Developer Documentation
Everything you need to integrate Wingman into your application. REST API, SDKs, and deployment guides.
API Overview
Wingman exposes a REST API for real-time risk evaluation. Authenticate with a Bearer token and send structured event data to receive risk scores and enforcement decisions.
Base URL
api.wingman.security
Auth
Bearer Token
Format
JSON
Rate Limit
10,000 req/min
Quick Start
Get up and running in three steps.
Get API Credentials
Sign up and receive your API key and sandbox environment access.
Send Your First Request
Call the /evaluate endpoint with user, device, and context data.
Act on the Response
Use the risk score and decision to allow, challenge, or block the action.
Sample Request & Response
POST /api/v1/evaluate HTTP/1.1
Host: api.wingman.security
Authorization: Bearer YOUR_API_KEY
Content-Type: application/json
{
"event": "login",
"user_id": "usr_abc123",
"session_id": "sess_xyz789",
"device": {
"fingerprint": "fp_d4e5f6",
"user_agent": "Mozilla/5.0 ...",
"ip": "203.0.113.42"
},
"context": {
"timestamp": "2025-01-15T10:30:00Z",
"geo": { "lat": 37.7749, "lon": -122.4194 }
}
}{
"request_id": "req_abc123def456",
"risk_score": 0.12,
"decision": "allow",
"signals": {
"device_trust": "high",
"behavioral_match": 0.94,
"geo_anomaly": false,
"velocity_check": "pass",
"ip_reputation": "clean"
},
"enforcement": {
"action": "allow",
"reason": "Low risk - trusted device, normal behavior"
},
"latency_ms": 0.8
}Integration Methods
REST API
Direct HTTP integration with any language or framework. Full control over request timing and handling.
Envoy Proxy
Deploy as a sidecar proxy with WebAssembly filters. Zero application code changes required.
SDKs
Native libraries for JavaScript, Python, and Go with automatic retry, caching, and error handling.
Webhooks
Receive real-time notifications for risk events, policy triggers, and enforcement actions.
SDKs & Libraries
JavaScript
Availablenpm install @wingman/sdk
Python
Availablepip install wingman-sdk
Go
Coming Soongo get wingman.security/sdk