> ## Documentation Index > Fetch the complete documentation index at: https://docs.cotool.ai/llms.txt > Use this file to discover all available pages before exploring further. # Get structured threat model board > Get the structured per-surface board (lean generated layer + live source/detection overlay). ## OpenAPI ````yaml https://app.cotool.ai/api/docs/openapi.json get /api/threat-model/board openapi: 3.1.0 info: title: Cotool API version: 1.0.0 description: >- # Cotool API Documentation The Cotool API allows you to interact with the Cotool platform programmatically, enabling you to build powerful integrations and automate your workflows. ## Getting an API Key Follow these steps to generate your API key: 1. **Log in** to the Cotool web interface 2. **Navigate** to `/settings/api-keys` 3. **Click** "Generate Key" 4. **Copy and store** your API key securely ⚠️ *It won't be shown again* ## API Key Authentication For programmatic access and integrations, use your API key with the Authorization header: ```http Authorization: Bearer your_api_key_here ``` ```bash curl -X GET "https://app.cotool.ai/api/endpoint" \ -H "Authorization: Bearer your_api_key_here" \ -H "Content-Type: application/json" ``` servers: - url: https://app.cotool.ai description: Production server security: - ApiKeyAuth: [] paths: /api/threat-model/board: get: tags: - ThreatModel summary: Get structured threat model board description: >- Get the structured per-surface board (lean generated layer + live source/detection overlay). responses: '200': description: Successful response content: application/json: schema: type: object properties: generatedAt: type: - string - 'null' description: ISO timestamp of the board projection, or null. documentGeneratedAt: type: - string - 'null' description: >- ISO timestamp of the underlying threat-model document version, or null. coverageRefreshPending: type: boolean description: >- Whether async inventory or surface classification updates are still refreshing coverage overlays. presentPlatforms: type: array items: type: string description: >- ATT&CK platforms the org runs (passthrough from the board projection); used to hide techniques for absent platforms. surfaces: type: array items: type: object properties: id: type: string enum: - identity - cloud - endpoint - saas - email - network - source-code - application label: type: string active: type: boolean description: type: string tileSubheadline: type: string environment: type: object properties: summary: type: string components: type: array items: type: object properties: name: type: string description: >- A concrete thing on this surface, e.g. "Okta (acme.okta.com)". detail: type: string description: >- One-line characterization of that component. required: - name - detail required: - summary - components observable: type: array items: type: string gaps: type: array items: type: string sources: type: array items: type: object properties: toolType: type: string name: type: string status: type: string enum: - connected - not_connected containsNote: type: string required: - toolType - name - status - containsNote agents: type: array items: type: object properties: id: type: string name: type: string hits30d: type: integer runs30d: type: integer required: - id - name - hits30d - runs30d ruleCounts: type: array items: type: object properties: platform: type: string enabledCount: type: integer disabledCount: type: integer unknownCount: type: integer required: - platform - enabledCount - disabledCount - unknownCount required: - id - label - active - description - tileSubheadline - environment - observable - gaps - sources - agents - ruleCounts description: All fixed surfaces, ordered, with live overlay. agents: type: array items: type: object properties: id: type: string name: type: string hits30d: type: integer runs30d: type: integer required: - id - name - hits30d - runs30d description: >- ALL detection agents in the org (authoritative; includes agents not assigned to any surface). totals: type: object properties: ruleCounts: type: array items: type: object properties: platform: type: string enabledCount: type: integer disabledCount: type: integer unknownCount: type: integer required: - platform - enabledCount - disabledCount - unknownCount required: - ruleCounts description: Org-level detection totals for the summary hero. required: - generatedAt - documentGeneratedAt - presentPlatforms - surfaces - agents - totals '400': description: Bad request — input validation failed or the request was malformed content: application/json: schema: $ref: '#/components/schemas/ValidationError' '401': description: Unauthorized — missing or invalid API key / session content: application/json: schema: $ref: '#/components/schemas/Error' '403': description: Forbidden — the authenticated user lacks the required permissions content: application/json: schema: $ref: '#/components/schemas/PermissionError' '500': description: Internal server error content: application/json: schema: $ref: '#/components/schemas/Error' x-codeSamples: - lang: shell label: cURL source: |- curl -X GET "https://app.cotool.ai/api/threat-model/board" \ -H "Authorization: Bearer YOUR_API_KEY" \ -H "Content-Type: application/json" components: schemas: ValidationError: type: object properties: error: type: string description: Error message describing what went wrong issues: type: array description: >- Detailed validation issues, present when request or response schema validation fails items: type: object additionalProperties: true required: - error Error: type: object properties: error: type: string description: Error message describing what went wrong required: - error PermissionError: type: object properties: error: type: string description: Error message describing what went wrong missingPerms: type: array description: Permissions the authenticated user is missing for this operation items: type: string required: - error securitySchemes: ApiKeyAuth: type: http scheme: bearer bearerFormat: API Key description: >- API Key authentication for programmatic access. Include your API key in the Authorization header as: `Bearer your_api_key_here` ````