Sentinel Secure X

Readable deployment docs on the live domain.

Installation, operator guidance, endpoint service setup, and platform references in one browsable library.

Open Docs Home Agent Downloads Dashboard

Operator API Workflows

Route-level reference for common admin, device, recovery, rollout, and integration tasks.

Operator Guides View Markdown

Operator API Workflows

This guide maps common operator tasks to the API routes already exposed by Sentinel Secure X.

Admin auth and session control

  • POST /api/admin/login signs in with username and password.
  • POST /api/admin/passkeys/authenticate/options and POST /api/admin/passkeys/authenticate/verify complete passkey sign-in.
  • GET /api/admin/me returns the current admin account, roles, and permissions.
  • GET /api/admin/sessions lists active sessions for the current admin account.
  • POST /api/admin/logout revokes the current session immediately.
  • POST /api/admin/sessions/<session_id>/revoke revokes another active session before JWT expiry.

Device enrollment, identity, and certificate control

  • GET /api/devices lists known devices and their current trust posture.
  • Device enrollment starts from POST /api/heartbeat on the agent side.
  • POST /api/devices/<device_id>/identity-review approves or rejects pending device enrollment or certificate rotation.
  • POST /api/devices/<device_id>/certificate/revoke revokes the currently bound device certificate.
  • GET /api/devices/<device_id>/trust-assertion?audience=<name> issues an admin-scoped signed device trust assertion for an allowed audience.

Commands and protected reviews

  • POST /api/command queues a remote device command.
  • POST /api/commands/<command_id>/review records approval or rejection for a protected command review.
  • Protected commands stay pending until the configured approval threshold is satisfied.

Workload clients and trust distribution

  • GET /api/integrations/trust-feed returns the current machine-readable device trust snapshot for workload clients.
  • GET /api/integrations/events returns recent audit events for workload clients with the right permission set.
  • GET /api/integrations/device-assertions/<device_id> issues a workload-scoped signed device trust assertion.
  • GET /api/integrations/workload-assertions/status reports whether Sentinel is currently ready to issue and verify workload assertions.
  • GET /api/integrations/workload-assertions lists recent workload assertions.
  • POST /api/integrations/workload-assertions/<client_id> issues a short-lived workload assertion for a configured client.
  • POST /api/integrations/workload-assertions/<assertion_id>/revoke revokes an issued workload assertion before expiry.

Integrations and delivery operations

  • GET /api/integrations/webhooks lists configured delivery connectors and summary status.
  • POST /api/integrations/webhooks creates a generic HTTPS webhook connector.
  • POST /api/integrations/splunk-hec creates a Splunk HEC connector.
  • POST /api/integrations/slack-webhooks creates a Slack webhook connector.
  • POST /api/integrations/pagerduty-events creates a PagerDuty Events connector.
  • POST /api/integrations/nac-connectors creates a NAC decision connector.
  • POST /api/integrations/idp-connectors creates an IdP/conditional-access connector.
  • POST /api/integrations/recovery-runners creates a recovery runner connector.
  • POST /api/integrations/audit-sinks creates an append-only audit replication connector.
  • POST /api/integrations/microsoft-sentinel creates a Microsoft Sentinel / Azure Monitor delivery connector.
  • POST /api/integrations/entra-group-sync creates a Microsoft Entra group-sync connector.
  • GET /api/integrations/deliveries lists queued and recent delivery attempts.
  • POST /api/integrations/webhooks/flush drains the current delivery queue on demand.
  • POST /api/integrations/webhooks/<webhook_id>/status forces a connector status refresh.

Incident policy template workflows

  • GET /api/integrations/incident-policy-templates lists built-in and custom incident-routing templates.
  • POST /api/integrations/incident-policy-templates creates a custom template.
  • PATCH /api/integrations/incident-policy-templates/<template_id> updates a custom template.
  • GET /api/integrations/incident-policy-templates/bundle-status shows bundle signing and verification readiness.
  • GET /api/integrations/incident-policy-templates/export exports a signed template bundle.
  • POST /api/integrations/incident-policy-templates/import previews or applies a signed bundle import.
  • GET /api/integrations/incident-policy-templates/import-requests lists reviewed import requests.
  • POST /api/integrations/incident-policy-templates/import-requests submits a reviewed import request.
  • POST /api/integrations/incident-policy-templates/import-requests/<request_id>/review approves or rejects a reviewed import.
  • POST /api/integrations/incident-policy-templates/import-requests/<request_id>/refresh refreshes a drifted review request.
  • POST /api/integrations/incident-policy-templates/import-requests/<request_id>/cancel cancels a pending request.
  • GET /api/integrations/incident-policy-templates/import-requests/<request_id>/receipt exports the signed promotion receipt for an applied request.

Recovery workflows

  • GET /api/recovery/status returns the current recovery posture summary.
  • GET /api/recovery/backups and POST /api/recovery/backups list or record signed backup manifests.
  • GET /api/recovery/drills and POST /api/recovery/drills list or record restore-drill results.
  • GET /api/recovery/environments lists recently observed recovery environments.
  • GET /api/recovery/jobs lists queued and completed recovery jobs.
  • POST /api/recovery/jobs queues a backup or restore-drill execution request.
  • POST /api/recovery/jobs/<job_id>/review approves or rejects a protected recovery request.
  • POST /api/recovery/jobs/<job_id>/result lets a recovery runner submit the execution result.

Update campaign workflows

  • GET /api/update-campaigns lists recent update campaigns.
  • POST /api/update-campaigns creates a new signed rollout campaign.
  • POST /api/update-campaigns/<campaign_id>/review records approval or rejection for a pending campaign.
  • POST /api/update-campaigns/<campaign_id>/pause pauses rollout progression.
  • POST /api/update-campaigns/<campaign_id>/resume resumes a paused rollout.
  • POST /api/update-campaigns/<campaign_id>/dispatch advances the active rollout ring by dispatching eligible work.
  • GET /api/update-campaigns/<campaign_id>/signals lists active and historical rollout-governance signals.
  • POST /api/update-campaigns/<campaign_id>/signals records a direct external rollout signal.
  • POST /api/update-campaigns/<campaign_id>/signals/<signal_id>/clear clears a previously recorded signal.
  • POST /api/integrations/rollout-signals and POST /api/integrations/rollout-signals/<provider> accept provider-normalized rollout signals from workload clients.

Service and job visibility

  • GET /api/admin/services lists background services known to Sentinel.
  • GET /api/admin/services/status returns service heartbeat and health summaries.
  • GET /api/admin/scheduled-jobs lists registered scheduled jobs plus runtime metadata.
  • GET /api/admin/scheduled-jobs/<job_name>/history returns recent execution history for a job.
  • POST /api/admin/scheduled-jobs/<job_name>/suppress suppresses a scheduled job temporarily.
  • POST /api/admin/scheduled-jobs/<job_name>/resume lifts a suppression.
  • POST /api/admin/scheduled-jobs/<job_name>/run triggers a manual run when policy allows it.

The dashboard remains the easiest operator path for day-to-day usage, but these endpoints give you a stable control-plane map for scripting and runbooks.

On this page
Admin auth and session controlDevice enrollment, identity, and certificate controlCommands and protected reviewsWorkload clients and trust distributionIntegrations and delivery operationsIncident policy template workflowsRecovery workflowsUpdate campaign workflowsService and job visibility