Sysdig REST API Conventions

Because public exposure of the Sysdig REST API is still in beta and is not fully documented, most developers use the Sysdig SDK and Sysdig Platform CLI to automate and integrate basic functions into their Sysdig implementation. However, the REST API may be necessary or useful when experienced developers:

  • Do not want to use Python.

  • Require customization than what scripts and library functions of the Python client permit.

In these cases, you may work with a Sysdig support engineer, and use the introductory material in this guide to get started.


  • Familiarity with the RESTful programming language of your choice.

    For example, cURL, Javascript, Wget

  • Sysdig API token.


Access | Send | Receive

API access is over HTTPS and accessed from:

Data is sent and received in JSON format.


Pass the Sysdig API token to the HTTPS server via the Authorization header with the format:

Authorization: Bearer [token]


The request should set the HTTP header:

Accept: application/json

Every response is returned with the HTTP header

Content-Type: application/json;charset=UTF-8

To reduce the size of the request and (primarily) the response, you can set the header to compress the HTTP body and response:

Accept-Encoding:gzip, deflate, sdch

Conventions to Handle Resources

The REST API allows you to do two things:

  • Handle resources

  • Execute operations

A resource can be a piece of configuration, a user, a dashboard, an alert, and so on.

List Resources

The URL uses the plural name for the resource. For example:

GET /api/alerts
     "alerts": [ ... ]

Create Resources

The URL uses the plural name and the request envelop uses the singular name. For example:

POST /api/alerts
    "alert": { ... }

Get One Resource

The URL uses the plural name, and the response envelop uses the singular name. For example:

GET /api/alerts/123

     "alert": { ... }