Developer Hub

Build on Fronterio

REST API, MCP Server, webhooks, and deployment connectors — everything you need to integrate Fronterio into your infrastructure.

REST API endpoints

MCP tools

Deployment connectors

Integration Options

REST API

Read-only access to assessments, agents, compliance, metrics, tasks, and team data. Available on all plans.

MCP Server

Connect CI/CD pipelines and agent orchestrators to Fronterio's governance API via the Model Context Protocol. Enterprise only.

Webhooks

Receive real-time event notifications when customers sign up, assessments complete, or agents are registered.

Shadow Detector API

Endpoints for the Shadow AI detection scripts to report findings, fetch signature databases, and manage installations.

REST API Reference

Authentifizierung

Alle API-Anfragen erfordern einen gültigen API-Schlüssel.

Fügen Sie Ihren API-Schlüssel in den Authorization-Header jeder Anfrage ein:

Authorization: Bearer fronterio_your_api_key_here

Generieren Sie API-Schlüssel unter Einstellungen > API-Schlüssel in Ihrem Dashboard.

Basis-URL: https://fronterio.com

Endpunkte

GET

/api/v1/assessments

Alle Assessments mit Bewertungen, Dimensionsaufschlüsselungen und Reifegraden auflisten.

Beispielantwort

{
  "data": [
    {
      "id": "uuid",
      "title": "AI Readiness Assessment",
      "status": "completed",
      "score": 72,
      "dimension_scores": { "strategy": 80, "technology": 65, ... },
      "maturity_level": "defined",
      "scored_at": "2026-03-15T10:00:00Z"
    }
  ],
  "total": 1
}

GET

/api/v1/agents

Alle registrierten KI-Agenten mit Status und EU AI Act Risikoklassifizierung auflisten.

Beispielantwort

{
  "data": [
    {
      "id": "uuid",
      "name": "Customer Support Bot",
      "vendor": "OpenAI",
      "status": "active",
      "autonomy_level": "collaborator",
      "eu_risk_classification": "limited",
      "conformity_status": "completed"
    }
  ],
  "total": 1
}

GET

/api/v1/metrics/adoption

Adoptionskennzahlen und KI-Tool-Nutzungsübersicht abrufen.

Beispielantwort

{
  "data": {
    "metrics": [...],
    "tool_usage_summary": {
      "total_tracked_users": 150,
      "active_users": 98,
      "adoption_rate": 65
    }
  }
}

GET

/api/v1/metrics/business

Geschäftskennzahlen mit Ausgangs- und aktuellen Werten abrufen.

Beispielantwort

{
  "data": [
    {
      "id": "uuid",
      "metric_name": "Support tickets resolved",
      "category": "support",
      "unit": "count",
      "baseline_value": 100,
      "current_value": 145,
      "entry_count": 12
    }
  ],
  "total": 1
}

GET

/api/v1/compliance

Gesamte Compliance-Bewertung einschließlich Risikoklassifizierung, Pflichten und Schulungsverfolgung abrufen.

Beispielantwort

{
  "data": {
    "overall_compliance_score": 78,
    "risk_classification": {
      "high": 2, "limited": 5, "minimal": 8
    },
    "deployer_obligations": {
      "total": 8, "completed": 5, "in_progress": 2
    },
    "ai_literacy": { "total": 50, "completed": 35 }
  }
}

GET

/api/v1/tasks

Aufgaben mit optionalen Status- und Prioritätsfiltern auflisten. Unterstützt Paginierung über limit und offset.

Beispielantwort

{
  "data": [
    {
      "id": "uuid",
      "title": "Review AI governance policy",
      "status": "todo",
      "priority": "high",
      "due_date": "2026-04-01",
      "source": "assessment"
    }
  ],
  "total": 15,
  "limit": 50,
  "offset": 0
}

GET

/api/v1/team

Teammitglieder mit Rollen und Abteilungen auflisten. E-Mail-Adressen werden nicht angezeigt.

Beispielantwort

{
  "data": [
    {
      "id": "uuid",
      "name": "Jane Doe",
      "org_role": "admin",
      "function_role": "technology",
      "department": "Engineering"
    }
  ],
  "total": 10
}

Rate-Limit: 100 Anfragen pro Minute pro API-Schlüssel. Alle Antworten sind JSON.

MCP Server

Enterprise plan required

The MCP Server exposes Fronterio's governance data over Server-Sent Events using the Model Context Protocol. External systems can pull agent configs, run compliance checks, and push telemetry — all through a single SSE connection.

SSE Endpoint

GET https://fronterio.com/api/mcp/sse
Authorization: Bearer fronterio_your_api_key_here

API Key Scopes

read:agentsList and read approved agent configurations

read:governanceRead governance policies and compliance obligations

write:telemetryReport deployment status, agent activity, and incidents

fullUnrestricted access to all tools and resources

Tools

9 tools

list_approved_agents — List all approved/active agents
get_agent_config — Get full agent config with guardrails
get_governance_policy — Get governance policies by type
get_agent_guardrails — Get guardrails in Copilot Studio format
check_deployment_compliance — Pre-deploy compliance gate
validate_action — Real-time action validation against guardrails
report_deployment_status — Report deploy status changes
report_agent_activity — Report runtime activity and errors
report_incident — Report AI incidents with severity

Subscribable Resources

7 subscribable URIs

fronterio://agents/approved
fronterio://agents/{id}/config
fronterio://agents/{id}/guardrails
fronterio://governance/policies
fronterio://compliance/obligations
fronterio://compliance/risk-classifications
fronterio://deployments/active

Rate limits: 100 tool calls/min, 1,000 telemetry events/min per API key.

Webhooks

Fronterio dispatches webhook events to your configured endpoints when key actions occur. Events are signed with HMAC-SHA256 for verification. Configure webhooks from Partner Admin > Integrations.

Event Types

customer_signup — A new organisation signed up via your referral link
assessment_completed — An assessment was scored with results
agent_registered — A new agent was registered in the system
consultation_requested — A consultation request was created
task_completed — A task was marked as complete

Signature Verification

Every webhook request includes an HMAC-SHA256 signature in the headers. Verify it against the request body using your webhook secret.

X-Webhook-Signature: sha256=<HMAC-SHA256 hash>
X-Webhook-Event: <event_type>

Timeout: 10 seconds. Automatic retry after 5 seconds on failure.

Shadow AI Detector API

Enterprise plan required

Endpoints for the lightweight detection scripts that discover unsanctioned AI tools across employee machines. Scripts deploy via Intune/SCCM (Windows) or Jamf/Kandji (macOS) and report findings back to Fronterio.

Endpoints

POST /api/v1/shadow-detector/heartbeat — Register or update an installation
POST /api/v1/shadow-detector/scan-results — Submit scan findings, triggers auto-propose
GET /api/v1/shadow-detector/config — Fetch signature database (processes, domains, ports, extensions)
GET /api/v1/shadow-detector/findings — List detected shadow AI with status filtering
PATCH /api/v1/shadow-detector/findings — Update finding status (dismiss, investigate, register)

Auto-Propose Flow

When a new AI tool is detected that doesn't match an existing agent, it's automatically proposed to the governance system with status 'proposed' and source 'shadow_detector'. Admins review in the governance dashboard.

Available on your plan

REST API is included on all plans. Advanced integrations require higher tiers.

Free — REST APIPro — REST API + WebhooksEnterprise — All integrations

Ready to integrate?

Create your account, generate an API key, and start pulling data in minutes.

Get Started Free View Documentation