Skip to main content
Panguard AI provides three independent API services. Each service runs on its own port and handles a distinct domain of functionality.

API Services

Auth Server API

Port 3000 — User registration, login, sessions, TOTP two-factor, GDPR compliance, and subscription management.

Manager API

Port 8443 — Agent registration, heartbeats, threat event ingestion, policy management, SSE streaming, and fleet dashboard.

Threat Cloud API

Configurable port — IoC management, threat feeds, campaign tracking, MITRE heatmaps, geographic queries, and audit logs.

Base URLs

ServiceDefault Base URLTLS
Auth Serverhttps://auth.panguard.ai or http://localhost:3000Optional (recommended)
Managerhttps://localhost:8443Self-signed by default
Threat Cloudhttps://tc.panguard.ai or http://localhost:PORTOptional

Authentication

All authenticated endpoints require a Bearer token in the Authorization header. 
curl -X GET https://localhost:8443/api/agents \
  -H "Authorization: Bearer YOUR_API_TOKEN" \
  -H "Content-Type: application/json"
The Manager API uses a shared static token configured via the MANAGER_AUTH_TOKEN environment variable. The Auth Server API issues JWT tokens on login.

Common Response Format

Every API endpoint returns a consistent JSON envelope: 
{
  "ok": true,
  "data": {
    "id": "agent-001",
    "hostname": "web-server-1"
  }
}

Rate Limiting

All API services enforce rate limiting to protect against abuse.
ServiceDefault LimitScope
Auth Server20 req/minPer IP
Manager API60 req/minPer IP
Threat CloudVaries by endpointPer API key
When rate-limited, the API returns a 429 status code with a Retry-After header indicating when to retry.

Error Codes

Status CodeMeaningDescription
200OKRequest succeeded
201CreatedResource created successfully
400Bad RequestInvalid request body or missing required fields
401UnauthorizedMissing or invalid authentication token
403ForbiddenValid token but insufficient permissions or tier
404Not FoundRequested resource does not exist
429Too Many RequestsRate limit exceeded, check Retry-After header
500Internal Server ErrorUnexpected server error, retry with backoff

Content Type

All request and response bodies use application/json unless otherwise noted. Feed endpoints may return text/plain for blocklist formats.

Pagination

Endpoints that return collections support pagination via query parameters:
page
number
default:"1"
Page number (1-indexed).
limit
number
default:"50"
Number of items per page. Maximum 200.
Paginated responses include metadata: 
{
  "ok": true,
  "data": [...],
  "pagination": {
    "total": 342,
    "page": 1,
    "limit": 50,
    "pages": 7
  }
}

Next Steps

Auth API

Register users and manage authentication.

Manager API

Manage your agent fleet and policies.

Threat Cloud API

Query and submit threat intelligence.

Configuration

Configure API ports, tokens, and settings.