Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.cantina.xyz/llms.txt

Use this file to discover all available pages before exploring further.

Cantina exposes a REST API that lets client organizations integrate Cantina data and workflows into their own tools. Use it to list repositories, retrieve findings, generate reports, manage company users, and react to events as they happen. The endpoints available to clients are documented in the Client API Reference.

Authentication

All API requests are authenticated with an API key issued through the API keys settings. The same key is used whether you’re driving the API from Zapier or from your own scripts and services.

Generating an API key

  1. Sign in as a Company Manager and navigate to Settings → API keys.
  2. Click Generate New API Key.
  3. Set an expiration date (required).
  4. Store the key in a secret manager — it is shown only once.
For the full step-by-step including connecting Zaps and mapping repository IDs, see the Cantina + Zapier Integration guide.

Using the key

Pass the key as a bearer token on every request: 
curl https://cantina.xyz/api/v0/companies \
  -H "Authorization: Bearer YOUR_API_KEY"

Permissions

API keys inherit the permissions of the Company Manager who generated them. An endpoint that requires manage_users, manage_github, or other scoped permissions will return 403 if the issuing user does not hold those permissions on the target company.

Use with Claude or OpenAI

The client API surface is published as an OpenAPI 3.1 specification you can hand directly to an AI assistant. The fastest way to get an assistant up to speed is to use the Copy Page as Markdown button at the top of this page — it copies the full page (endpoint URL, auth instructions, and a pointer to the OpenAPI spec) into your clipboard so you can paste it straight into Claude or ChatGPT. If you’d rather have the assistant fetch the docs itself: Example prompt:
Fetch https://docs.cantina.xyz/for-organizations/getting-started/api-access for auth and endpoint details, then use the linked OpenAPI spec to list the findings in repository <repo_id>. Authenticate with Authorization: Bearer <my key>.
The spec only includes the endpoints documented in the Client API Reference.

Rate limits and stability

The API surface documented under Client API Reference is the supported public surface for client organizations. Endpoints outside that section may change without notice.