Reyhford uses Bearer token authentication at the API gateway (api.reyhford.com).
TAXII 2.1 (machine clients)
TAXII collection and object endpoints require an API key:
Authorization: Bearer <your-api-key>
API keys are issued from app.reyhford.com. Keys are stored as SHA-256 hashes server-side; the plaintext is shown once at creation.
Treat API keys like passwords. Rotate keys if compromised and never commit them to source control.
Scopes
| Endpoint | Auth required |
|---|
GET /taxii2/ (discovery) | No |
GET /taxii2/collections/ | API key |
GET /taxii2/collections/{id}/objects/ | API key |
Indicators REST API (application clients)
The /v1/indicators/* endpoints accept:
- WorkOS JWT — for dashboard and SaaS integrations (
indicators:read scope)
- API key — for machine-to-machine access
curl -s https://api.reyhford.com/v1/indicators/{id} \
-H "Authorization: Bearer <token>"
Rate limiting
Zuplo enforces rate limits at the gateway. TAXII polling should use incremental added_after cursors rather than full feed pulls.
Errors
| Status | Meaning |
|---|
401 | Missing or invalid token |
403 | Valid token but insufficient scope |
429 | Rate limit exceeded — back off and retry |
See the Quickstart for a working curl example.