Authentication

GET /api/v1/stigs is public.

GET /api/v1/stigs/{slug}/download requires a SAMS bearer token in the Authorization header.

1
Authorization: Bearer ss_token_app_your_application_token

Validation Flow

Protected requests are validated against:

https://sams.opencontrols.ai/api/v1/validate

If the bearer token is missing, malformed, expired, invalid, or attached to an inactive subscription, Stigviewer returns 401 Unauthorized.

Error Shape

1
{
2
  "error": {
3
    "code": "UNAUTHORIZED",
4
    "message": "Missing or invalid Authorization header"
5
  }
6
}