Developers

EarlyCore API, MCP, and webhooks.

Programmatic access to Red Team scans, Runtime findings, monitored agents, and compliance reports. REST over HTTPS, OpenAPI 3.1 spec, scoped API keys, and a free EU sandbox. MCP server for Claude Code, Cursor, and any agentic client.

Quickstart

From zero to first finding in five minutes.

Pull a sandbox key, register an agent, query the findings endpoint. Same surface as production. No credit card.

Step 1

Get a sandbox key

Sandbox keys are prefixed ec_sandbox_ and live forever on mock data. Issued from the developer portal once your partner account is provisioned.

Step 2

Register a monitored agent

POST /agents with the source (Bedrock, SageMaker, Azure OpenAI, Vertex AI, Logfire, LangChain) and the model. The agent ID flows into every other endpoint.

Step 3

Query findings or launch a scan

GET /findings for Runtime detections. POST /scans with a scan pack like owasp-llm-top-10 to launch a Red Team run. Webhook events fire when scans complete.

curl · sandbox

# 1. List monitored agents
curl https://api.sandbox.earlycore.dev/v1/agents \
  -H "Authorization: Bearer ec_sandbox_..."

# 2. Launch an OWASP LLM Top 10 scan
curl https://api.sandbox.earlycore.dev/v1/scans \
  -H "Authorization: Bearer ec_sandbox_..." \
  -H "Content-Type: application/json" \
  -d '{ "agent_id": "agent_demo_01", "scan_packs": ["owasp-llm-top-10"] }'

# 3. Pull Runtime findings since yesterday
curl "https://api.sandbox.earlycore.dev/v1/findings?since=2026-04-28T00:00:00Z" \
  -H "Authorization: Bearer ec_sandbox_..."

API surface

Six resources, predictable URLs.

REST over HTTPS, JSON bodies, cursor pagination. Every endpoint is documented in the OpenAPI 3.1 spec at /openapi.json so agentic clients can auto-discover the surface.

Scans

/v1/scans

Launch and query Red Team scans across 12 packs: OWASP LLM Top 10, OWASP API Top 10, OWASP Agentic AI, MITRE ATLAS, EU AI Act, DORA, GDPR, ISO 42001, NIST AI RMF, NIS2, RAG, MCP.

scans:readscans:write

Findings

/v1/findings

Runtime detections from monitored agents: prompt injection, data exfiltration, sensitive data disclosure, secrets leakage, plus four drift categories. Filter by P0–P3 severity or by framework.

findings:readfindings:write

Agents

/v1/agents

One AI agent under monitoring per record. Source can be Bedrock, SageMaker, Azure OpenAI, Vertex AI, Logfire, LangChain, or custom.

agents:readagents:writeagents:admin

Reports

/v1/reports

Generate auditor-ready evidence packs. Pick a framework (DORA, NIS2, EU AI Act, GDPR, ISO 42001, NIST AI RMF) and a period; the report renders as a signed PDF and JSON evidence bundle.

reports:readreports:write

Webhooks

/v1/webhooks

Subscribe to finding.created, finding.updated, scan.completed, and report.ready. Payloads are HMAC-signed. Custom channels in 24h.

webhooks:readwebhooks:write

Integrations

/v1/integrations

List configured data sources and destinations. Connect new ones from the portal. Bedrock, SageMaker, Azure OpenAI, Vertex AI, Logfire, LangChain, Slack, Teams, Jira, email.

integrations:readintegrations:write

Authentication

API keys with scoped permissions.

Every key carries a role and a list of scopes. Agentic clients should request the narrowest set they need. OAuth 2.0 with PKCE is available for partner-facing integrations and MCP clients.

RoleDefault scopesUse case
viewerscans:read, findings:read, agents:read, reports:readRead-only dashboards, agentic clients pulling findings into Claude or Cursor.
analystAll :read scopes plus scans:write, findings:write, reports:writeSOC analysts triaging findings and launching scans on demand.
adminAll scopes including agents:admin, webhooks:write, integrations:writeMSSP tenant administrators provisioning new clients and rotating webhooks.

Custom scope sets are supported. Ask the partner team for least-privilege keys when you build internal tooling, or use OAuth 2.0 with PKCE for end-user authorisation flows.

Surfaces

REST, MCP, webhooks. Pick whichever fits.

Same data, three transport options. REST for one-off integrations, MCP for agentic clients, webhooks for push delivery.

REST API

api.earlycore.dev/v1

JSON over HTTPS. OpenAPI 3.1 spec, cursor pagination, idempotent writes. SDKs for TypeScript, Python, Go on the roadmap.

OpenAPI spec

MCP server

mcp.earlycore.dev

Native to Claude Code. Natural-language queries over findings, scans, traces. Per-tenant authentication, same scope model as the REST API.

Integrations

Webhooks

HMAC-signed events

finding.created, finding.updated, scan.completed, report.ready. Delivered with at-least-once semantics, retried with exponential backoff for 24h.

Event payloads

Need an API key or a sandbox tenant?

Live keys are issued through the partner portal. Sandbox keys are free and self-serve once you've signed up. Talk to us for OAuth, custom scopes, or audit-log delivery.