Getting Started

Authentication

The FluxCybers ExecFlow API uses Bearer token authentication. All API requests must include your API key in the Authorization header. Generate a key in Settings → API Keys.

# Include in every request
Authorization: Bearer ef_read_a1b2c3d4e5f6...

🔑 API keys begin with ef_ followed by the scope (read, write, admin). The full key is only shown at creation — copy it immediately.

Key Scopes:

Scope	Permissions
read	GET requests only — retrieve data without modification
write	GET + POST/PUT/PATCH — create and modify resources
admin	Full access including DELETE and admin-only operations

Getting Started

Rate Limits

Rate limits are applied per API key per minute. Exceeding the limit returns HTTP 429 with a Retry-After header.

Plan	Rate Limit	Burst
Starter	100 requests / minute	120 req (10s window)
Pro	500 requests / minute	600 req (10s window)
Enterprise	Custom (contact us)	Unlimited burst available

Rate limit headers are included on every response: X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset.

Getting Started

Errors & CORS

All error responses return JSON with a consistent format. HTTP status codes follow REST conventions.

// Error response format
{
  "success": false,
  "message": "Descriptive error message",
  "code": "ERROR_CODE"    // Optional machine-readable code
}

HTTP Status	Meaning
200	Success
400	Bad request — missing or invalid parameters
401	Unauthorized — invalid or missing API key
403	Forbidden — API key lacks required scope
404	Resource not found
429	Rate limit exceeded
500	Internal server error

CORS: The API allows requests from https://fluxcybers.polsia.app, https://fluxcybers.polsia.app, and https://fluxcybers.polsia.app. For server-to-server integrations, CORS does not apply.

Getting Started

Versioning

The current API version is v1. Versioning is handled via URL path prefix (/api/v1/...). The current routes work without the version prefix for backward compatibility. Breaking changes will be introduced in a new version with 6 months' notice.

The base URL for all API endpoints is: https://fluxcybers.polsia.app/api/

Core Platform API

Servers

Manage and interact with connected servers. Requires read scope for GET endpoints, write for commands.

GET/api/servers

List all servers connected to your account with their current status and metadata.

# cURL
curl https://fluxcybers.polsia.app/api/servers \
  -H "Authorization: Bearer ef_read_..."

# Response
{
  "success": true,
  "servers": [{
    "id": 1, "name": "prod-web-01",
    "ip": "192.168.1.1", "status": "online"
  }]
}

POST/api/servers/{id}/execute

Execute a command on a server. Requires write scope. Commands are logged to the immutable audit trail.

Parameter	Description
commandrequiredstring	The shell command to execute
timeoutnumber	Max execution time in seconds (default: 30, max: 300)

Core Platform API

Playbooks

List and execute automation playbooks. Every execution is logged to the audit trail.

GET/api/playbooks

List all available playbooks with their step counts and last execution details.

POST/api/playbooks/{id}/run

Execute a playbook. Supports dry-run mode and target server specification.

Parameter	Description
server_idnumber	Target server ID (required if playbook is server-specific)
dry_runboolean	If true, validate playbook without executing. Default: false
paramsobject	Playbook-specific parameters (varies by playbook)

Core Platform API

Audit Trail

Retrieve the immutable blockchain-backed audit log. Every significant action is permanently recorded here.

GET/api/audit-log

Retrieve paginated audit log entries. Entries are immutable once written.

Query Parameter	Description
limitnumber	Number of entries per page (default: 50, max: 200)
offsetnumber	Pagination offset (default: 0)
actionstring	Filter by action type (e.g., command_executed, playbook_run)
server_idnumber	Filter by server ID
fromstring	ISO 8601 start date
tostring	ISO 8601 end date

Core Platform API

Agent Orchestration

Dispatch tasks to FluxCybers ExecFlow's AI agent hierarchy and check agent queue status.

POST/api/agents/task

Dispatch a task to an AI agent. Agents can execute commands, run playbooks, and take autonomous remediation actions.

Parameter	Description
taskrequiredstring	Natural language task description for the agent
agent_typestring	Agent type: security, remediation, analysis (default: auto-select)
prioritystring	Task priority: low, normal, high, critical (default: normal)
server_idnumber	Scope the task to a specific server

GET/api/agents/status

Get current agent queue size, active tasks, and per-agent health status.

Products

CompactEdge AI

5-layer AI media compaction and restoration. Reduce asset sizes by up to 99.8% with lossless reconstruction and cryptographic integrity proof.

POST/api/compact

Submit an asset for CompactEdge processing. Returns a compact_id for tracking and restoration.

Parameter	Description
asset_urlrequiredstring	Publicly accessible URL of the asset to compact
quality_targetnumber	Target quality score 0–100 (default: 85). Higher = larger file, better quality
format_preferencestring	Output format preference: webp, avif, jpeg, png, auto (default: auto)

# Python example
import requests

resp = requests.post(
    'https://fluxcybers.polsia.app/api/compact',
    headers={'Authorization': 'Bearer ef_write_...'},
    json={
        'asset_url': 'https://example.com/video.mp4',
        'quality_target': 90,
        'format_preference': 'auto'
    }
)
data = resp.json()
compact_id = data['compact_id']

POST/api/rehydrate

Restore an original asset from its compacted version. Returns the original asset URL.

Parameter	Description
compact_idrequiredstring	ID returned when the asset was compacted

GET/api/integrity/{compact_id}

Retrieve the Quality Integrity Certificate for a compacted asset. Includes SSIM/VMAF scores and cryptographic hash.

GET/api/mobility-score/{asset_id}

Get the Edge Mobility Score for an asset — a composite metric combining size, quality, and CDN delivery performance.

Products

Sentry V AI

Autonomous security monitoring with cryptographic audit trails. Detect → Respond → Prove.

GET/api/sentry/health/{site_id}

Retrieve current health score, threat level, and 24-hour prediction for a monitored site.

GET/api/sentry/incidents

List all Sentry V incidents with severity, timeline, and resolution status. Paginated.

Query Parameter	Description
statusstring	Filter: open, resolved, all (default: all)
severitystring	Filter: critical, high, medium, low
limitnumber	Results per page (default: 50)

POST/api/sentry/shield-mode

Toggle Shield Mode for a monitored site. Shield Mode activates maximum defensive posture — all suspicious traffic blocked.

Parameter	Description
site_idrequirednumber	Target site ID
enabledrequiredboolean	true to activate, false to deactivate

Products

eShield

Endpoint protection and threat management. Quarantine compromised endpoints, manage threat feeds.

GET/api/eshield/threats

Retrieve the active threat feed — IPs, domains, and files currently flagged as malicious.

POST/api/eshield/quarantine

Immediately quarantine an IP address or endpoint. All traffic from the target is blocked and logged.

Parameter	Description
targetrequiredstring	IP address or hostname to quarantine
reasonstring	Reason for quarantine (logged to audit trail)
duration_hoursnumber	Auto-release after N hours (null = permanent until manual release)

Products

VaultShield

Bot protection and anti-DDoS layer. Manage traffic filtering rules and review protection status.

GET/api/vaultshield/status

Get current VaultShield protection status, active rule count, and traffic statistics.

POST/api/vaultshield/rules

Add a custom blocking rule. Rules are evaluated in priority order.

Parameter	Description
typerequiredstring	Rule type: ip_block, user_agent_block, rate_limit, geo_block
valuerequiredstring	Value to match (IP, user-agent string, country code, etc.)
actionstring	Action: block, challenge, log (default: block)
prioritynumber	Rule priority (1 = highest, evaluated first)

Platform

Webhooks

Create and manage webhook endpoints to receive real-time event notifications. See the full Integrations guide for Zapier and Make setup.

GET/api/webhooks

List all configured webhook endpoints and their subscription events.

POST/api/webhooks

Register a new webhook endpoint. Returns a signing secret (shown once only).

Parameter	Description
urlrequiredstring	HTTPS endpoint URL to POST events to
eventsrequiredarray	Event types to subscribe to (see event reference)
descriptionstring	Human-readable description of this webhook

POST/api/webhooks/{id}/ping

Send a test event to verify the endpoint is reachable and the signing secret works.

🔐 Signature Verification: All events include an X-FluxCybers-Signature: sha256={hex} header. Verify using: HMAC-SHA256(signing_secret, JSON.stringify(payload))