Products & Releases API
Create, list, update, and delete products and releases via the API.
Manage your software product registry and release versions programmatically.
Products
List products
GET /api/products?page=1&perPage=25
Scope: products:read
Query parameters:
| Parameter | Type | Default | Description |
|---|---|---|---|
page | integer | 1 | Page number |
perPage | integer | 25 | Items per page (max 100) |
search | string | - | Search by name or slug |
Example:
curl -H "Authorization: Bearer cvk_YOUR_KEY" \ "https://cis.cveium.com/api/products?search=my-app"
Create a product
POST /api/products
Scope: products:write
Request body:
| Field | Type | Required | Description |
|---|---|---|---|
name | string | Yes | Product name (max 255 chars) |
slug | string | Yes | URL-safe identifier (lowercase, hyphens only) |
description | string | No | Product description (max 5000 chars) |
vendor | string | No | Vendor name (max 255 chars) |
websiteUrl | string | No | Product website URL |
repositoryUrl | string | No | Source code repository URL |
Example:
curl -X POST \
-H "Authorization: Bearer cvk_YOUR_KEY" \
-H "Content-Type: application/json" \
-d '{"name": "My App", "slug": "my-app", "vendor": "Acme Corp"}' \
https://cis.cveium.com/api/products
Returns 201 with { data: { id, name, slug, ... } }.
Get a product
GET /api/products/{productId}
Scope: products:read
Update a product
PUT /api/products/{productId}
Scope: products:write
All fields are optional — only include fields you want to change.
Delete a product
DELETE /api/products/{productId}
Scope: products:write
Deleting a product cascades to all its releases, SBOMs, vulnerabilities, dispositions, and VEX documents. Returns 204 (No Content).
Releases
List releases for a product
GET /api/products/{productId}/releases?page=1&perPage=25
Scope: releases:read
Create a release
POST /api/products/{productId}/releases
Scope: releases:write
Request body:
| Field | Type | Required | Description |
|---|---|---|---|
version | string | Yes | Version string (e.g. "1.0.0", max 100 chars) |
name | string | No | Release name (max 255 chars) |
releaseDate | string | No | Release date (ISO 8601) |
endOfLifeDate | string | No | End-of-life date (ISO 8601) |
notes | string | No | Release notes (max 10,000 chars) |
status | string | No | active (default), deprecated, or end-of-life |
Example:
curl -X POST \
-H "Authorization: Bearer cvk_YOUR_KEY" \
-H "Content-Type: application/json" \
-d '{"version": "2.1.0", "status": "active"}' \
https://cis.cveium.com/api/products/{productId}/releases
Get a release
GET /api/releases/{releaseId}
Scope: releases:read
The response includes is_locked indicating whether the release chain is locked due to a VEX document in the approval/published state.
Update a release
PUT /api/releases/{releaseId}
Scope: releases:write
Returns 409 if the release is locked (a VEX document is in the submitted, approved, or published state).