Public API
Authenticate to Elba’s read-only REST API and choose the correct regional endpoint.
The Elba Public REST API provides read-only access to organization security data for reporting and integrations.
Regional base URLs
Use the endpoint for the region where your Elba workspace is hosted:
EU: https://api.eu.elba.security/v1
US: https://api.us.elba.security/v1Do not send an EU workspace API key to the US endpoint or a US workspace key to the EU endpoint.
Create an API key
- In the Elba admin workspace, open Settings → General.
- Find API Keys and create a key with a descriptive name.
- Copy the generated value and store it in an approved secrets manager.
- Delete keys that are no longer used.
Treat an API key like a password. Never commit it, paste it into customer-facing logs, or expose it in browser code.
Authenticate a request
Send the key as a Bearer token:
curl --request GET \
--header "Authorization: Bearer $ELBA_API_KEY" \
"https://api.eu.elba.security/v1/users?limit=100&offset=0"Replace the hostname with the US endpoint when your workspace is hosted in the US.
Available resources
The current API includes read-only endpoints for:
- users and leaderboard metrics;
- training completion;
- phishing simulation results;
- data-protection issues;
- third-party application accounts, inventory, and issues.
Most list endpoints accept limit and offset. Use pagination and request only the data you need.
Common errors
| Status | What to check |
|---|---|
401 Unauthorized | The Bearer header, API key value, key status, and regional endpoint. |
404 Not Found | The /v1 prefix, resource path, and selected region. |
429 Too Many Requests | Reduce request frequency, honor retry information, and add backoff. |
For the complete schema and response shapes, use the OpenAPI reference supplied with your Elba workspace or contact Elba support.