GraphQL API · v1
Levo.ai API Reference
Use these APIs to retrieve your application inventory, discovered API endpoints, and security vulnerabilities programmatically — and integrate the data into your internal tools and dashboards.
🌐 Overview
All Levo.ai APIs are served through a single GraphQL endpoint:
ENDPOINT
https://api.dev.levo.ai/graphql
Every request is a POST with a JSON body containing a query and variables field.
The server returns a JSON response with a top-level data key.
🔑 Authentication & Headers
Every request must include the following HTTP headers. Obtain your Bearer token by authenticating through Descope (Levo's identity provider). The workspace, organization, and environment IDs can be found in your Levo.ai account settings.
| Header | Required | Description | Example Value |
|---|---|---|---|
Authorization |
Required | Bearer token issued by Descope after login | Bearer <YOUR_BEARER_TOKEN> |
x-auth-provider |
Required | Authentication provider identifier | DESCOPE |
x-levo-organization-id |
Required | UUID of your Levo organization | <YOUR_ORG_ID> |
x-levo-workspace-id |
Required | UUID of your workspace within the organization | <YOUR_WORKSPACE_ID> |
x-levo-environment-id |
Required | UUID of the target environment (e.g., staging, production) | <YOUR_ENVIRONMENT_ID> |
Content-Type |
Required | Must always be application/json |
application/json |
Where to find your IDs: Log into the Levo.ai dashboard → go to
Settings → Organization to find your Org ID, Workspace ID, and Environment IDs.
Your Bearer token is obtained by authenticating via the Descope SDK or by copying it from
an active browser session (Network tab → any GraphQL request →
Authorization header).
📄 Pagination
All list APIs use offset-based pagination via page and pageSize variables.
| Parameter | Type | Description |
|---|---|---|
page |
Int | 0-indexed page number. First page = 0. |
pageSize |
Int | Number of items to return per page. Recommended: 50–100. |
Each response includes a meta object:
| Field | Type | Description |
|---|---|---|
currentPage | Int | The current 0-indexed page returned |
pageSize | Int | Items per page as requested |
totalPages | Int | Total number of pages available |
totalItems | Int | Total number of items matching the filter |
To retrieve all items, iterate from page=0 until currentPage >= totalPages - 1.
🔍 Filtering
All list APIs accept a filter object inside meta (or input.meta).
Filters are composed of one or more filterConditions.
Filter Condition Structure
| Field | Type | Description |
|---|---|---|
fieldName |
String | The field to filter on. See each API section for available field names. |
comparisonOperator |
String | In · Eq · Within · NotEq · Contains |
filterValue.values |
String[] | Array of string values to match. Used with In, Eq, Within. |
filterValue.dateLiteral |
Object | Used for date range filters. See structure below. |
fieldType |
String | Optional. Set to StringFieldType for explicit string comparison. |
Date Literal Structure
Use dateLiteral for relative date range filters (e.g., "last 3 months"):
| Field | Type | Description |
|---|---|---|
literalType | String | LAST — go back N units from now |
value | Int | The number of time units (e.g., 3) |
timeUnit |
String | Days · Weeks · Months · Years |
Example — filter for items modified in the last 30 days:
JSON
{
"fieldName": "modifiedDate",
"comparisonOperator": "Within",
"filterValue": {
"dateLiteral": {
"literalType": "LAST",
"value": 30,
"timeUnit": "Days"
}
}
}
📦 API 1 — List Applications
Retrieve a paginated list of all API applications (services) discovered or registered in your workspace. Includes metadata such as endpoint counts, PII exposure indicators, and tags.
GetApplicationsLite
GraphQL operation: aiLevoEntityServiceV1EntityServiceGetApplicationsLite
Variables
| Variable | Type | Required | Description |
|---|---|---|---|
meta.page |
Int | Required | 0-indexed page number |
meta.pageSize |
Int | Required | Number of applications per page |
meta.filter.filterConditions |
Array | Optional | List of filter conditions. See Filtering. |
meta.sort.sortPairs |
Array | Optional | List of sort fields. Each object has sortField (String) and sortDirection (Asc | Desc). |
Available Filter Fields
| fieldName | Description | Example Values |
|---|---|---|
environment.name | Filter by environment name | staging, production |
tags.name | Filter by application tag | critical, pci |
Available Sort Fields
| sortField | Description |
|---|---|
featured | Pinned/featured applications first |
schemaModifiedDate | Date the API schema was last modified |
endpointsCount | Total number of endpoints |
createdAt | Application creation date |
Response Fields — applications[]
| Field | Type | Description |
|---|---|---|
appId | String | Unique identifier for the application |
appName | String | Internal name of the application |
displayName | String | Human-readable display name |
autoDiscovered | Boolean | true if discovered automatically via traffic analysis |
external | Boolean | true if this is an external/third-party API |
thirdParty | Boolean | true if owned by a third party |
removable | Boolean | Whether this application can be deleted |
endpointsCount | Int | Total number of endpoints in this application |
sensitiveEndpointsCount | Int | Number of endpoints that handle sensitive/PII data |
unauthenticatedEndpointsCount | Int | Number of endpoints with no authentication |
unauthenticatedSensitiveEndpointsCount | Int | Number of unauthenticated endpoints that also handle sensitive data |
createdAtMillis | Long | Creation timestamp (Unix milliseconds) |
lastModifiedAtMillis | Long | Last modification timestamp (Unix milliseconds) |
schemaModifiedAtMillis | Long | When the API schema was last updated (Unix milliseconds) |
lastTraceReceivedAtMillis | Long | When the most recent API trace was received (Unix milliseconds) |
featured | Boolean | Whether this application is pinned/featured |
newlyAdded | Boolean | true if recently discovered |
apiPortalEnabled | Boolean | Whether this app is published in the API portal |
tags[] |
Object[] |
Tags attached to this application.id · name · color · scope
|
Example Request
cURL
curl 'https://api.dev.levo.ai/graphql' \ -H 'Authorization: Bearer <YOUR_BEARER_TOKEN>' \ -H 'Content-Type: application/json' \ -H 'x-auth-provider: DESCOPE' \ -H 'x-levo-organization-id: <YOUR_ORG_ID>' \ -H 'x-levo-workspace-id: <YOUR_WORKSPACE_ID>' \ -H 'x-levo-environment-id: <YOUR_ENVIRONMENT_ID>' \ --data-raw '{ "query": "query GetApplicationsLite($meta: AiLevoEntityServiceV1GetAllRequestMetadataInput) { aiLevoEntityServiceV1EntityServiceGetApplicationsLite(input: {meta: $meta}) { applications { appId appName displayName autoDiscovered endpointsCount sensitiveEndpointsCount unauthenticatedEndpointsCount unauthenticatedSensitiveEndpointsCount external thirdParty removable lastModifiedAtMillis lastTraceReceivedAtMillis schemaModifiedAtMillis createdAtMillis featured newlyAdded apiPortalEnabled tags { id name color scope } } meta { currentPage pageSize totalPages totalItems } } }", "variables": { "meta": { "page": 0, "pageSize": 50, "filter": { "filterConditions": [ { "fieldName": "environment.name", "comparisonOperator": "In", "filterValue": { "values": ["staging"] } } ] }, "sort": { "sortPairs": [ { "sortField": "featured", "sortDirection": "Desc" }, { "sortField": "schemaModifiedDate", "sortDirection": "Desc" } ] } } } }'
Example Response
JSON
{
"data": {
"aiLevoEntityServiceV1EntityServiceGetApplicationsLite": {
"applications": [
{
"appId": "a1b2c3d4-...",
"appName": "payments-service",
"displayName": "Payments Service",
"autoDiscovered": true,
"endpointsCount": 42,
"sensitiveEndpointsCount": 12,
"unauthenticatedEndpointsCount": 3,
"unauthenticatedSensitiveEndpointsCount": 1,
"external": false,
"featured": true,
"createdAtMillis": 1700000000000,
"lastModifiedAtMillis": 1776200000000,
"tags": [{ "id": "t1", "name": "critical", "color": "#FF0000", "scope": "APP" }]
}
],
"meta": {
"currentPage": 0,
"pageSize": 50,
"totalPages": 3,
"totalItems": 120
}
}
}
}
🔗 API 2 — List Endpoints
Retrieve a paginated list of all API endpoints across your applications. Includes path, HTTP method, authentication status, PII data types, and tagging.
GetAllApiEndpoints
GraphQL operation: aiLevoEntityServiceV1ApiCatalogServiceGetAllApiEndpoints
Variables
| Variable | Type | Required | Description |
|---|---|---|---|
meta.page |
Int | Required | 0-indexed page number |
meta.pageSize |
Int | Required | Number of endpoints per page |
meta.filter.filterConditions |
Array | Optional | List of filter conditions. See Filtering. |
meta.sort.sortPairs |
Array | Optional | Sort by sortField and sortDirection (Asc | Desc) |
Available Filter Fields
| fieldName | Description | Example Values |
|---|---|---|
apiSchema.application.environment.name | Filter by environment name | staging, production |
apiSchema.application.appId | Filter by application ID | a1b2c3d4-... |
authnEnabled | Filter by authentication status | true, false |
tags.name | Filter by tag | pci, sensitive |
Available Sort Fields
| sortField | Description |
|---|---|
schemaModifiedDate | Date the endpoint schema was last modified |
createdAt | When the endpoint was first discovered |
Response Fields — endpoints[]
| Field | Type | Description |
|---|---|---|
endpointId | String | Unique identifier for the endpoint |
appId | String | ID of the parent application |
appDisplayName | String | Display name of the parent application |
method | String | HTTP method: GET, POST, PUT, DELETE, PATCH, etc. |
path | String | URL path of the endpoint, e.g. /api/v1/users/{id} |
apiType | String | Protocol type: REST, GraphQL, gRPC |
authnEnabled | Boolean | true if this endpoint requires authentication |
runnable | Boolean | true if the endpoint can be executed from Levo test plans |
generic | Boolean | true if this is a generic/wildcard endpoint pattern |
external | Boolean | true if the endpoint is externally accessible |
newlyAdded | Boolean | true if recently discovered |
sourceTypes | String[] | How this endpoint was discovered: e.g. TRACE, SCHEMA |
createdAtMillis | Long | Creation timestamp (Unix milliseconds) |
lastModifiedAtMillis | Long | Last modification timestamp (Unix milliseconds) |
lastTraceReceivedAtMillis | Long | Last time a live trace was received (Unix milliseconds) |
piiData[] |
Object[] |
PII data types detected on this endpoint.type · name · piiType · confidenceLevel · falsePositive
|
tags[] |
Object[] | Tags attached to this endpoint: id · name · color · scope |
Example Request
cURL
curl 'https://api.dev.levo.ai/graphql' \ -H 'Authorization: Bearer <YOUR_BEARER_TOKEN>' \ -H 'Content-Type: application/json' \ -H 'x-auth-provider: DESCOPE' \ -H 'x-levo-organization-id: <YOUR_ORG_ID>' \ -H 'x-levo-workspace-id: <YOUR_WORKSPACE_ID>' \ -H 'x-levo-environment-id: <YOUR_ENVIRONMENT_ID>' \ --data-raw '{ "query": "query GetAllApiEndpoints($meta: AiLevoEntityServiceV1GetAllRequestMetadataInput!) { aiLevoEntityServiceV1ApiCatalogServiceGetAllApiEndpoints(input: {meta: $meta}) { endpoints { endpointId appId method path apiType appDisplayName authnEnabled runnable generic external newlyAdded sourceTypes createdAtMillis lastModifiedAtMillis lastTraceReceivedAtMillis piiData { type name piiType confidenceLevel falsePositive } tags { id name color scope } } meta { currentPage pageSize totalPages totalItems } } }", "variables": { "meta": { "page": 0, "pageSize": 50, "filter": { "filterConditions": [ { "fieldName": "apiSchema.application.environment.name", "comparisonOperator": "In", "filterValue": { "values": ["staging"] } } ] }, "sort": { "sortPairs": [ { "sortField": "schemaModifiedDate", "sortDirection": "Desc" } ] } } } }'
Example Response
JSON
{
"data": {
"aiLevoEntityServiceV1ApiCatalogServiceGetAllApiEndpoints": {
"endpoints": [
{
"endpointId": "e1f2g3h4-...",
"appId": "a1b2c3d4-...",
"appDisplayName": "Payments Service",
"method": "POST",
"path": "/api/v1/payments",
"apiType": "REST",
"authnEnabled": true,
"runnable": true,
"generic": false,
"external": false,
"newlyAdded": false,
"sourceTypes": ["TRACE", "SCHEMA"],
"createdAtMillis": 1700000000000,
"lastModifiedAtMillis": 1776200000000,
"piiData": [
{
"type": "CREDIT_CARD",
"name": "card_number",
"piiType": "FINANCIAL",
"confidenceLevel": "HIGH",
"falsePositive": false
}
],
"tags": []
}
],
"meta": {
"currentPage": 0,
"pageSize": 50,
"totalPages": 10,
"totalItems": 492
}
}
}
}
🛡️ API 3 — List Vulnerabilities
Retrieve a paginated list of security vulnerabilities detected across your API endpoints. Supports filtering by status, severity, date range, and environment.
GetVulnerabilities
GraphQL operation: aiLevoRiskscoringServiceV1RiskScoringServiceGetVulnerabilities
Variables
| Variable | Type | Required | Description |
|---|---|---|---|
input.meta.page |
Int | Required | 0-indexed page number |
input.meta.pageSize |
Int | Required | Number of vulnerabilities per page |
input.meta.filter.filterConditions |
Array | Optional | List of filter conditions. See Filtering. |
Available Filter Fields
| fieldName | Operator | Description & Example Values |
|---|---|---|
env_id |
Eq |
Filter by environment UUID. Use your <YOUR_ENVIRONMENT_ID>. |
status |
Within |
Filter by resolution status. Values: UNRESOLVED · RESOLVED · ACCEPTED
|
modifiedDate |
Within |
Filter by date range using a dateLiteral. E.g., last 3 months. |
severity |
In |
Values: CRITICAL · HIGH · MEDIUM · LOW · INFO |
appId |
Eq |
Filter to vulnerabilities on a specific application |
Response Fields — vulnerabilities[]
| Field | Type | Description |
|---|---|---|
id | String | Unique vulnerability identifier |
name | String | Short name / title of the vulnerability |
message | String | Detailed description of the vulnerability |
category | String | Vulnerability category (e.g., OWASP-API1, AuthZ) |
level | String | Risk level classification |
severity | String | CRITICAL · HIGH · MEDIUM · LOW · INFO |
status | String | UNRESOLVED · RESOLVED · ACCEPTED |
appId | String | Application ID where the vulnerability was found |
appName | String | Application name |
displayName | String | Application display name |
endpointId | String | ID of the affected endpoint |
endpointPath | String | URL path of the affected endpoint |
endpointMethod | String | HTTP method of the affected endpoint |
endpointUrl | String | Full URL of the affected endpoint |
transaction | String | Request/response transaction snapshot associated with the finding |
firstSeen | String | ISO 8601 timestamp when the vulnerability was first detected |
lastSeen | String | ISO 8601 timestamp when the vulnerability was last observed |
count | Int | Number of times this vulnerability has been observed |
assignedTo | String | User assigned to remediate this vulnerability (if any) |
ticketUrl | String | URL of linked issue tracker ticket (e.g. Jira), if created |
generic | Boolean | true if this is a generic/template finding |
authenticationOptional | Boolean | true if authentication was not required when this was found |
tags[] |
Object[] | Tags: id · name · color · scope |
testCaseMetadata |
Object |
If found via a test plan run:runId · suiteRunId · testCaseRunId
|
Example Request
cURL
curl 'https://api.dev.levo.ai/graphql' \ -H 'Authorization: Bearer <YOUR_BEARER_TOKEN>' \ -H 'Content-Type: application/json' \ -H 'x-auth-provider: DESCOPE' \ -H 'x-levo-organization-id: <YOUR_ORG_ID>' \ -H 'x-levo-workspace-id: <YOUR_WORKSPACE_ID>' \ -H 'x-levo-environment-id: <YOUR_ENVIRONMENT_ID>' \ --data-raw '{ "query": "query GetVulnerabilities($input: AiLevoRiskscoringServiceV1GetVulnerabilitiesRequestInput) { aiLevoRiskscoringServiceV1RiskScoringServiceGetVulnerabilities(input: $input) { vulnerabilities { id name message level transaction category severity appId appName displayName endpointId endpointPath endpointMethod endpointUrl status firstSeen lastSeen count ticketUrl assignedTo generic authenticationOptional tags { id name color scope } testCaseMetadata { runId suiteRunId testCaseRunId } } meta { currentPage pageSize totalPages totalItems } } }", "variables": { "input": { "meta": { "page": 0, "pageSize": 50, "filter": { "filterConditions": [ { "fieldName": "env_id", "comparisonOperator": "Eq", "fieldType": "StringFieldType", "filterValue": { "values": ["<YOUR_ENVIRONMENT_ID>"] } }, { "fieldName": "status", "comparisonOperator": "Within", "filterValue": { "values": ["UNRESOLVED"] } }, { "fieldName": "modifiedDate", "comparisonOperator": "Within", "filterValue": { "dateLiteral": { "literalType": "LAST", "value": 3, "timeUnit": "Months" } } } ] } } } } }'
Example Response
JSON
{
"data": {
"aiLevoRiskscoringServiceV1RiskScoringServiceGetVulnerabilities": {
"vulnerabilities": [
{
"id": "v1w2x3y4-...",
"name": "Broken Object Level Authorization",
"message": "Endpoint exposes data without verifying object ownership",
"category": "OWASP-API1",
"severity": "HIGH",
"status": "UNRESOLVED",
"appId": "a1b2c3d4-...",
"appName": "payments-service",
"endpointMethod": "GET",
"endpointPath": "/api/v1/payments/{id}",
"firstSeen": "2025-01-15T10:30:00Z",
"lastSeen": "2025-04-14T08:12:00Z",
"count": 47,
"assignedTo": "alice@example.com",
"ticketUrl": "https://jira.example.com/browse/SEC-123",
"authenticationOptional": false,
"tags": [],
"testCaseMetadata": null
}
],
"meta": {
"currentPage": 0,
"pageSize": 50,
"totalPages": 2,
"totalItems": 87
}
}
}
}
Levo.ai API Reference · Generated April 2026 · For support, contact support@levo.ai