SOCVault Wireframe — API Explorer & Pass & Keys

US-186US-187US-188 US-189US-190US-191 US-192US-193 US-201US-202US-203 US-204US-205US-206 US-207US-208

API Explorer & Pass & Keys

Test platform APIs · Encrypted secrets vault · Threat intel feed registry · FR-194–207 · FR-216–229 · Catalogue in docs/20_FREE_EXTERNAL_APIS.md

🧪 API Explorer

🛡️ Threat Intel Feeds

🔐 All vault values are masked. Reveal / copy requires Super Admin PIN or password (step-up). Unlock session expires after 5 min idle.

API Catalogue FR-194

00 — Health

GET /health

01 — Auth

POST /auth/signup

POST /auth/verify-otp

POST /auth/refresh

GET /auth/me

02 — Scan

POST /scan/execute

GET /scan/{scan_id}

GET /scan/history

03 — Dashboard

GET /dashboard/summary

04 — Admin

GET /admin/telemetry

GET /admin/explorer/catalog

POST /admin/explorer/test

GET /admin/ti/feeds

POST /admin/ti/feeds/{id}/test

Request Builder US-187, FR-195

POST /auth/verify-otp

Body

Headers

Auth

Variables

Use {{variable}} syntax — values resolved from Pass & Keys vault for active environment.

{
  "email": "{{email}}",
  "otp": "123456"
}

Auto-save tokens from response

Test Result — Success US-188, FR-197

✓ SUCCESS HTTP 200 OK 142 ms

try/catch: completed without exception · correlation_id: req_8f2a1c

{
  "access_token": "eyJhbG…",
  "refresh_token": "eyJhbG…",
  "tenant_id": "T-0A3F1B2C",
  "expires_in": 3600
}

💾 Auto-saved access_token, refresh_token, tenant_id → Pass & Keys (staging env)

Test Result — Failure (example) US-188, FR-198

✗ FAILURE HTTP 401 Unauthorized 38 ms

error_type: HTTP_ERROR · message: Invalid or expired access token

{
  "error": "unauthorized",
  "message": "Invalid or expired access token",
  "request_id": "req_9b3d2e"
}

catch: Authorization header missing Bearer token — inject {{access_token}} from vault?

Recent Test History

200 POST /auth/verify-otp · 142ms · 2 min ago

401 GET /auth/me · 38ms · 5 min ago

200 GET /health · 12ms · 8 min ago

🔑 Pass & Keys US-189–US-193, FR-199–FR-204

Vault locked 🔒 PIN required to reveal

Variables

Secrets

Audit

Environment: staging · 8 keys

access_token •••••••••••• auto

refresh_token •••••••••••• auto

tenant_id T-0A3F1B2C auto

anthropic_api_key ••••••••••••

mongodb_uri ••••••••••••

ti_abuseipdb_staging •••••••••••• TI

ti_otx_staging •••••••••••• TI

scan_id •••••••••••• auto

Non-secret IDs (tenant_id, scan_id) may show unmasked. All tokens, passwords, and API keys always require step-up to reveal.

📋 Feed catalogue, layer mapping, and correlation rules: docs/20_FREE_EXTERNAL_APIS.md (authoritative). This UI reads/writes runtime config only.

Threat Intel Feed Registry US-201 · FR-216 · GET /admin/ti/feeds

ID	Provider	Layers	Vault key	Quota 24h	Status
EXT-007	AbuseIPDB	L1L7L8	`ti_abuseipdb_staging`	842 / 1,000	ok
EXT-008	AlienVault OTX	L7L8	`ti_otx_staging`	156 / ∞	ok
EXT-011	Have I Been Pwned	L1L5	`ti_hibp_staging`	12 / 500	ok
EXT-017	URLhaus	L1L2L8	no key	89 / ∞	ok
EXT-012	VirusTotal	L1L8	`ti_virustotal_staging`	412 / 500	quota 82%
EXT-013	NIST NVD	L2L9	no key	—	disabled

Full registry (32 feeds): see docs/20_FREE_EXTERNAL_APIS.md §5 — do not duplicate provider list in UI code; seed from catalogue JSON at deploy.

Test result US-203 · POST /admin/ti/feeds/{id}/test

SUCCESS AbuseIPDB · 142ms

Sample IOC: 203.0.113.5 · abuseConfidenceScore: 100

{
  "success": true,
  "latency_ms": 142,
  "message": "API key valid"
}

Correlation preview US-207 · FR-225

Pattern: credential_breach_plus_auth_alert
Cluster: HIBP (L1) + Wazuh brute-force (L7) · same tenant
Report impact: enrichment_summary → Claude financial narrative

Cross-tenant early warning (FR-228): 5+ tenants hit same IOC → Metrics Observatory alert