Askel.aiAskel.ai
Log in
Askel.aiAskel.ai
Log in
Snyk logo

Snyk

IAM & SecurityAPI tokenLive

Connect your customers' Snyk organisations so your product can read vulnerability findings, license issues, and project metadata without building a custom Snyk connector. The customer pastes a single service account token and Askel handles the rest.

Book a demo
View docs

What you can do

List all projects in a Snyk organisation

Fetch project names, types (npm, Docker, IaC), origin (GitHub, CLI, CI), and last tested dates. Gives your product a current view of what Snyk is monitoring for the customer.

Read open vulnerabilities per project

Pull issues for any project filtered by severity (critical, high, medium, low), exploit maturity, and fix availability. Covers both package and container vulnerabilities.

Fetch aggregated issue counts across an org

Read org-level vulnerability counts broken down by severity to power summary dashboards without fetching every individual issue.

Read license policy violations

Query license issues flagged by the customer's Snyk license policy. Useful for compliance workflows where your product needs to surface GPL or LGPL dependencies in commercial code.

Access Snyk Code (SAST) findings

Fetch static analysis results from Snyk Code for any project that has it enabled, including rule ID, severity, and file location, without requiring access to the source repo.

Pull organisation membership and role data

Read which users are members of the Snyk org and what role they hold. Useful for access-review and onboarding-governance workflows.

Sample use case

Surfacing open vulnerabilities at onboarding kickoff

You sell a software supply chain security product. A new customer, Irongate Engineering, runs Snyk across 40 repos in their GitHub organisation. Your product needs to show their highest-severity open vulnerabilities and any critical packages with no fix available on day one of onboarding, before your first consulting call.

  1. 1

    Customer creates a service account token

    Irongate's security lead opens Snyk under Account Settings and General and Auth Token, copies the personal auth token, and pastes it into your product's connection wizard.

  2. 2

    Organisation discovery

    Askel calls GET /orgs and returns the list of Snyk organisations the token has access to. For Irongate this is a single org. Your product stores the org ID for subsequent reads.

  3. 3

    Project list pull

    Askel fetches all 40 projects from Irongate's Snyk org. Your product displays them grouped by type (npm packages, Docker images, Terraform IaC files) so the security lead can see coverage at a glance.

  4. 4

    Critical and high issue fetch

    Askel reads open issues filtered by severity=critical,high across all projects. Your product receives the deduplicated issue list with CVE IDs, affected packages, and fix availability flags.

  5. 5

    Pre-call report ready

    Your dashboard shows Irongate's baseline: 7 critical issues across 5 repos, 3 with no fix available, and 2 GPL license violations. The first consulting call starts from a shared findings list, not a blank introduction.

Authentication

API token

The customer retrieves their personal auth token or a service account token from Snyk under Account Settings and General and Auth Token. They paste it into Askel once. Askel sends it as a Bearer token on every request to api.snyk.io/rest; the token never reaches your servers.

Data flow

How Askel sits between your product and the customer's system

Data flow between Customer's Snyk organisation, Askel, and Your productCustomer's Snyk organisationAPI endpointAskelauth · mapping · driftYour productyour backend
ProjectsVulnerabilitiesLicense issuesSAST findingsOrg members

Related integrations

Cloudflare logo

Cloudflare

Read DNS, WAF, and rate-limit configuration from customer Cloudflare accounts.

Okta logo

Okta

Manage users, groups, and apps in customer Okta orgs via a service app.

GoPhish logo

GoPhish

Run phishing campaigns and pull results from customer GoPhish servers.

FAQ for Snyk

Does this work with Snyk Free or only paid plans?+
The Snyk REST API is available on all plan tiers including Free. Some data, such as Snyk Code SAST findings and advanced reporting, requires a Snyk Business or Enterprise plan. Askel reads whatever is available on the customer's plan and skips endpoints that return 403 for their tier.
What Snyk API version does Askel use?+
Askel targets the Snyk REST API (api.snyk.io/rest) using versioned endpoints. The integration is updated when Snyk promotes endpoints from beta to GA or deprecates older paths.
Can we read data from multiple Snyk organisations under one Group?+
Yes. If the token belongs to a user with access to multiple Snyk orgs, the GET /orgs endpoint returns all of them. Askel supports one connection per Snyk org. For Group-level reporting your product can aggregate data across multiple Askel connections for the same customer.
What happens if the customer rotates their Snyk token?+
API calls will return 401 errors, which Askel surfaces as a credential-expired alert on the customer's connection page. The customer pastes the new token into Askel and the connection is restored immediately.
Ready to ship integrations faster?customers faster?implementations faster?
Join onboarding teams delivering integrations without the engineering queue,
catching drift before it breaks, and hitting go-live dates.
Book a demo
Security & Compliance
ISO 27001 Certified
GDPR Compliant
Askel.ai
Askel.ai
Automation for customer onboarding teams
Product
FeaturesDocumentationIntegrations
Company
About usOur teamBlogContact
Resources
Terms of ServicePrivacy PolicyData Processing AgreementDocumentation

© 2025 Askel.ai. All rights reserved.