API Overview
Base URL, authentication, response envelopes, rate limits and conventions for the AegisWhite REST API.
The AegisWhite REST API is the same interface our WHMCS module is built on. Everything the module does, your own integration can do. Use it to provision monitoring from any billing system, embed security data in your own dashboards, or automate customer sign-in.
Base URL
All endpoints are relative to your portal domain, the same domain your customers use, for example https://yourbrand.portal.aegiswhite.com or your custom portal domain. Your API key is bound to that domain: calls to any other portal domain are rejected with 403 TENANT_MISMATCH.
https://{your-portal-domain}/api/v1Your portal domain and API key are shown together in the portal under WHMCS Integration settings. Use exactly that pairing.
Authentication
Authenticate with a bearer token: your partner API key, generated in the portal (Settings → WHMCS Integration). The key authenticates as your whole partner account, so treat it like a root credential: store it server-side, never in client-side code, and regenerate it immediately if it leaks. It is shown only once at generation time.
Authorization: Bearer {your-api-key}
Content-Type: application/json
Accept: application/jsonOn the endpoints that read or change customer-level data, pass whmcs_customer_id to scope the call to one customer. The API refuses cross-customer access on those calls with 403 Access denied.
Response envelopes
The provisioning, SSO, alerts, domain-monitoring and sandbox groups wrap results in a success envelope. The Allowed Ports and Endpoints groups return standard Laravel resource envelopes (data / links / meta) instead. Each group page notes which applies.
{
"success": true,
"data": { },
"meta": {
"version": "v1",
"timestamp": "2026-07-12T09:30:00+00:00"
}
}{
"success": false,
"error": {
"code": "ENDPOINT_NOT_FOUND",
"message": "No endpoint with that ID belongs to your account.",
"details": { }
},
"meta": {
"version": "v1",
"timestamp": "2026-07-12T09:30:00+00:00"
}
}Validation failures return 422 with Laravel's standard shape: a message plus an errors map of field names to problems.
Errors every endpoint can return
| Status | Meaning |
|---|---|
| 401 | Missing or invalid API key (Unauthenticated.). |
403 TENANT_MISMATCH | The API key does not belong to the portal domain you called. Check your base URL. |
403 ACCOUNT_SUSPENDED | Your partner account is suspended. |
| 422 | Request validation failed. See the errors map. |
| 429 | Rate limit exceeded. Retry after the Retry-After header. |
Rate limits
Provisioning, SSO, alerts, domain-monitoring and firewall-ingest endpoints allow 60 requests per minute per API key. Endpoints without a stricter limit fall back to the platform default of 100 requests per minute. Sandbox endpoints are not rate limited. 429 responses include a Retry-After header. Back off and retry.
Versioning
The current API version is v1, carried in every path and echoed in the meta.version of enveloped responses. Backwards-incompatible changes will ship under a new version prefix.
Sandbox mode
With sandbox mode enabled on your account, send X-Aegis-Sandbox: true on provisioning calls to simulate them end-to-end: no real scans run. See the Sandbox endpoints for scenario control, and the WHMCS troubleshooting guide for the module-driven flow.
Health check
Verify connectivity and your base URL with the unauthenticated health endpoint before wiring credentials:
Health check
/api/v1/healthUnauthenticated liveness check. Use it to verify connectivity and your base URL before wiring credentials.
curl -X GET 'https://portal.example.com/api/v1/health'{
"success": true,
"status": "ok",
"timestamp": "2026-07-12T09:30:00+00:00",
"meta": {
"version": "v1"
}
}