Integrations

Public API

Authenticate to Elba’s read-only REST API and choose the correct regional endpoint.

Reviewed Jul 12, 2026 · Engineering

The Elba Public REST API provides read-only access to organization security data for reporting and integrations.

Regional base URLs

Use the endpoint for the region where your Elba workspace is hosted:

EU: https://api.eu.elba.security/v1
US: https://api.us.elba.security/v1

Do not send an EU workspace API key to the US endpoint or a US workspace key to the EU endpoint.

Create an API key

  1. In the Elba admin workspace, open Settings → General.
  2. Find API Keys and create a key with a descriptive name.
  3. Copy the generated value and store it in an approved secrets manager.
  4. Delete keys that are no longer used.

Treat an API key like a password. Never commit it, paste it into customer-facing logs, or expose it in browser code.

Authenticate a request

Send the key as a Bearer token:

curl --request GET \
  --header "Authorization: Bearer $ELBA_API_KEY" \
  "https://api.eu.elba.security/v1/users?limit=100&offset=0"

Replace the hostname with the US endpoint when your workspace is hosted in the US.

Available resources

The current API includes read-only endpoints for:

  • users and leaderboard metrics;
  • training completion;
  • phishing simulation results;
  • data-protection issues;
  • third-party application accounts, inventory, and issues.

Most list endpoints accept limit and offset. Use pagination and request only the data you need.

Common errors

StatusWhat to check
401 UnauthorizedThe Bearer header, API key value, key status, and regional endpoint.
404 Not FoundThe /v1 prefix, resource path, and selected region.
429 Too Many RequestsReduce request frequency, honor retry information, and add backoff.

For the complete schema and response shapes, use the OpenAPI reference supplied with your Elba workspace or contact Elba support.

On this page