Xplorr API Reference
Xplorr API Reference
Section titled “Xplorr API Reference”The Xplorr API is a REST API served over HTTPS. All endpoints require authentication unless noted otherwise. Base URL: https://api.xplorr.io/api/v1.
Authentication
Section titled “Authentication”All requests must include a Bearer token in the Authorization header:
curl -H "Authorization: Bearer xplorr_your_token" \ https://api.xplorr.io/api/v1/costs/summaryGet your API token from Settings → API in the console.
Auth endpoints
Section titled “Auth endpoints”| Method | Path | Description |
|---|---|---|
POST | /auth/login | Log in with email + password. Returns access token + refresh token. |
POST | /auth/register | Create a new account. |
POST | /auth/refresh | Exchange a refresh token for a new access token. |
POST | /auth/logout | Revoke the current refresh token. |
POST | /auth/forgot-password | Send a password reset email. |
POST | /auth/reset-password | Reset password using a token from the reset email. |
POST | /auth/verify-2fa | Verify a TOTP code during login. |
POST | /auth/webauthn/register | Start WebAuthn registration flow. |
POST | /auth/webauthn/authenticate | Authenticate with a registered passkey. |
| Method | Path | Auth | Description |
|---|---|---|---|
GET | /costs/summary | Yes | Total spend for a date range, grouped by period (daily/monthly). |
GET | /costs/by-service | Yes | Spend broken down by cloud service. |
GET | /costs/by-account | Yes | Spend broken down by cloud account. |
GET | /costs/by-region | Yes | Spend broken down by region. |
GET | /costs/by-tag | Yes | Spend grouped by a specified tag key. |
GET | /costs/daily | Yes | Daily cost time series for a date range. |
GET | /costs/trend | Yes | Month-over-month trend with percentage change. |
Common query parameters: start_date, end_date, account_id, provider, service, tag_key, tag_value.
Inventory
Section titled “Inventory”| Method | Path | Auth | Description |
|---|---|---|---|
GET | /inventory | Yes | List all discovered cloud resources with metadata. |
GET | /inventory/:id | Yes | Get details for a specific resource. |
GET | /inventory/summary | Yes | Resource counts by type, region, and account. |
Query parameters: provider, account_id, resource_type, region, tag_key, tag_value, page, per_page.
Recommendations
Section titled “Recommendations”| Method | Path | Auth | Description |
|---|---|---|---|
GET | /recommendations | Yes | List all recommendations with filtering. |
GET | /recommendations/:id | Yes | Get full details for a recommendation including remediation scripts. |
PATCH | /recommendations/:id | Yes | Update status (open, in_progress, applied, archived) or snooze. |
GET | /recommendations/summary | Yes | Counts and total estimated savings by type and status. |
Query parameters: status, type, account_id, min_savings, sort_by, page, per_page.
Anomalies / Alerts
Section titled “Anomalies / Alerts”| Method | Path | Auth | Description |
|---|---|---|---|
GET | /anomalies | Yes | List detected anomalies. |
GET | /anomalies/:id | Yes | Get anomaly details including AI explanation. |
PATCH | /anomalies/:id | Yes | Update status (open, acknowledged, resolved). |
GET | /alert-rules | Yes | List custom alert rules. |
POST | /alert-rules | Yes | Create a custom alert rule. |
PATCH | /alert-rules/:id | Yes | Update an alert rule. |
DELETE | /alert-rules/:id | Yes | Delete an alert rule. |
Budgets
Section titled “Budgets”| Method | Path | Auth | Description |
|---|---|---|---|
GET | /budgets | Yes | List all budgets. |
POST | /budgets | Yes | Create a new budget. |
GET | /budgets/:id | Yes | Get budget details with current spend and forecast. |
PATCH | /budgets/:id | Yes | Update a budget. |
DELETE | /budgets/:id | Yes | Delete a budget. |
Reports
Section titled “Reports”| Method | Path | Auth | Description |
|---|---|---|---|
POST | /reports | Yes | Generate a report. Returns a download URL. |
GET | /reports | Yes | List previously generated reports. |
GET | /reports/:id/download | Yes | Download a generated report file. |
GET | /reports/schedules | Yes | List scheduled reports. |
POST | /reports/schedules | Yes | Create a scheduled report. |
PATCH | /reports/schedules/:id | Yes | Update a scheduled report. |
DELETE | /reports/schedules/:id | Yes | Delete a scheduled report. |
Forecasting
Section titled “Forecasting”| Method | Path | Auth | Description |
|---|---|---|---|
GET | /forecast | Yes | Get the 60-day cost forecast with confidence intervals. |
GET | /forecast/accuracy | Yes | Historical forecast accuracy for the past 6 months. |
Query parameters: account_id, service, model (linear or seasonal).
Tagging
Section titled “Tagging”| Method | Path | Auth | Description |
|---|---|---|---|
GET | /tags | Yes | List all tag keys and their value counts. |
GET | /tags/violations | Yes | List resources violating tagging policies. |
GET | /tag-policies | Yes | List tagging policies. |
POST | /tag-policies | Yes | Create a tagging policy. |
PATCH | /tag-policies/:id | Yes | Update a tagging policy. |
DELETE | /tag-policies/:id | Yes | Delete a tagging policy. |
Cloud Accounts
Section titled “Cloud Accounts”| Method | Path | Auth | Description |
|---|---|---|---|
GET | /accounts | Yes | List connected cloud accounts with sync status. |
POST | /accounts | Yes | Connect a new cloud account. |
GET | /accounts/:id | Yes | Get account details and last sync timestamp. |
PATCH | /accounts/:id | Yes | Update account credentials or settings. |
DELETE | /accounts/:id | Yes | Disconnect a cloud account. |
POST | /accounts/:id/sync | Yes | Trigger a manual sync. |
Organization & Users
Section titled “Organization & Users”| Method | Path | Auth | Description |
|---|---|---|---|
GET | /org | Yes | Get organization details. |
PATCH | /org | Yes | Update organization settings (name, 2FA enforcement). |
GET | /org/members | Yes | List all organization members. |
POST | /org/invite | Yes | Invite a user to the organization. |
PATCH | /org/members/:id | Yes | Update a member’s role or account access. |
DELETE | /org/members/:id | Yes | Remove a member from the organization. |
GET | /audit-logs | Yes | List audit log entries (Admin+ only). |
Savings & Coverage
Section titled “Savings & Coverage”| Method | Path | Auth | Description |
|---|---|---|---|
GET | /coverage | Yes | Current RI/SP/Spot/On-demand spend breakdown. |
GET | /coverage/daily | Yes | Daily coverage breakdown for the past 90 days. |
GET | /coverage/gaps | Yes | Coverage gap analysis with savings estimates. |
GET | /coverage/planner | Yes | Commitment planner recommendations. |
Notifications
Section titled “Notifications”| Method | Path | Auth | Description |
|---|---|---|---|
GET | /notifications/preferences | Yes | Get current user’s notification preferences. |
PATCH | /notifications/preferences | Yes | Update notification preferences. |
POST | /notifications/slack/webhook | Yes | Configure Slack webhook URL. |
POST | /notifications/slack/test | Yes | Send a test message to Slack. |
Error format
Section titled “Error format”All errors follow a consistent format:
{ "error": { "code": "BUDGET_NOT_FOUND", "message": "Budget with ID 'abc123' not found.", "status": 404 }}Common error codes: UNAUTHORIZED (401), FORBIDDEN (403), NOT_FOUND (404), RATE_LIMITED (429), INTERNAL_ERROR (500).
Pagination
Section titled “Pagination”List endpoints support cursor-based pagination:
GET /api/v1/recommendations?page=2&per_page=25Response includes pagination metadata:
{ "data": [...], "pagination": { "page": 2, "per_page": 25, "total": 142, "total_pages": 6 }}Full OpenAPI spec
Section titled “Full OpenAPI spec”The complete OpenAPI 3.0 specification is available at:
https://api.xplorr.io/api/v1/docsYou can import it into Postman, Insomnia, or any OpenAPI-compatible tool.