API Overview

What is the Imara API?

The Imara Public API lets you interact with your compliance data programmatically. You can automate evidence uploads, query control statuses, trigger assessments, and integrate Imara into your own internal tools or CI/CD pipelines — all without opening the dashboard.

Who needs the API?

The API is designed for teams that want to go beyond the dashboard:

• Developers automating evidence collection from custom or internal tools
• DevOps and Security engineers embedding compliance checks into deployment pipelines
• IT teams synchronizing Imara data with existing SIEM, ticketing, or ITSM systems
• Analysts building custom compliance reports by pulling data on demand
  
  

How it works

The Imara API uses OAuth 2.0 Client Credentials — also called Machine-to-Machine (M2M) authentication. Instead of logging in with a username and password, your application authenticates with a Client ID and Client Secret, which are provided when you create an API key inside the platform.

The flow is:

1. Create an API key in Settings → API Keys
2. Use the Client ID and Secret to request an access token
3. Include the token in the Authorization: Bearer header of every API request
4. Tokens expire after one hour — simply request a new one using the same credentials
   
   

Plan availability

API access is available on the Starter plan and above. The Free plan does not include API access. The number of API keys you can hold at the same time depends on your plan — Professional allows up to 5 keys and Enterprise allows up to 20. See the API Keys article for details.

Next steps

• Create your first API key → see API Keys
• Learn how to authenticate → see API Authentication
• Explore what you can do → see Available API Resources