quanterios
Get started
API & SDK reference

REST, GraphQL, webhooks, SDKs.

Quanterios exposes its CBOM, AIBOM, Decision Engine, and runtime surfaces through REST and GraphQL APIs, with webhook events for state changes and language SDKs for Python, Node.js, Go, Java, Rust, and .NET.

Email developers@quanterios.comQuickstart
01 · API surfaces
01
CBOM API

GraphQL and REST over the live cryptographic estate. Query algorithms, keys, certificates, exposure surface, owning service. Webhook events for state changes.

02
AIBOM API

GraphQL and REST over the AI estate, models, agents, MCP servers, datasets, prompts, relationships. Webhook events for new components.

03
Risk Intelligence API

Per-asset risk scores, drivers, briefings, drift signals. Customer-overridable annotations preserved across refreshes.

04
Evidence packet API

Evidence-packet generation per framework, per asset class, per audit window. PDF and structured JSON output.

05
Runtime gate API

AI Runtime Protection control plane, policy, allow-lists, scope graph, audit trail. Sub-100ms enforcement path.

06
Webhook events

Subscribe to state changes, new asset, new agent, policy violation, runtime block. Signed delivery, retry semantics, replay.

02 · SDKs

Language SDKs for the languages your stack actually uses.

Python · pip install quanterios
Async-first client. Full coverage of CBOM, AIBOM, Risk, Evidence APIs. Crypto Agility primitives.
Node.js · npm install @quanterios/sdk
Node 18+. Full coverage of CBOM, AIBOM, Risk, Evidence APIs. Crypto Agility primitives.
Go · go get github.com/quanterios/quanterios-go
Go 1.22+. Full coverage of CBOM, AIBOM, Risk, Evidence APIs. Crypto Agility primitives.
Java · Maven · com.quanterios:sdk
Java 17+. Full coverage of CBOM, AIBOM, Risk, Evidence APIs. Crypto Agility primitives.
Rust · cargo add quanterios
Edition 2021. Full coverage of CBOM, AIBOM, Risk, Evidence APIs. Crypto Agility primitives.
.NET · dotnet add package Quanterios
.NET 8+. Full coverage of CBOM, AIBOM, Risk, Evidence APIs. Crypto Agility primitives.
03 · Authentication, rate limits, regions

Authentication uses API keys with scoped permissions or OAuth 2.0 with PKCE for interactive flows. SSO via SAML/OIDC for human access; service accounts for machine-to-machine.

Rate limits are tier-based and explicitly published in the response headers. Region pinning is enforced via the API gateway, your data never crosses regional boundaries.

The full reference, including request/response shapes, error codes, and pagination semantics, is published in the customer documentation surface. Email developers@quanterios.com if you need access before signup.

Need the spec?

Email developers@quanterios.com, we'll send the OpenAPI spec, GraphQL schema, and SDK quickstarts.

developers@quanterios.comQuickstart