Getting Started

This page will help you get started with Bridgecrew API.

Our API has predictable resource-oriented URLs, accepts form-encoded request bodies, returns JSON-encoded responses, and uses standard HTTP response codes, authentication, and verbs.

All API requests must be made over HTTPS. Calls made over plain HTTP will redirect to HTTPS. API requests without authentication may also fail.


You'll need a Bridgecrew account. If you don't have one already, signup at


Bridgecrerew uses API tokens to authorise access to the API.

We expect these to be sent via the authorization header, for example:

authorization: API_TOKEN

You can retrieve an API token for your account via the
'Integrations > API Token' menu of the Bridgecrew platform, demonstrated below.


Rate Limits

Bridgecrew enforces rate limits to ensure our APIs are responsive for all users. The first rate limit is tied to an individual IP address, the second is tied to an individual API key. Most of the time these rate limits overlap but can differ when you take into account failed authorisation attempts.

Please consider 429 "Limit Exceeded" response codes when working with the Bridgecrew API's, we recommend implementing exponential backoff of errors as part of any third party API client integration.

If your team believes a higher rate limit is needed, please reach out to our sales team.


Bridgecrew uses conventional HTTP response codes to indicate the success or failure of an API request. In general: Codes in the 2xx range indicate success. Codes in the 4xx range indicate an error that failed given the information provided (e.g., a required parameter was omitted, etc.). Codes in the 5xx range indicate an error with Bridgecrew servers.