Skip to main content
Reyhford uses Bearer token authentication at the API gateway (api.reyhford.com).

TAXII 2.1 (machine clients)

TAXII collection and object endpoints require an API key:
Authorization: Bearer <your-api-key>
API keys are issued from app.reyhford.com. Keys are stored as SHA-256 hashes server-side; the plaintext is shown once at creation.
Treat API keys like passwords. Rotate keys if compromised and never commit them to source control.

Scopes

EndpointAuth required
GET /taxii2/ (discovery)No
GET /taxii2/collections/API key
GET /taxii2/collections/{id}/objects/API key

Indicators REST API (application clients)

The /v1/indicators/* endpoints accept:
  1. WorkOS JWT — for dashboard and SaaS integrations (indicators:read scope)
  2. API key — for machine-to-machine access
curl -s https://api.reyhford.com/v1/indicators/{id} \
  -H "Authorization: Bearer <token>"

Rate limiting

Zuplo enforces rate limits at the gateway. TAXII polling should use incremental added_after cursors rather than full feed pulls.

Errors

StatusMeaning
401Missing or invalid token
403Valid token but insufficient scope
429Rate limit exceeded — back off and retry
See the Quickstart for a working curl example.