blumira-api-patternslisted

# Blumira API Patterns ## Overview Blumira exposes a REST API at `https://api.blumira.com/public-api/v1` with two path groups: `/org/*` for direct organization access and `/msp/*` for MSP multi-tenant operations. The MCP server wraps these into tool calls, but understanding the underlying patterns helps construct effective queries. ## Key Concepts ### Authentication Blumira uses JWT tokens for authentication. The token is passed via the `X-Blumira-JWT-Token` header (MCP Gateway) or as a Bearer token directly against the API. ``` Authorization: Bearer <JWT_TOKEN> ``` Alternatively, for Pax8 integrations: ``` pax8ApiTokenV1: <PAX8_TOKEN> ``` **Important:** JWT tokens have expiration times. If you receive 401 errors, the token may need to be regenerated from the Blumira portal. ### Dual Path Groups | Path Group | Prefix | Use Case | |-----------|--------|----------| | Organization | `/org/*` | Direct access to a single organization's data | | MSP | `/msp/*` | Multi-tenant access across managed accounts | Organization tools (`blumira_findings_*`, `blumira_agents_*`, `blumira_users_*`) operate on the authenticated org. MSP tools (`blumira_msp_*`) require MSP-level credentials and can target specific accounts. ### Rich Filtering Syntax Blumira supports powerful query filters appended to field names: | Operator | Suffix | Example | Description | |----------|--------|---------|-------------| | Equals | `.eq` | `status.eq=10` | Exact match | | In | `.in` | `severity.in=H