Introduction

turbine api documentation welcome to the turbine api the turbine api provides programmatic access to swimlane's low code security automation platform, enabling you to integrate turbine's powerful automation capabilities directly into your security operations whether you're orchestrating workflows, managing cases, or automating response actions, our restful api offers comprehensive access to turbine's platform features getting started quick start guide get up and running with the turbine api in minutes access your turbine instance generate a personal access token (pat) from your user settings configure your api client with the base url and authentication make your first api call to explore turbine's capabilities your first api call here's a simple example to get you started curl x get https //your turbine instance swimlane com/api/public/v1/applications \\ h "private token your personal access token" \\ h "content type application/json" key features the turbine api enables you to tenant management create, read, update, and delete tenants authentication personal access tokens (pat) turbine uses personal access tokens for api authentication pats provide secure, scoped access to the api without exposing your login credentials generating a personal access token log into your turbine instance navigate to user settings → personal access tokens click generate new token provide a descriptive name for the token select the appropriate scope and permissions set an expiration date (recommended for security) copy and securely store your token it won't be shown again for detailed instructions, refer to the turbine settings documentation http //l swimlane app/create pat using your pat include your personal access token in the private token header of all api requests private token your personal access token security best practices store pats securely using environment variables or secret management systems create separate tokens for different integrations or environments regularly rotate tokens and set expiration dates use tokens with minimal required permissions never commit tokens to version control monitor token usage through audit logs base url all api requests should be made to your turbine instance https //your instance swimlane com/api/public/v1 for turbine cloud customers https //your tenant turbine swimlane com/api/public/v1 rate limiting see rate limiting documentation https //l swimlane app/api rate limiting for details on api rate limits the turbine api enforces rate limits to ensure fair usage and protect against abuse status codes the turbine api uses standard http status codes 200 ok request succeeded 201 created resource successfully created 204 no content request succeeded with no response body 400 bad request invalid request parameters 401 unauthorized missing or invalid authentication token 403 forbidden valid token but insufficient permissions 404 not found resource not found 409 conflict request conflicts with current state 429 too many requests rate limit exceeded 500 internal server error server error 503 service unavailable service temporarily unavailable best practices performance optimization use field filtering to reduce response payload size implement caching where appropriate batch operations when possible use asynchronous processing for long running operations error handling implement comprehensive error handling log all api interactions for debugging use correlation ids for request tracking handle network timeouts gracefully security considerations always use https for api communications validate ssl certificates implement request signing for webhooks follow principle of least privilege for token permissions support & resources documentation turbine documentation https //l swimlane app/turbine docs complete platform documentation release notes http //l swimlane app/release notes latest updates and changes getting help swimlane support portal support swimlane com https //l swimlane app/support api status swimlanestatus com https //l swimlane app/swimlane status training & certification turbine api developer training security automation certification custom training sessions available for enterprise customers compliance & security turbine maintains compliance with soc 2 type ii iso 27001 iso 27701 iso 42001 trust center swimlane com/trust center https //l swimlane app/trust center terms of use by using the turbine api, you agree to swimlane's terms of service https //l swimlane app/swimlane terms and privacy policy https //l swimlane app/privacy policy key requirements include compliance with rate limiting policies secure storage and handling of access tokens responsible use of automation capabilities adherence to data retention and privacy policies no unauthorized access attempts or security testing last updated august 2025 turbine api version v1 © 2025 swimlane inc all rights reserved