API Reference

Overview

The Diverg API lets you trigger investigations and fetch results from your own scripts, CI/CD pipelines, or applications. Access is provided when you use Diverg Open (sign in at dash.divergsec.com) or a private engagement. This page summarizes authentication and main endpoints; a full OpenAPI/Swagger spec and SDKs are available in the dashboard once you have access.

Autonomous agents can use Diverg Auto, our OpenClaw integration, to drive the same capabilities with natural-language commands instead of hand-written API glue.

Authentication

API requests are authenticated with an API key that you obtain from the Diverg dashboard (or from your account manager for enterprise). Include the key in the request header, for example:

Authorization: Bearer YOUR_API_KEY

Keys can be scoped to specific operations or environments. Keep keys secret and rotate them if compromised.

Main endpoints

• Run investigation: POST a target (URL, domain, or wallet address) and optional options (e.g. skill subset, depth). Returns a job ID.
• Get status: GET job status by ID to see if the investigation is still running or completed.
• Get report: GET the full report (JSON) for a completed job. Includes findings, severity, evidence, and skipped checks.
• List jobs: GET a paginated list of your investigations for filtering and audit.

Base URL and full request/response schemas are in the dashboard under API docs. Rate limits and quotas depend on your plan.

Webhooks

You can register a webhook URL to receive notifications when an investigation completes (or fails). The payload includes the job ID and a summary so your system can fetch the full report or trigger downstream actions. Configure webhooks in the dashboard or via the API.

Getting access

To obtain API keys and the full documentation, sign in to Diverg Open. For private or enterprise API programs, email [email protected] to book.