Provisioning and Reporting API Guide

CYRISMA’s Provisioning and Reporting API offers organizations using the CYRISMA risk management platform an enhanced way to automate the setup of new instances and collect scan data for reporting. This API enables organizations to manage partner relationships, monitor usage, and retrieve detailed scan results, all while supporting secure access through token-based authentication.

Written by Liam Downward

Updated at December 16th, 2025

+ More

Table of Contents

Getting Started Step 1: Obtain API Credentials Step 2: Reset the Temporary API Secret (Required) Step 3: Authenticate and Obtain an Access Token Provisioning Operations Common Provisioning Endpoints Instance Hierarchy Notes Creating a New Organization or Instance MFA Configuration Reporting Operations Instance Authentication for Reporting (Required) Reporting Endpoint Structure Available Reporting Endpoints Scan Data Notes Dashboard Grades Security and Best Practices Full API Reference

The Cyrisma Provisioning and Reporting API enables partners to automate platform onboarding, manage organizations and users, and retrieve scan and risk data for reporting and integration purposes.

The API supports two primary functions:

Provisioning Operations
Automate partner setup, instance creation, user management, MFA configuration, and lifecycle management.

Reporting Operations
Retrieve vulnerability, baseline, and data scan results, along with dashboard-level risk metrics, across Cyrisma cloud instances.

Authentication is token-based and follows OAuth-style access token principles.

Getting Started

Step 1: Obtain API Credentials

API access requires credentials issued by Cyrisma Support:

API Key (Username)

Temporary API Secret (Password)

These credentials are used only to generate access tokens.

Step 2: Reset the Temporary API Secret (Required)

First-time API use must begin by resetting the temporary secret.

Endpoint
POST /partner/login/regen-pass

The new secret is returned once.

Cyrisma stores only a hashed version and cannot recover it.

Store the new secret securely.

Step 3: Authenticate and Obtain an Access Token

Endpoint
POST /partner/login/

Uses application/x-www-form-urlencoded

Returns:

access_token (required for all future requests)

expires_in (typically 600 seconds)

Optional refresh_token

All subsequent API calls must include the access token in the Authorization header.

Provisioning Operations

Provisioning endpoints allow you to manage the organizational hierarchy and users within the Cyrisma platform.

Common Provisioning Endpoints

Function	Method	Endpoint
Reset API Password	POST	`/partner/login/regen-pass`
Get All Structure	GET	`/partner/instances/info/`
Get Single Partner	GET	`/partner/instances/info/{instanceId}`
Create Organization / Instance	POST	`/partner/instances/create`
Create User	POST	`/partner/instances/users/create`
Convert Consulting Instance	PATCH	`/partner/instances/convert`
Suspend Instance	PATCH	`/partner/instances/suspend`
Reactivate Instance	PATCH	`/partner/instances/reactivate`
Get All Users	GET	`/partner/users/info`
Get Specific User	GET	`/partner/users/info/{userRef}`
Disable User	PATCH	`/partner/users/disable`
Modify MFA Method	PATCH	`/partner/instances/mfa`

Instance Hierarchy Notes

Organizations (MSP / MSSP) sit at the top of the hierarchy.

Instances (standard or consulting) exist under organizations.

Users can only be created under organizations, not standard or consulting instances.

Consulting instances can be converted once to managed (standard).

Creating a New Organization or Instance

Endpoint
POST /partner/instances/create

Key parameters include:

instance_type (msp, mssp, or standard)

is_consulting

parent_instance_id

country (determines data residency)

Optional MFA configuration (mfa_type)

Provisioning typically completes within 5 minutes.

MFA Configuration

MFA can be set:

During instance creation, or

Updated later using the MFA endpoint

Supported MFA types:

0 – None

1 – Email

2 – Authenticator (TOTP)

MFA changes apply only to organizations, not standard or consulting instances.

Reporting Operations

Reporting endpoints allow retrieval of scan results and dashboard metrics.

Instance Authentication for Reporting (Required)

Before accessing reporting endpoints, instances must be authenticated.

Endpoint
POST /partner/instances/login/{optional instanceId}

If no instance ID is provided, all available instances are authenticated.

This step must be repeated whenever a new access token is generated.

Reporting Endpoint Structure

Once authenticated, reporting endpoints are accessed using the instance-specific URL:

Available Reporting Endpoints

Function	Method	Endpoint
Data Scan Summary	GET	`/partner/scans/data`
Secure Baseline Summary	GET	`/partner/scans/baseline`
Vulnerability Scan Summary	GET	`/partner/scans/vulnerability`
Vulnerability Scan Detail	GET	`/partner/scans/vulnerability/{scanId}`
Overall Risk Dashboard	GET	`/partner/dashboards/overall`
Data Dashboard	GET	`/partner/dashboards/data`
Baseline Dashboard	GET	`/partner/dashboards/baseline`
Vulnerability Dashboard	GET	`/partner/dashboards/vulnerability`
CVE Details	GET	`/partner/dashboards/vulnerability/cve`

Scan Data Notes

Internal and external IP scans return:

Vulnerabilities

Open ports

Web application scans return:

Flaws

Each asset may contain:

vulnerabilities

openPorts

flaws

Dashboard Grades

Dashboard endpoints return current and previous grades for:

Overall Risk

Data Scans

Vulnerability Scans

Secure Baseline

Compliance

Grading periods depend on instance configuration (monthly or quarterly).

Security and Best Practices

All API access must use SSL

Rotate API secrets periodically

Store access tokens securely

Re-authenticate instances after token renewal

Limit API access to authorized automation only

Full API Reference

For complete endpoint definitions, request/response schemas, and full cURL examples, refer to:

Cyrisma API Guide v3.3

api management guide tracking setup fetch