Sysdig REST API Conventions

Because public exposure of the Sysdig REST API is still in beta and is not fully documented, most developers use the Python client and the Python script library to automate/integrate basic functions into their Sysdig implementation. However, the REST API may be necessary or useful when experienced developers:

  • Don’t want to use Python, for whatever reason

  • Need more customization than the scripts and library functions of the Python client permit

In these cases, you may work with a Sysdig support engineer, and use the introductory material in this guide to get started.


  • Familiarity with the RESTful programming language of your choice (cURL, Javascript, Wget, etc.)

  • Have your Sysdig API token on hand. See Retrieve the Sysdig API Token for details.


Access | Send | Receive

API access is over HTTPS and accessed from:

Data is sent and received using JSON format.


The Sysdig API token must be passed to the HTTPS server via the Authorization header with the format:

Authorization: Bearer [token]


The request should set the HTTP header:

Accept: application/json

Every response is returned with the HTTP header

Content-Type: application/json;charset=UTF-8

To reduce the size of the request and (primarily) the response, you can set the header to compress HTTP body and response:

Accept-Encoding:gzip, deflate, sdch

Conventions used to Handle Resources

The REST API allows you to do two things:

  1. Handle resources

  2. Execute operations

A resource can be a piece of configuration, a user, a dashboard, an alert, and so on.

List Resources

The URL uses the plural name for the resource, e.g:

GET /api/alerts
     "alerts": [ ... ]

Create Resources

The URL uses the plural name and the request envelop uses the singular name, e.g.:

POST /api/alerts
    "alert": { ... }

Get One Resource

The URL uses the plural name, and the response envelop uses the singular name, e.g.:

GET /api/alerts/123

     "alert": { ... }