Developers
EarlyCore API, MCP, and webhooks.
Programmatic access to Red Team scans, Runtime findings, monitored agents, and compliance reports. REST over HTTPS, OpenAPI 3.1 spec, scoped API keys, and a free EU sandbox. MCP server for Claude Code, Cursor, and any agentic client.
Quickstart
From zero to first finding in five minutes.
Pull a sandbox key, register an agent, query the findings endpoint. Same surface as production. No credit card.
Get a sandbox key
Sandbox keys are prefixed ec_sandbox_ and live forever on mock data. Issued from the developer portal once your partner account is provisioned.
Register a monitored agent
POST /agents with the source (Bedrock, SageMaker, Azure OpenAI, Vertex AI, Logfire, LangChain) and the model. The agent ID flows into every other endpoint.
Query findings or launch a scan
GET /findings for Runtime detections. POST /scans with a scan pack like owasp-llm-top-10 to launch a Red Team run. Webhook events fire when scans complete.
curl · sandbox
# 1. List monitored agents
curl https://api.sandbox.earlycore.dev/v1/agents \
-H "Authorization: Bearer ec_sandbox_..."
# 2. Launch an OWASP LLM Top 10 scan
curl https://api.sandbox.earlycore.dev/v1/scans \
-H "Authorization: Bearer ec_sandbox_..." \
-H "Content-Type: application/json" \
-d '{ "agent_id": "agent_demo_01", "scan_packs": ["owasp-llm-top-10"] }'
# 3. Pull Runtime findings since yesterday
curl "https://api.sandbox.earlycore.dev/v1/findings?since=2026-04-28T00:00:00Z" \
-H "Authorization: Bearer ec_sandbox_..."API surface
Six resources, predictable URLs.
REST over HTTPS, JSON bodies, cursor pagination. Every endpoint is documented in the OpenAPI 3.1 spec at /openapi.json so agentic clients can auto-discover the surface.
Scans
/v1/scansLaunch and query Red Team scans across 12 packs: OWASP LLM Top 10, OWASP API Top 10, OWASP Agentic AI, MITRE ATLAS, EU AI Act, DORA, GDPR, ISO 42001, NIST AI RMF, NIS2, RAG, MCP.
Findings
/v1/findingsRuntime detections from monitored agents: prompt injection, data exfiltration, sensitive data disclosure, secrets leakage, plus four drift categories. Filter by P0–P3 severity or by framework.
Agents
/v1/agentsOne AI agent under monitoring per record. Source can be Bedrock, SageMaker, Azure OpenAI, Vertex AI, Logfire, LangChain, or custom.
Reports
/v1/reportsGenerate auditor-ready evidence packs. Pick a framework (DORA, NIS2, EU AI Act, GDPR, ISO 42001, NIST AI RMF) and a period; the report renders as a signed PDF and JSON evidence bundle.
Webhooks
/v1/webhooksSubscribe to finding.created, finding.updated, scan.completed, and report.ready. Payloads are HMAC-signed. Custom channels in 24h.
Integrations
/v1/integrationsList configured data sources and destinations. Connect new ones from the portal. Bedrock, SageMaker, Azure OpenAI, Vertex AI, Logfire, LangChain, Slack, Teams, Jira, email.
Authentication
API keys with scoped permissions.
Every key carries a role and a list of scopes. Agentic clients should request the narrowest set they need. OAuth 2.0 with PKCE is available for partner-facing integrations and MCP clients.
| Role | Default scopes | Use case |
|---|---|---|
| viewer | scans:read, findings:read, agents:read, reports:read | Read-only dashboards, agentic clients pulling findings into Claude or Cursor. |
| analyst | All :read scopes plus scans:write, findings:write, reports:write | SOC analysts triaging findings and launching scans on demand. |
| admin | All scopes including agents:admin, webhooks:write, integrations:write | MSSP tenant administrators provisioning new clients and rotating webhooks. |
Custom scope sets are supported. Ask the partner team for least-privilege keys when you build internal tooling, or use OAuth 2.0 with PKCE for end-user authorisation flows.
Surfaces
REST, MCP, webhooks. Pick whichever fits.
Same data, three transport options. REST for one-off integrations, MCP for agentic clients, webhooks for push delivery.
REST API
api.earlycore.dev/v1JSON over HTTPS. OpenAPI 3.1 spec, cursor pagination, idempotent writes. SDKs for TypeScript, Python, Go on the roadmap.
OpenAPI spec →MCP server
mcp.earlycore.devNative to Claude Code. Natural-language queries over findings, scans, traces. Per-tenant authentication, same scope model as the REST API.
Integrations →Webhooks
HMAC-signed eventsfinding.created, finding.updated, scan.completed, report.ready. Delivered with at-least-once semantics, retried with exponential backoff for 24h.
Event payloads →Spec and references
Everything you need at a predictable URL.
- OpenAPI 3.1 spec (JSON)Machine-readable surface for agents and codegen tools.
- OpenAPI 3.1 spec (YAML)Same spec, YAML form for humans and IDE plugins.
- GitHub: EarlyCore-AISDKs, sample integrations, scan-pack reference.
- llms.txtSite map for LLM crawlers, including the developer surface.
- Sample compliance reportWhat an auditor sees when a Reports endpoint render finishes.
- Data processing agreementGDPR Article 28 and DORA Article 30(2) ready DPA template.
Need an API key or a sandbox tenant?
Live keys are issued through the partner portal. Sandbox keys are free and self-serve once you've signed up. Talk to us for OAuth, custom scopes, or audit-log delivery.