Authentication
All API requests require authentication using a Bearer token. Include your API key in the Authorization header.
Request Header
Authorization: Bearer acod_your_api_key_hereAPI Key Scopes
Rate Limiting
API requests are rate-limited to 100 requests per minute per API key. Rate limit headers are included in all responses:
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 95
X-RateLimit-Reset: 1702234567Error Responses
{
"error": "Unauthorized",
"message": "Invalid or expired API key"
}Jobs
Agents
Items
Unified Asset Inventory
Items represent the single source of truth for all assets. All action tables (audits, wipes, COD) link to Items for centralized lifecycle tracking.
Clients
Multi-Tenant Client Management
Clients represent your customers. Each client can have their own ServiceNow integration for CMDB sync and destruction status updates.
Integration API
External System Integration
These endpoints allow external systems like ListApp to manage clients and items programmatically. Authentication uses API keys with Bearer token format. Create API keys in Settings > Integration API Keys.
Wipe Logs
Certificates of Destruction
Compliance Documentation
Generate NIST 800-88 compliant certificates of destruction for audit trails and customer delivery.
Locations
Webhooks
Webhook Signatures
All webhook payloads are signed using HMAC SHA-256. Verify the signature using the X-IQValidate-Signature header.
X-IQValidate-Signature: t=1702234567,v1=5d41402abc4b2a76b9719d911017c592Signature format: t=timestamp,v1=hmac_signature
Telemetry
Streaming Support
Telemetry endpoints support NDJSON (Newline Delimited JSON) for high-volume streaming. Use Content-Type: application/x-ndjson for batch ingestion.
Ready to Get Started?
Create an account to get your API keys and start integrating.