Skip to main content

Organization endpoints

/platform/organizations/{organization_id}/* group (excluding API keys and webhooks, which have their own pages).

Covers: feedback reports, external integrations (Git and CI), identity providers (OIDC/SSO), Git bindings (binding between a project and a repository) and pipeline runs.

Endpoint table

Feedback

MethodPathPermission
GET/platform/organizations/{organization_id}/feedback-reportsfeedback:view
POST/platform/organizations/{organization_id}/feedback-reportsfeedback:create

Integrations

MethodPathPermission
GET/platform/organizations/{organization_id}/integrationsSession
POST/platform/organizations/{organization_id}/integrationsintegration:manage
PATCH/platform/organizations/{organization_id}/integrations/{integration_id}integration:manage
DELETE/platform/organizations/{organization_id}/integrations/{integration_id}integration:manage
POST/platform/organizations/{organization_id}/integrations/{integration_id}/testintegration:manage

Identity providers (OIDC/SSO)

MethodPathPermission
GET/platform/organizations/{organization_id}/identity-providersSession
POST/platform/organizations/{organization_id}/identity-providersidentity_provider:manage
PATCH/platform/organizations/{organization_id}/identity-providers/{provider_id}identity_provider:manage
DELETE/platform/organizations/{organization_id}/identity-providers/{provider_id}identity_provider:manage

Git provider capabilities

MethodPathAuth
GET/platform/git-providers/capabilitiesPublic

Repositories and branches

MethodPathPermission
GET/platform/organizations/{organization_id}/integrations/{integration_id}/repositoriesintegration:manage
GET/platform/organizations/{organization_id}/integrations/{integration_id}/branches?repository=…integration:manage
POST/platform/organizations/{organization_id}/integrations/{integration_id}/discoverintegration:manage
POST/platform/organizations/{organization_id}/integrations/{integration_id}/sync-importintegration:manage
POST/platform/organizations/{organization_id}/integrations/{integration_id}/sync-exportintegration:manage

Git bindings (project sync)

MethodPathPermission
GET/platform/organizations/{organization_id}/git-bindingsSession
POST/platform/organizations/{organization_id}/git-bindingsintegration:manage
POST/platform/organizations/{organization_id}/git-bindings/validateintegration:manage
PATCH/platform/organizations/{organization_id}/git-bindings/{binding_id}integration:manage
DELETE/platform/organizations/{organization_id}/git-bindings/{binding_id}integration:manage
GET/platform/organizations/{organization_id}/git-bindings/{binding_id}/runsSession
POST/platform/organizations/{organization_id}/git-bindings/{binding_id}/discoverintegration:manage
POST/platform/organizations/{organization_id}/git-bindings/{binding_id}/importintegration:manage
GET/platform/organizations/{organization_id}/git-bindings/{binding_id}/commitsSession
GET/platform/organizations/{organization_id}/git-bindings/{binding_id}/review-statusSession
POST/platform/organizations/{organization_id}/git-bindings/{binding_id}/preflightintegration:manage
POST/platform/organizations/{organization_id}/git-bindings/{binding_id}/rollbackintegration:manage
POST/platform/organizations/{organization_id}/git-bindings/{binding_id}/publishversion:publish

Pipeline runs (CI)

MethodPathPermission
POST/platform/organizations/{organization_id}/integrations/{integration_id}/pipeline-runsintegration:manage
GET/platform/organizations/{organization_id}/integrations/{integration_id}/pipeline-runs/{external_run_id}integration:manage

Feedback

POST /.../feedback-reports

Creates a feedback report (bug, feature request, improvement, question).

Request body (FeedbackReportCreateRequest):

{
  "kind": "bug",
  "title": "Logtest fails on large events",
  "description": "Pasting a 50KB event takes > 10s",
  "attachments": []
}

kindquestion.

Response 200 (FeedbackReportRecord): includes id, status, created_at. Emits webhook feedback.created.

Integrations

An integration connects RuleForge to an external system: Git repository, CI pipeline, or messaging channel. Main fields:

  • kindgit, ci, messaging.
  • providergithub, gitlab, gitea, jenkins, slack, etc.
  • credentials (encrypted) — tokens, private keys.
  • settings — per-provider configuration (base URL, org id, etc.).

POST /.../integrations

Request body (IntegrationConnectionCreateRequest):

{
  "name": "GitHub SOC",
  "kind": "git",
  "provider": "github",
  "settings": {
    "base_url": "https://github.com",
    "organization": "acme-soc"
  },
  "credentials": {
    "token": "ghp_..."
  }
}

Response 200: IntegrationConnectionRecordcredentials is not returned; only metadata.

PATCH /.../integrations/{integration_id}

Partial update. Send credentials again if you want to replace them; otherwise the existing ones are preserved.

DELETE /.../integrations/{integration_id}

Response 204. Bindings/pipelines that depend on it become orphaned and need to be reconnected manually.

POST /.../integrations/{integration_id}/test

Tests connectivity. Response varies by kind:

  • git → clones a repo listing.
  • ci → validates the platform's API.

Identity providers (OIDC/SSO)

Configures an external provider for the login flow.

POST /.../identity-providers

Request body (IdentityProviderCreateRequest):

{
  "name": "Corporate Okta",
  "kind": "oidc",
  "issuer": "https://acme.okta.com",
  "client_id": "…",
  "client_secret": "…",
  "discovery_url": "https://acme.okta.com/.well-known/openid-configuration",
  "scopes": ["openid", "email", "profile"],
  "default_role": "engineer"
}

Response 200: IdentityProviderRecord (without client_secret).

Git providers — capabilities

GET /platform/git-providers/capabilities

Lists what each provider supports. Useful for the frontend to enable/disable features.

Response 200:

{
  "github": {
    "supports_repository_listing": true,
    "supports_branch_listing": true,
    "supports_scan_discovery": true,
    "supports_explicit_paths": true,
    "supports_direct_publish": true,
    "supports_review_publish": true,
    "supports_app_auth": true,
    "supports_webhook_sync": true,
    "supports_pagination": true
  },
  "gitlab": { "...": "..." },
  "gitea": { "...": "..." }
}

Repositories and branches

GET /.../integrations/{integration_id}/repositories

Lists repositories accessible through the integration.

Response 200:

[
  { "full_name": "acme-soc/wazuh-rules", "default_branch": "main", "private": true },
  { "full_name": "acme-soc/ids-content", "default_branch": "trunk", "private": false }
]

GET /.../integrations/{integration_id}/branches?repository=<repo>

Lists branches of the given repository.

Response 200: array of { "name": "main", "commit_sha": "abc…", "protected": true }.

POST /.../integrations/{integration_id}/discover

Discovers the repository structure (detects rules/ and decoders/ folders).

Request body: { "repository": "acme/repo", "branch": "main" }.

Response 200: detected structure with paths and counts.

POST /.../integrations/{integration_id}/sync-import

Imports a bundle (rules + decoders) directly from Git (without going through a binding). Useful for one-shot.

Request body: { "repository": "...", "branch": "main" }.

POST /.../integrations/{integration_id}/sync-export

Exports (commits) the current XML content to Git.

Request body:

{
  "repository": "acme/repo",
  "branch": "main",
  "decoders_xml": "<decoders>…</decoders>",
  "rules_xml": "<group>…</group>",
  "commit_message": "Update via RuleForge"
}

Git bindings

A binding connects a RuleForge project to a specific folder in a repository/branch, with a synchronization policy.

POST /.../git-bindings

Request body (GitProjectBindingCreateRequest):

{
  "project_id": "prj_...",
  "integration_id": "int_...",
  "repository": "acme-soc/wazuh-rules",
  "branch": "main",
  "rules_path": "rules/",
  "decoders_path": "decoders/",
  "publish_strategy": "review",
  "scheduled_sync_interval_minutes": 60,
  "sync_on_webhook": true
}
  • publish_strategy"direct" (commit to the branch) or "review" (opens a PR/MR).
  • scheduled_sync_interval_minutes — 0 to disable.

Response 200: GitProjectBindingRecord.

POST /.../git-bindings/validate

Validates the request before creating it (useful to preview conflicts).

Response 200 (GitBindingValidationResult): { valid, warnings, errors }.

POST /.../git-bindings/{binding_id}/discover

Re-discovers the structure; updates counts and warns about new/renamed files.

POST /.../git-bindings/{binding_id}/import

Imports the current repository state into the project's workspace.

Request body (optional, GitProjectBindingImportRequest): filter params (alternate branch, force overwrite).

GET /.../git-bindings/{binding_id}/commits?limit=20

Lists recent commits of the linked branch. limit 1–100.

GET /.../git-bindings/{binding_id}/review-status

State of the pending review (PR/MR opened by RuleForge), if any.

POST /.../git-bindings/{binding_id}/preflight

Simulates the publish without committing. Returns the diff and quality-gate violations.

POST /.../git-bindings/{binding_id}/publish

Executes the publish: direct commit or opens a PR/MR based on publish_strategy.

POST /.../git-bindings/{binding_id}/rollback

Reverts the project to the state of an earlier commit.

Request body (GitBindingRollbackRequest):

{ "commit_sha": "abc123…", "workspace_name": "rollback-20260424" }

Creates a new workspace with the restored content.

GET /.../git-bindings/{binding_id}/runs

Sync history (discover/import/publish).

Response 200: array of GitProjectSyncRunRecord with run_type, status, created_at, error, diff_summary.

Pipeline runs (CI)

Triggering and monitoring runs on an external CI (Jenkins, GitLab CI, GitHub Actions).

POST /.../integrations/{integration_id}/pipeline-runs

Triggers a run.

Request body (provider-dependent): { "branch": "main", "inputs": { "key": "value" } }.

Response 200: { "external_run_id": "...", "status": "queued", "url": "..." }.

GET /.../integrations/{integration_id}/pipeline-runs/{external_run_id}

Checks status.

Response 200:

{
  "external_run_id": "abc",
  "status": "running|succeeded|failed|canceled|queued",
  "url": "https://ci.example.com/run/abc",
  "started_at": "…",
  "finished_at": null,
  "logs_url": "…"
}