Skip to content

Object API

Why use the API

Soveren provides the Object API to allow users to extract information about all discovered services, the flows between them, and the detected data types.

A popular use case for the Soveren Object API is to automatically keep your inventory updated and enriched with metadata such as live descriptions, service owners, and instances of actual activity (e.g., sending or receiving data). Additionally, you can track real-time data streams between services and pinpoint where sensitive data is detected.

Connecting to the API

To connect to the Object API, you will need an authentication token. Soveren uses bearer authentication.

To get the token, open the Integrations in the Soveren app, and press Manage on the API Tokens configuration there:

API Tokens in Integration

You will be prompted to create new token if you don't have any:

API Token configuration

Upon pressing the button, you will need to provide a descriptive name for your new token:

API Token name

After you've provided the name for the token and pressed Create, you will get the token value:

API Token value

And the list of tokens will now be non-emtpy:

API Token list

Now you are all set and can start using the Soveren Object API! It is accessible at https://api.soveren.io/.

API specification

The Soveren Object API specification is available here.

Using the API

Object model which is provided by the API is schematically shown below:

Soveren API object model

For a comprehensive description of each object structure available through the APIs, please refer to the Soveren Object API.

Data-in-motion (DIM) API

Soveren represents a part of your infrastructure in terms of Kubernetes clusters where you deploy Soveren DIM Sensors. Each cluster is distinguished by its ID and the name you assign to it.

Assets refer to deployments that Soveren identifies within the cluster. More precisely, they represent an aggregate based on either the source IP or destination IP from web service calls. Although there can be various types of assets, currently, Soveren supports only one type: "Kubernetes workload."

Assets are essentially services which constitute your applications running in the cluster

An endpoint is a distinct combination of a hostname, method, and URL discovered on an asset.

Communication channels between assets, where sensitive data types have been detected, are termed data streams. For instance, when one asset calls another, this establishes a data stream.

Multiple data streams can exist between two assets. If two assets share at least one data stream, Soveren determines that there's a data flow between them.

Between any two chosen assets, there can be two data flows — one in each direction (from one asset to the other and vice versa). A single data flow can encompass multiple data streams.

Data-at-rest (DAR) API

There are APIs for data sources, that is, S3, Kafka and databases.

The S3 part of the API is concerned with buckets. For Kafka and databases, the API interacts with instances, and within each instance, it retrieves information on topics (in the case of Kafka), databases, and tables. At each level, the API provides data types detected in the respective data source.