{"openapi":"3.1.0","info":{"title":"QorBOM™ Partner API","summary":"Cryptographic Bill of Materials platform — partner-tenant API.","version":"0.1.0","description":"QorBOM™ is the white-label platform that powers Cryptographic Bill of Materials (CBOM) scans for audit firms, MSSPs, and consultancies. Every endpoint requires a Bearer API key issued to your partner-tenant account. Apply for early access at https://qorbom.com/become-a-partner. QorBOM™ is a trademark of QorTrace.","contact":{"name":"QorBOM™ Partner Engineering","email":"partners@qortrace.com","url":"https://qorbom.com/become-a-partner"},"license":{"name":"Commercial — partner terms","url":"https://qortrace.com/legal/terms"}},"servers":[{"url":"https://api.qorbom.com","description":"Production"},{"url":"https://qortrace.com","description":"Sandbox (during early-access cohort)"}],"tags":[{"name":"scans","description":"Submit and retrieve CBOM scans."},{"name":"health","description":"Service availability."}],"components":{"schemas":{"HTTPValidationError":{"properties":{"detail":{"items":{"$ref":"#/components/schemas/ValidationError"},"type":"array","title":"Detail"}},"type":"object","title":"HTTPValidationError"},"CbomScanCreateResp":{"properties":{"id":{"type":"string","title":"Id"},"status":{"type":"string","title":"Status"},"tenant_id":{"type":"string","title":"Tenant Id"},"tenant_kind":{"type":"string","title":"Tenant Kind"},"methodology_version":{"type":"string","title":"Methodology Version"}},"type":"object","required":["id","status","tenant_id","tenant_kind","methodology_version"],"title":"CbomScanCreateResp"},"ValidationError":{"properties":{"loc":{"items":{"anyOf":[{"type":"string"},{"type":"integer"}]},"type":"array","title":"Location"},"msg":{"type":"string","title":"Message"},"type":{"type":"string","title":"Error Type"}},"type":"object","required":["loc","msg","type"],"title":"ValidationError"},"CbomScanCreateReq":{"properties":{"repo_url":{"type":"string","maxLength":400,"minLength":8,"title":"Repo Url","description":"Public GitHub repo URL"},"project_name":{"anyOf":[{"type":"string","maxLength":120},{"type":"null"}],"title":"Project Name"},"project_version":{"anyOf":[{"type":"string","maxLength":60},{"type":"null"}],"title":"Project Version","default":"1.0.0"}},"type":"object","required":["repo_url"],"title":"CbomScanCreateReq"}},"securitySchemes":{"ApiKeyBearer":{"type":"http","scheme":"bearer","bearerFormat":"QorBOM™ API Key","description":"Issue a key from `POST /api/admin/qorbom/tenants/{id}/keys` (admin-side). Format: `qb_{live|test}_{16ch_lookup}_{32ch_secret}`. The plaintext secret is shown ONCE during creation — store it in your secrets manager immediately."}}},"security":[{"ApiKeyBearer":[]}],"paths":{"/api/v1/cbom/health":{"get":{"tags":["cbom-platform-api"],"summary":"Cbom Api Health","operationId":"cbom_api_health_api_v1_cbom_health_get","responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"additionalProperties":true,"type":"object","title":"Response Cbom Api Health Api V1 Cbom Health Get"}}}}}}},"/api/v1/cbom/scans":{"post":{"tags":["cbom-platform-api"],"summary":"Create Partner Scan","description":"Enqueue a CBOM scan for a partner-tenant via API key.","operationId":"create_partner_scan_api_v1_cbom_scans_post","parameters":[{"name":"authorization","in":"header","required":false,"schema":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Authorization"}}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/CbomScanCreateReq"}}}},"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/CbomScanCreateResp"}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}},"get":{"tags":["cbom-platform-api"],"summary":"List Partner Scans","operationId":"list_partner_scans_api_v1_cbom_scans_get","parameters":[{"name":"limit","in":"query","required":false,"schema":{"type":"integer","maximum":200,"minimum":1,"default":50,"title":"Limit"}},{"name":"authorization","in":"header","required":false,"schema":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Authorization"}}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"type":"object","additionalProperties":true,"title":"Response List Partner Scans Api V1 Cbom Scans Get"}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/api/v1/cbom/scans/{scan_id}":{"get":{"tags":["cbom-platform-api"],"summary":"Get Partner Scan","operationId":"get_partner_scan_api_v1_cbom_scans__scan_id__get","parameters":[{"name":"scan_id","in":"path","required":true,"schema":{"type":"string","title":"Scan Id"}},{"name":"include_bom","in":"query","required":false,"schema":{"type":"boolean","default":false,"title":"Include Bom"}},{"name":"authorization","in":"header","required":false,"schema":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Authorization"}}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"type":"object","additionalProperties":true,"title":"Response Get Partner Scan Api V1 Cbom Scans  Scan Id  Get"}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/api/v1/cbom/scans/{scan_id}/bom.json":{"get":{"tags":["cbom-platform-api"],"summary":"Download Partner Bom","operationId":"download_partner_bom_api_v1_cbom_scans__scan_id__bom_json_get","parameters":[{"name":"scan_id","in":"path","required":true,"schema":{"type":"string","title":"Scan Id"}},{"name":"format","in":"query","required":false,"schema":{"type":"string","pattern":"^(cyclonedx|spdx)$","default":"cyclonedx","title":"Format"}},{"name":"authorization","in":"header","required":false,"schema":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Authorization"}}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"type":"object","additionalProperties":true,"title":"Response Download Partner Bom Api V1 Cbom Scans  Scan Id  Bom Json Get"}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/api/v1/cbom/usage":{"get":{"tags":["cbom-platform-api"],"summary":"Get Partner Usage","description":"Return the calling tenant's billing-cycle + all-time usage and\nspend, sized for the inline API-reference dashboard panel.\n\nAuth: same Bearer key the partner uses for /scans — keeps the\n\"paste your key to see your spend\" UX in one place. No new key\nscope required; every active key can read its own tenant's usage.","operationId":"get_partner_usage_api_v1_cbom_usage_get","parameters":[{"name":"recent_limit","in":"query","required":false,"schema":{"type":"integer","maximum":50,"minimum":0,"default":5,"title":"Recent Limit"}},{"name":"authorization","in":"header","required":false,"schema":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Authorization"}}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"type":"object","additionalProperties":true,"title":"Response Get Partner Usage Api V1 Cbom Usage Get"}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/api/v1/cbom/keys":{"get":{"tags":["cbom-platform-api"],"summary":"List Partner Keys","description":"List every key on the calling tenant. Returns redacted shape —\n`key_lookup` + `key_prefix` + `name` + `env` + `status` + audit\ntimestamps. The full secret is NEVER returned (we don't store it\n— only the hash).","operationId":"list_partner_keys_api_v1_cbom_keys_get","parameters":[{"name":"authorization","in":"header","required":false,"schema":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Authorization"}}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"type":"object","additionalProperties":true,"title":"Response List Partner Keys Api V1 Cbom Keys Get"}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}},"post":{"tags":["cbom-platform-api"],"summary":"Create Partner Test Key","description":"Mint a NEW sandbox (qb_test_...) key for the calling tenant.\n\nBody: `{ \"name\": \"my-laptop\", \"env\": \"test\" }`.\n`env` MUST be `test` — live keys are admin-only.\nHard cap: MAX_TEST_KEYS_PER_TENANT active test keys per tenant.\n\nReturns the FULL plaintext key EXACTLY ONCE. Callers must save it\nimmediately — we only store the hash.","operationId":"create_partner_test_key_api_v1_cbom_keys_post","parameters":[{"name":"authorization","in":"header","required":false,"schema":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Authorization"}}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","additionalProperties":true,"title":"Body"}}}},"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"type":"object","additionalProperties":true,"title":"Response Create Partner Test Key Api V1 Cbom Keys Post"}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/api/v1/cbom/keys/{key_id}/revoke":{"post":{"tags":["cbom-platform-api"],"summary":"Revoke Partner Key","description":"Revoke a key on the calling tenant. Subsequent requests with\nthat key fail immediately with 401.\n\nAnti-foot-gun: callers can revoke the key they're currently\nholding — it works, and they'll lose access on the NEXT request.","operationId":"revoke_partner_key_api_v1_cbom_keys__key_id__revoke_post","parameters":[{"name":"key_id","in":"path","required":true,"schema":{"type":"string","title":"Key Id"}},{"name":"authorization","in":"header","required":false,"schema":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Authorization"}}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"type":"object","additionalProperties":true,"title":"Response Revoke Partner Key Api V1 Cbom Keys  Key Id  Revoke Post"}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/api/v1/cbom/branding":{"get":{"tags":["cbom-platform-api"],"summary":"Get Partner Branding","description":"Return the calling tenant's branding config + the live URL\nwhere their white-labeled landing would render.","operationId":"get_partner_branding_api_v1_cbom_branding_get","parameters":[{"name":"authorization","in":"header","required":false,"schema":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Authorization"}}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"type":"object","additionalProperties":true,"title":"Response Get Partner Branding Api V1 Cbom Branding Get"}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}},"put":{"tags":["cbom-platform-api"],"summary":"Update Partner Branding","description":"Update the calling tenant's white-label config. All fields\noptional — caller sends only what they want to change.\n\nSubdomain uniqueness is enforced at write time. URLs validated\nfor scheme + length. Accent color must match `#RRGGBB`.","operationId":"update_partner_branding_api_v1_cbom_branding_put","parameters":[{"name":"authorization","in":"header","required":false,"schema":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Authorization"}}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","additionalProperties":true,"title":"Body"}}}},"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"type":"object","additionalProperties":true,"title":"Response Update Partner Branding Api V1 Cbom Branding Put"}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/api/v1/cbom/branding/by-subdomain/{slug}":{"get":{"tags":["cbom-platform-api"],"summary":"Get Branding By Subdomain","operationId":"get_branding_by_subdomain_api_v1_cbom_branding_by_subdomain__slug__get","parameters":[{"name":"slug","in":"path","required":true,"schema":{"type":"string","title":"Slug"}}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"type":"object","additionalProperties":true,"title":"Response Get Branding By Subdomain Api V1 Cbom Branding By Subdomain  Slug  Get"}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/api/v1/cbom/openapi.json":{"get":{"tags":["cbom-platform-api"],"summary":"Get Qorbom Openapi","description":"Return the OpenAPI 3.1 spec for the QorBOM™ partner API only.","operationId":"get_qorbom_openapi_api_v1_cbom_openapi_json_get","responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"additionalProperties":true,"type":"object","title":"Response Get Qorbom Openapi Api V1 Cbom Openapi Json Get"}}}}}}}}}