BigID

BigID Data Posture API

Fetch and remediate Data Security Posture Management (DSPM) findings via BigID's actionable insights API. List open cases, bulk-update them, and resolve individual cases with audit reasons.

BigID Data Posture API is one of 7 APIs that BigID publishes on the APIs.io network, described by a machine-readable OpenAPI specification.

This API exposes 1 machine-runnable capability that can be deployed as REST, MCP, or Agent Skill surfaces via Naftiko and 1 JSON Schema definition.

Tagged areas include DSPM, Actionable Insights, and Security. The published artifact set on APIs.io includes API documentation, an OpenAPI specification, sample payloads, 1 Naftiko capability spec, and 1 JSON Schema.

GitHub OpenAPI

Documentation

📖
Documentation
https://developer.bigid.com/api/data-posture-api-tutorial/

Specifications

OpenAPI
https://raw.githubusercontent.com/api-evangelist/bigid/refs/heads/main/openapi/bigid-data-posture-api-openapi.yml

Examples

📝
Example
https://raw.githubusercontent.com/api-evangelist/bigid/refs/heads/main/examples/bigid-list-posture-cases-example.json

Schemas & Data

📊
JSONSchema
https://raw.githubusercontent.com/api-evangelist/bigid/refs/heads/main/json-schema/bigid-case-schema.json

Other Resources

🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/bigid/refs/heads/main/capabilities/data-posture-cases.yaml

OpenAPI Specification

bigid-data-posture-api-openapi.yml Raw ↑ 
openapi: 3.0.3
info:
  title: BigID Data Posture API
  description: >-
    Fetch and remediate Data Security Posture Management (DSPM) findings via
    BigID's actionable insights API. List open security cases, update status in
    bulk, and resolve individual cases with audit reasons.
  version: '1.0'
  contact:
    name: BigID Support
    url: https://developer.bigid.com/
    email: [email protected]
  license:
    name: BigID Terms of Service
    url: https://bigid.com/terms/
servers:
  - url: https://{deployment}.bigid.com/api/v1
    description: Customer-hosted BigID deployment.
    variables:
      deployment:
        default: tenant
tags:
  - name: Actionable Insights
    description: DSPM cases and remediation.
paths:
  /actionable-insights/all-cases:
    get:
      tags:
        - Actionable Insights
      operationId: listActionableInsightsCases
      summary: List Actionable Insights Cases
      description: >-
        Fetch all existing security issues. Limit the selection with query
        parameters that filter by severity, status, asset type, or policy.
      security:
        - BearerAuth: []
      parameters:
        - name: filter
          in: query
          schema:
            type: string
        - name: limit
          in: query
          schema:
            type: integer
        - name: skip
          in: query
          schema:
            type: integer
      responses:
        '200':
          description: Cases retrieved.
          content:
            application/json:
              schema:
                type: object
                properties:
                  data:
                    type: object
                    properties:
                      cases:
                        type: array
                        items:
                          $ref: '#/components/schemas/Case'
  /actionable-insights/cases:{actionType}:
    patch:
      tags:
        - Actionable Insights
      operationId: bulkUpdateActionableInsightsCases
      summary: Bulk Update Actionable Insights Cases
      description: Mark issues as resolved or update field values in bulk based on a filter expression.
      security:
        - BearerAuth: []
      parameters:
        - name: actionType
          in: path
          required: true
          schema:
            type: string
            enum:
              - resolve
              - update
              - acknowledge
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              properties:
                filter:
                  type: string
                update:
                  type: object
      responses:
        '200':
          description: Update accepted.
  /actionable-insights/case-status/{caseId}:
    patch:
      tags:
        - Actionable Insights
      operationId: updateActionableInsightsCaseStatus
      summary: Update Actionable Insights Case Status
      description: Update the status of a specific case (e.g. resolved) with an audit reason.
      security:
        - BearerAuth: []
      parameters:
        - name: caseId
          in: path
          required: true
          schema:
            type: string
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              properties:
                status:
                  type: string
                  enum:
                    - open
                    - resolved
                    - silenced
                    - acknowledged
                auditReason:
                  type: string
      responses:
        '200':
          description: Case status updated.
components:
  securitySchemes:
    BearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT
  schemas:
    Case:
      type: object
      properties:
        caseId:
          type: string
        caseStatus:
          type: string
          enum:
            - open
            - resolved
            - silenced
            - acknowledged
        severityLevel:
          type: string
          enum:
            - critical
            - high
            - medium
            - low
        policyName:
          type: string
        dataSourceName:
          type: string
        created_at:
          type: string
          format: date-time
        updated_at:
          type: string
          format: date-time
        auditReason:
          type: string