API Overview
The CSE Registry API provides programmatic access to signals, mappings, and domain metadata. Use it to integrate CSE data into your security tools, compliance platforms, and automation workflows.
Community API Access
Community tier includes 10,000 requests/day. Get your API key or view pricing for higher limits and additional features.
Base URL
https://api.cseregistry.org/v1Key Features
Fast & Reliable
Low-latency responses with 99.9% uptime SLA
RESTful Design
Standard HTTP methods and JSON responses
Generous Limits
10,000 requests/day on Community tier
Authentication
All API requests must include your API key in the Authorization header:
curl https://api.cseregistry.org/v1/signals \
-H "Authorization: Bearer YOUR_API_KEY"API keys are free and can be generated after registering an account. Each key is tied to your account and can be revoked at any time.
Quick Start
1. Get Your API Key
Create an account and generate an API key from your dashboard.
2. Make Your First Request
# List signals in the HIPAA domain
curl "https://api.cseregistry.org/v1/signals?domain=HIPAA" \
-H "Authorization: Bearer YOUR_API_KEY"
# Response
{
"data": [
{
"id": "CSE-HIPAA-TECH-ENCRYPT-REST-001",
"domain": "HIPAA",
"category": "TECH",
"title": "Data at Rest Encryption Not Enabled",
"severity": "high"
},
...
],
"meta": {
"total": 75,
"page": 1,
"per_page": 20
}
}3. Explore the Endpoints
See the Endpoints documentation for the complete list of available operations.
Available Endpoints
| Endpoint | Description |
|---|---|
| GET /signals | List and search signals with filtering |
| GET /signals/:id | Get a specific signal by ID |
| GET /signals/:id/mappings | Get control mappings for a signal |
| GET /domains | List all compliance domains |
| GET /domains/:id | Get domain details and statistics |
| GET /search | Full-text search across signals |
| GET /stats | Registry statistics and metadata |
Response Format
All responses follow a consistent JSON structure:
Success Response
{
"data": { ... }, // Response payload (object or array)
"meta": { // Pagination and metadata
"total": 1132,
"page": 1,
"per_page": 20,
"total_pages": 57
}
}Error Response
{
"error": {
"code": "invalid_parameter",
"message": "Invalid domain: 'INVALID'. Valid domains are: CMMC, HIPAA, ...",
"details": {
"parameter": "domain",
"value": "INVALID"
}
}
}HTTP Status Codes
| Code | Meaning |
|---|---|
| 200 | Success - Request completed successfully |
| 400 | Bad Request - Invalid parameters |
| 401 | Unauthorized - Missing or invalid API key |
| 404 | Not Found - Resource does not exist |
| 429 | Rate Limited - Too many requests |
| 500 | Server Error - Something went wrong on our end |
SDK & Libraries
Official SDKs are planned for popular languages. In the meantime, the REST API works with any HTTP client:
# Python
import requests
response = requests.get(
"https://api.cseregistry.org/v1/signals",
headers={"Authorization": "Bearer YOUR_API_KEY"},
params={"domain": "HIPAA", "severity": "high"}
)
signals = response.json()["data"]
# JavaScript/TypeScript
const response = await fetch(
"https://api.cseregistry.org/v1/signals?domain=HIPAA&severity=high",
{ headers: { Authorization: "Bearer YOUR_API_KEY" } }
);
const { data: signals } = await response.json();Alternative: GitHub Raw URLs
For simple use cases or if you don't need API features like search and filtering, you can fetch data directly from GitHub:
# No authentication required
curl https://raw.githubusercontent.com/cse-registry/cse-registry/main/registry.json
# Fetch a specific signal
curl https://raw.githubusercontent.com/cse-registry/cse-registry/main/signals/HIPAA/TECH/CSE-HIPAA-TECH-ENCRYPT-REST-001/signal.jsonSee the Quick Start guide for more details on using raw GitHub URLs.