Partner API Reference

Last updated: April 24, 2026

Partner API Reference

The ANTIV Partner REST API provides programmatic access to manage clients, devices, scans, reports, and statistics. The API is available on Business and Enterprise plans.

Authentication

All API requests must include a Bearer token in the Authorization header. API tokens are generated from your partner dashboard under Settings > API.

Tokens are stored as SHA-256 hashes in the database for security. Keep your token in a secure location — it cannot be retrieved after creation. If lost, revoke the old token and generate a new one.

Authorization: Bearer your-api-token-here

Base URL

https://your-antiv-instance.com/api/partner/v1

Rate Limits

API requests are rate-limited to 60 requests per minute per partner account. If you exceed the limit, you will receive a 429 Too Many Requests response. The response headers include:

X-RateLimit-Limit — Maximum requests per minute (60)
X-RateLimit-Remaining — Remaining requests in the current window
Retry-After — Seconds until the rate limit resets (only on 429 responses)

Endpoints

Method	Path	Description
`GET`	`/clients`	List all clients under your partner account
`GET`	`/clients/{id}/devices`	List all devices for a specific client
`GET`	`/stats`	Get aggregate statistics (total clients, devices, threats, protection score)
`POST`	`/scans`	Start a bulk scan operation for a client or all clients
`GET`	`/scans/{id}`	Get the status and results of a scan operation
`POST`	`/reports`	Generate a client-facing security report
`GET`	`/reports/{id}`	Retrieve a generated report by ID

Example: List Clients

Request:

GET /api/partner/v1/clients
Authorization: Bearer your-api-token-here
Accept: application/json

Response (200 OK):

{
    "data": [
        {
            "id": 1,
            "company_name": "Acme Corp",
            "contact_email": "admin@acme.com",
            "device_count": 15,
            "protection_score": 94,
            "created_at": "2025-01-15T10:30:00Z"
        },
        {
            "id": 2,
            "company_name": "Globex Inc",
            "contact_email": "it@globex.com",
            "device_count": 8,
            "protection_score": 87,
            "created_at": "2025-02-20T14:00:00Z"
        }
    ],
    "meta": {
        "total": 2,
        "per_page": 25,
        "current_page": 1
    }
}

Example: Start Bulk Scan

Request:

POST /api/partner/v1/scans
Authorization: Bearer your-api-token-here
Content-Type: application/json

{
    "client_id": 1,
    "scan_type": "full"
}

Response (202 Accepted):

{
    "data": {
        "id": 42,
        "status": "queued",
        "scan_type": "full",
        "client_id": 1,
        "device_count": 15,
        "created_at": "2025-03-01T09:00:00Z"
    }
}

Error Responses

All errors follow a consistent format:

{
    "error": {
        "code": 422,
        "message": "The client_id field is required."
    }
}