Big Cranium Logo White.png
TrainingHelp Center
Find the insights and best practices about our product.
General
FAQs
System & Network Requirements
Getting Started
My AI Dashboard Overview
Release Notes
2026.4.2 Release Notes
2026.4.1 Release Notes
2026.3.1 Release Notes
2026.2.2 Release Notes
2026.2.1 Release Notes
2026.1.1 Release Notes
2025.12.1 Release Notes
2025.11.1 Release Notes
2025.10.3 Release Notes
2025.10.1 Release Notes
2025.9.1 Release Notes
2025.8.1 Release Notes
2025.7.1 Release Notes
2025.4.1 Release Notes
2025.3.1 Release Notes
2025.1.1 Release Notes
2024.12.1 Release Notes
AI Manager
My AI Systems
My AI Systems Overview
AI System Details Overview
Adding a New AI System
Self-Attesting to a Compliance Framework
Compliance Scoring
Compliance Agent [Beta]
My AI Supply Chain
Supply Chain Overview
Managing Outgoing AI Card Requests
Responding to an AI Card Request
Publishing an AI Card Without a Request
My Vendors Overview
Artifacts
Bill of Materials
Bill of Materials Overview
Creating a Bill of Materials with CodeSensor
Self-Attest to a Bill of Materials
AgentSensor Overview
Technology Search Overview
Document Library
Document Library Overview
Vulnerability Management
Arena Shield
Arena Shield Overview
Shield YAML Implementation Guide
Arena
AI Arena Overview
Vulnerability Assessment
Vulnerability Management
Vulnerability Assessment Overview
Accessing a Vulnerability Assessment
Adversarial Inputs Detector
Vulnerabilities Overview
Settings
User Manager Overview
Detect AI
Integrations
Accessing a Private VCS
Registering SSH for CodeSensor
Integrating Bitbucket with Cranium
Integrating GitHub with Cranium
Integrating GitLab with Cranium
Integrating Azure DevOps with Cranium
Continuous Monitoring Overview
VCS Service Rate Limits
CloudSensor
CloudSensor Overview
Public API
Public API Overview
Authentication & Generating Credentials
Pagination & Incremental Sync
Rate Limits & Error Handling
Endpoint Reference
Bills of Materials
Technology Vulnerabilities
Arena Models
Arena Model Vulnerabilities
Home
Public API
Public API Overview
Public API Overview

The Cranium Public REST API provides programmatic read access to your AI inventory. The API is designed for data engineering and security teams integrating Cranium data with data warehouses, IT service management platforms, internal reporting pipelines, and other downstream systems.

Audience

This documentation assumes familiarity with REST APIs, OAuth 2.0 authentication, and JSON. The API is intended for developers and integrators rather than business users. If you are looking to view your AI inventory directly, use the Cranium platform.

Available Endpoints

The v1 API includes four read endpoints:

  • Bill of Materials: list and retrieve BOMs across your tenant
  • Technology Vulnerabilities: list and retrieve technology vulnerabilities (CVEs) detected in your BOMs
  • Arena Models: list models cataloged in the Arena
  • Arena Model Vulnerabilities: list model vulnerabilities (attack categories) detected through Arena testing

Endpoints for AI Systems, AI Cards, and CloudSensor findings are planned for future releases.

Regional Base URLs

The Public API is available in three regions. Use the base URL that matches your tenant's region.

If you are not sure which region your tenant is in, contact your Customer Success Manager.

API Conventions

REST and JSON

All endpoints use standard HTTP methods. Request and response bodies are JSON.


Authentication

All requests require a bearer token obtained through OAuth 2.0 client credentials. See the Authentication & Generating Credentials article for details.


Pagination

All list endpoints use cursor-based pagination. See the Pagination & Incremental Sync article for the full pattern, including how to perform full and incremental syncs.


Rate Limits

Requests are subject to per-customer rate limits. See the Rate Limits & Error Handling article for limits, headers, and the 429 response format.


Sorting

Sort order is fixed per endpoint and is not configurable through query parameters.


Read-Only

The v1 API supports read operations only. Write, update, delete, and bulk export operations are not available in this release.

Licensing

The Public API is a licensed feature. To enable the API for your tenant, contact your Customer Success Manager. Once enabled, the API Management section becomes available under Settings, where authorized users can generate credentials.

Getting Started

To begin using the API:


1. Confirm your tenant has the API license enabled. If the API Management section does not appear under Settings, contact your Customer Success Manager.


2. Generate API credentials by following the steps in Authentication & Generating Credentials.


3. Request a bearer token from the token endpoint using your Client ID, Client Secret, and Scope.


4. Make authenticated requests to the endpoints relevant to your use case.

Did this answer your question?
Related Articles
Arena Model Vulnerabilities
Arena Models
Technology Vulnerabilities
Bills of Materials
Rate Limits & Error Handling
Authentication & Generating Credentials
Pagination & Incremental Sync