API Reference

Complete reference documentation for the Anchor Insight API.

Browse Endpoints Download OpenAPI SpecAuthenticated requests require sign-in or an API key

Authentication

All API requests require authentication. There are two methods:

Session Cookie (Dashboard)

When using the dashboard, authentication is handled automatically via secure HTTP-only cookies.

API Key (Professional/Enterprise)

For programmatic access, use an API key in the Authorization header:

curl -H "Authorization: Bearer YOUR_API_KEY" \
  https://insight.anchorcybersecurity.com/api/v1/users

Rate Limits

Category	Limit	Applies To
Standard	100 requests/minute	Most GET endpoints
Strict	5 requests/minute	POST, PUT, DELETE operations
Export	10 requests/minute	Export and report endpoints

Rate limit information is included in response headers: X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset

Endpoints

Users

Manage users in your organization

Method	Endpoint	Description
GET	/api/v1/users	List all users with pagination and filtering
POST	/api/v1/users	Create a new user
GET	/api/v1/users/{id}	Get user details
PUT	/api/v1/users/{id}	Update user
DELETE	/api/v1/users/{id}	Delete user
GET	/api/v1/users/overdue	List users with overdue training

Campaigns

Training campaign management

Method	Endpoint	Description
GET	/api/v1/campaigns	List all training campaigns
POST	/api/v1/campaigns	Create a new campaign
GET	/api/v1/campaigns/{id}	Get campaign details
PUT	/api/v1/campaigns/{id}	Update campaign
DELETE	/api/v1/campaigns/{id}	Delete campaign

Modules

Training module and content management

Method	Endpoint	Description
GET	/api/v1/modules	List all training modules
POST	/api/v1/modules	Create a new module
GET	/api/v1/modules/{id}	Get module with lessons and questions
PUT	/api/v1/modules/{id}	Update module
DELETE	/api/v1/modules/{id}	Delete module

Phishing

Phishing simulation campaigns and templates

Method	Endpoint	Description
GET	/api/v1/phishing/campaigns	List phishing campaigns
POST	/api/v1/phishing/campaigns	Create phishing campaign
GET	/api/v1/phishing/campaigns/{id}	Get campaign details
PUT	/api/v1/phishing/campaigns/{id}	Update campaign
DELETE	/api/v1/phishing/campaigns/{id}	Cancel campaign
POST	/api/v1/phishing/campaigns/{id}/send	Send campaign
POST	/api/v1/phishing/campaigns/{id}/complete	Complete campaign
GET	/api/v1/phishing/campaigns/{id}/results	Get campaign results
GET	/api/v1/phishing/campaigns/{id}/export	Export campaign results (CSV/JSON)
GET	/api/v1/phishing/templates	List phishing templates
POST	/api/v1/phishing/templates	Create custom template
GET	/api/v1/phishing/templates/{id}	Get phishing template
PUT	/api/v1/phishing/templates/{id}	Update phishing template
DELETE	/api/v1/phishing/templates/{id}	Delete phishing template
GET	/api/v1/phishing/templates/{id}/preview	Render phishing template preview
GET	/api/v1/phishing/stats	Get phishing program statistics
GET	/api/v1/phishing/simulations/{id}	Get individual phishing simulation details
GET	/api/v1/phishing/training/{token}	Get token-based training payload (public)
GET	/api/v1/phishing/training/{token}/form	Get token-based form config (public)
POST	/api/phishing/track/submit/{token}	Track form submission (public)
POST	/api/phishing/report/{token}	Report simulation (public)
GET	/api/phishing/track/click/{token}	Track click + redirect (public)
GET	/api/phishing/track/open/{token}	Tracking pixel (public)

Drills

Incident response tabletop exercises

Method	Endpoint	Description
GET	/api/v1/drills	List incident drills
POST	/api/v1/drills	Create new drill
GET	/api/v1/drills/{id}	Get drill details
POST	/api/v1/drills/{id}/start	Start a drill
POST	/api/v1/drills/{id}/inject	Send next inject
GET	/api/v1/drills/scenarios	List available scenarios

Policies

Policy acknowledgment management

Method	Endpoint	Description
GET	/api/v1/policies	List all policies
POST	/api/v1/policies	Create new policy
GET	/api/v1/policies/{id}	Get policy with acknowledgments
PUT	/api/v1/policies/{id}	Update policy
POST	/api/v1/policies/{id}/publish	Publish policy for acknowledgment
GET	/api/v1/policies/templates	List policy templates

Vendors

Vendor risk management and security questionnaires

Method	Endpoint	Description
GET	/api/v1/vendors	List all vendors
POST	/api/v1/vendors	Create new vendor
GET	/api/v1/vendors/{id}	Get vendor details with reviews
PUT	/api/v1/vendors/{id}	Update vendor
DELETE	/api/v1/vendors/{id}	Delete vendor
GET	/api/v1/vendors/questionnaires	List questionnaire templates
POST	/api/v1/vendors/questionnaires	Create custom questionnaire
POST	/api/v1/vendors/questionnaires?action=submit-response	Submit questionnaire response

Escalations

Manager notification workflows

Method	Endpoint	Description
GET	/api/v1/escalation/settings	Get escalation settings
PUT	/api/v1/escalation/settings	Update escalation settings
GET	/api/v1/escalation/history	Get escalation history
POST	/api/v1/escalation/acknowledge/{id}	Acknowledge escalation

Team

Manager team dashboard data

Method	Endpoint	Description
GET	/api/v1/team	Get direct reports with compliance status
GET	/api/v1/team/stats	Get team compliance statistics
GET	/api/v1/team/export	Export team compliance report

Export

Reports and compliance exports

Method	Endpoint	Description
GET	/api/v1/export/training-completion	Export training completion records
GET	/api/v1/export/audit-logs	Export audit trail
GET	/api/v1/export/compliance/{framework}	Generate compliance evidence pack

Leaderboard

Gamification and rankings

Method	Endpoint	Description
GET	/api/v1/leaderboard	Get organization leaderboard

Audit

Audit logging

Method	Endpoint	Description
GET	/api/v1/audit-logs	Query audit logs
POST	/api/v1/audit-logs	Create audit entry

Billing

Subscription management

Method	Endpoint	Description
GET	/api/v1/billing	Get billing status and usage
POST	/api/v1/billing/checkout	Create checkout session
POST	/api/v1/billing/portal	Create customer portal session

Method	Endpoint	Description
GET	/api/v1/gdpr/export	Export user personal data
POST	/api/v1/gdpr/delete	Request data deletion
GET	/api/v1/gdpr/delete	List deletion requests

Response Codes

Code	Description
200	Success
201	Created successfully
400	Bad request - invalid parameters
401	Unauthorized - authentication required
403	Forbidden - insufficient permissions
404	Not found - resource does not exist
429	Rate limit exceeded
500	Internal server error

Compliance Frameworks

The /api/export/compliance/{framework} endpoint supports:

SOC2

ISO27001

GDPR

CCPA

NIST

HIPAA