "<string>",
      "active": true,
      "description": "<string>",
      "tileSubheadline": "<string>",
      "environment": {
        "summary": "<string>",
        "components": [
          {
            "name": "<string>",
            "detail": "<string>"
          }
        ]
      },
      "observable": [
        "<string>"
      ],
      "gaps": [
        "<string>"
      ],
      "sources": [
        {
          "toolType": "<string>",
          "name": "<string>",
          "containsNote": "<string>"
        }
      ],
      "agents": [
        {
          "id": "<string>",
          "name": "<string>",
          "hits30d": 123,
          "runs30d": 123
        }
      ],
      "ruleCounts": [
        {
          "platform": "<string>",
          "enabledCount": 123,
          "disabledCount": 123,
          "unknownCount": 123
        }
      ]
    }
  ],
  "agents": [
    {
      "id": "<string>",
      "name": "<string>",
      "hits30d": 123,
      "runs30d": 123
    }
  ],
  "totals": {
    "ruleCounts": [
      {
        "platform": "<string>",
        "enabledCount": 123,
        "disabledCount": 123,
        "unknownCount": 123
      }
    ]
  }
}

GET

api

threat-model

board

cURL

curl -X GET "https://app.cotool.ai/api/threat-model/board" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json"

{
  "generatedAt": "<string>",
  "documentGeneratedAt": "<string>",
  "surfaces": [
    {
      "label": "<string>",
      "active": true,
      "description": "<string>",
      "tileSubheadline": "<string>",
      "environment": {
        "summary": "<string>",
        "components": [
          {
            "name": "<string>",
            "detail": "<string>"
          }
        ]
      },
      "observable": [
        "<string>"
      ],
      "gaps": [
        "<string>"
      ],
      "sources": [
        {
          "toolType": "<string>",
          "name": "<string>",
          "containsNote": "<string>"
        }
      ],
      "agents": [
        {
          "id": "<string>",
          "name": "<string>",
          "hits30d": 123,
          "runs30d": 123
        }
      ],
      "ruleCounts": [
        {
          "platform": "<string>",
          "enabledCount": 123,
          "disabledCount": 123,
          "unknownCount": 123
        }
      ]
    }
  ],
  "agents": [
    {
      "id": "<string>",
      "name": "<string>",
      "hits30d": 123,
      "runs30d": 123
    }
  ],
  "totals": {
    "ruleCounts": [
      {
        "platform": "<string>",
        "enabledCount": 123,
        "disabledCount": 123,
        "unknownCount": 123
      }
    ]
  }
}

Authorizations

Authorization

string

header

required

API Key authentication for programmatic access. Include your API key in the Authorization header as: Bearer your_api_key_here

Response

Successful response

generatedAt

string | null

required

ISO timestamp of the board projection, or null.

documentGeneratedAt

string | null

required

ISO timestamp of the underlying threat-model document version, or null.

surfaces

object[]

required

All fixed surfaces, ordered, with live overlay.

Show child attributes

agents

object[]

required

ALL detection agents in the org (authoritative; includes agents not assigned to any surface).

Show child attributes

totals

object

required

Org-level detection totals for the summary hero.

Show child attributes

Update threat model

List detection rules

⌘I