Skip to main content
POST
/
core.v1.GraphService
/
GetAccessGraph
cURL
curl -X POST "https://api.joinformal.com/core.v1.GraphService/GetAccessGraph" \
  -H "X-API-KEY: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "example": "value"
  }'
fetch("https://api.joinformal.com/core.v1.GraphService/GetAccessGraph", {
method: "POST",
headers: {
"X-API-KEY": "YOUR_API_KEY",
"Content-Type": "application/json"
},
body: JSON.stringify({
example: "value"
})
})
.then(response => response.json())
.then(data => console.log(data))
.catch(error => console.error(error));
import requests

url = "https://api.joinformal.com/core.v1.GraphService/GetAccessGraph"
headers = {
"X-API-KEY": "YOUR_API_KEY",
"Content-Type": "application/json"
}
data = {
"example": "value"
}

response = requests.post(url, headers=headers, json=data)
print(response.json())
package main

import (
"bytes"
"encoding/json"
"fmt"
"io"
"net/http"
)

func main() {
url := "https://api.joinformal.com/core.v1.GraphService/GetAccessGraph"

body := map[string]string{
"example": "value",
}

jsonData, _ := json.Marshal(body)

req, _ := http.NewRequest("POST", url, bytes.NewBuffer(jsonData))
req.Header.Set("X-API-KEY", "YOUR_API_KEY")
req.Header.Set("Content-Type", "application/json")

client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
panic(err)
}
defer resp.Body.Close()

responseBody, _ := io.ReadAll(resp.Body)
fmt.Println(string(responseBody))
}
<?php

$curl = curl_init();

curl_setopt_array($curl, [
CURLOPT_URL => "https://api.joinformal.com/core.v1.GraphService/GetAccessGraph",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => json_encode([
'query' => '<string>',
'startTimestamp' => '<string>',
'endTimestamp' => '<string>',
'topNHumans' => 123,
'topNAgents' => 123,
'topNMachines' => 123,
'topNResources' => 123,
'identityTypes' => [
'<string>'
],
'includeConnectors' => true,
'focusNodeId' => '<string>'
]),
CURLOPT_HTTPHEADER => [
"Content-Type: application/json",
"X-API-KEY: <api-key>"
],
]);

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}
HttpResponse<String> response = Unirest.post("https://api.joinformal.com/core.v1.GraphService/GetAccessGraph")
.header("X-API-KEY", "<api-key>")
.header("Content-Type", "application/json")
.body("{\n \"query\": \"<string>\",\n \"startTimestamp\": \"<string>\",\n \"endTimestamp\": \"<string>\",\n \"topNHumans\": 123,\n \"topNAgents\": 123,\n \"topNMachines\": 123,\n \"topNResources\": 123,\n \"identityTypes\": [\n \"<string>\"\n ],\n \"includeConnectors\": true,\n \"focusNodeId\": \"<string>\"\n}")
.asString();
require 'uri'
require 'net/http'

url = URI("https://api.joinformal.com/core.v1.GraphService/GetAccessGraph")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)
request["X-API-KEY"] = '<api-key>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"query\": \"<string>\",\n \"startTimestamp\": \"<string>\",\n \"endTimestamp\": \"<string>\",\n \"topNHumans\": 123,\n \"topNAgents\": 123,\n \"topNMachines\": 123,\n \"topNResources\": 123,\n \"identityTypes\": [\n \"<string>\"\n ],\n \"includeConnectors\": true,\n \"focusNodeId\": \"<string>\"\n}"

response = http.request(request)
puts response.read_body
{
  "graph": {
    "nodes": [
      {
        "id": "<string>",
        "connector": {
          "name": "<string>",
          "spaceId": "<string>",
          "spaceName": "<string>",
          "totalLogs": 123,
          "triggeredPolicyCount": 123,
          "policyBreakdown": {
            "mask": 123,
            "filter": 123,
            "block": 123
          }
        },
        "identity": {
          "name": "<string>",
          "email": "<string>",
          "kind": "<string>",
          "idpProvider": "<string>",
          "totalLogs": 123,
          "totalSessions": 123,
          "triggeredPolicyCount": 123,
          "policyBreakdown": {
            "mask": 123,
            "filter": 123,
            "block": 123
          }
        },
        "resource": {
          "name": "<string>",
          "technology": "<string>",
          "connectorId": "<string>",
          "connectorName": "<string>",
          "spaceId": "<string>",
          "spaceName": "<string>",
          "totalLogs": 123,
          "sensitiveFieldCount": 123,
          "triggeredPolicyCount": 123,
          "policyBreakdown": {
            "mask": 123,
            "filter": 123,
            "block": 123
          }
        }
      }
    ],
    "edges": [
      {
        "id": "<string>",
        "sourceId": "<string>",
        "targetId": "<string>",
        "logCount": 123,
        "triggeredPolicyCount": 123,
        "policyBreakdown": {
          "mask": 123,
          "filter": 123,
          "block": 123
        },
        "lastActivity": "2023-11-07T05:31:56Z"
      }
    ]
  },
  "summary": {
    "totalLogs": 123,
    "totalTriggeredPolicies": 123,
    "policyBreakdown": {
      "mask": 123,
      "filter": 123,
      "block": 123
    },
    "humans": {
      "total": 123,
      "logs": 123,
      "triggeredPolicies": 123
    },
    "agents": {
      "total": 123,
      "logs": 123,
      "triggeredPolicies": 123
    },
    "machines": {
      "total": 123,
      "logs": 123,
      "triggeredPolicies": 123
    },
    "connectors": {
      "total": 123,
      "logs": 123,
      "triggeredPolicies": 123
    },
    "resources": {
      "total": 123,
      "logs": 123,
      "triggeredPolicies": 123
    }
  }
}
{
"code": "invalid_request",
"message": "Invalid request parameters",
"details": {}
}
{
"code": "unauthorized",
"message": "Authentication required"
}
{
"code": "forbidden",
"message": "Insufficient permissions to perform this action"
}
{
"code": "not_found",
"message": "Resource not found"
}
{
"code": "internal_error",
"message": "An internal error occurred"
}

Authorizations

X-API-KEY
string
header
required

API key authentication. Get your API key from the Formal console.

Body

application/json
query
string

Primary filter: Quickwit query string defining the log universe

startTimestamp
string

Unix-second timestamps (strings), matching the logs RPCs.

Minimum string length: 1
endTimestamp
string
Minimum string length: 1
topNHumans
integer<int32>

Per-layer top-N limits (backend selects top N by log volume or triggered policies)

topNAgents
integer<int32>
topNMachines
integer<int32>
topNResources
integer<int32>
identityTypes
string[]

Which identity types to include (human, agent, machine)

includeConnectors
boolean

Whether to include the connector layer (if false, backend synthesizes direct identity→resource edges by joining through connectors)

sortMode
enum<string>

Sort mode: "volume" (default) or "violations" (triggered policies first)

Available options:
,
volume,
violations
focusNodeId
string

Optional: focus on a specific node — returns all connected nodes regardless of top-N

Response

Success

graph
graph · object
summary
summary · object