Introduction to the FOSSA API

Generate an API key and make your first request to the FOSSA REST API.

1 min readUpdated Jul 9, 2026

Overview

The FOSSA API is a RESTful API for programmatic access to your FOSSA data. This guide walks you from generating an API key to making your first authenticated request.

Note

All API requests are made over HTTPS to https://app.fossa.com/api.

Making your first request

  1. 1

    Generate an API key

    In the FOSSA dashboard, go to Account Settings → Integrations → API and create a new token. See Authentication for the difference between Push-Only and Full tokens; most API calls require a Full token.

  2. 2

    Authenticate your request

    Pass your token in the Authorization header, prefixed with Bearer:

    Authorization: Bearer YOUR_API_KEY
  3. 3

    Call an endpoint

    Send a GET request to /api/v2/projects to list the projects in your organization.

Common requests

Listing all projects

Shell
curl --request GET \  --url 'https://app.fossa.com/api/v2/projects' \  --header 'Authorization: Bearer YOUR_API_KEY'

Use page and count to paginate, and title to filter by name.

Listing the revisions of a project

Once you have a project locator, retrieve its revisions:

Shell
curl --request GET \  --url 'https://app.fossa.com/api/revisions?projectId=<project-locator>' \  --header 'Authorization: Bearer YOUR_API_KEY'

Note

Project and revision locators contain characters such as +, /, and $ that must be URL-encoded when used in a path or query string (for example, custom+1234/example becomes custom%2B1234%2Fexample).

Next steps

© 2026 FOSSA, Inc.support@fossa.com