Skip to main content
GET
/
v1
/
endpoint
/
{id}
Get endpoint by ID
curl --request GET \
  --url https://api.wirespeed.co/v1/endpoint/{id} \
  --header 'Authorization: Bearer <token>'
{
  "id": "<string>",
  "displayName": "<string>",
  "teamId": "<string>",
  "hva": true,
  "createdAt": "<string>",
  "integrationId": "<string>",
  "contained": true,
  "workstation": true,
  "server": true,
  "mobile": true,
  "domainController": true,
  "groups": [
    {
      "id": "<string>",
      "endpointId": "<string>",
      "group": "<string>",
      "teamId": "<string>",
      "enabled": true,
      "createdAt": "<string>",
      "overriddenByUser": true,
      "groupId": "<string>",
      "overriddenByUserId": "<string>",
      "overriddenByUserIdentifier": "<string>",
      "groupName": "<string>",
      "groupSlug": "<string>",
      "groupContainmentEnabled": true,
      "groupChatOpsEnabled": true,
      "groupSourceSystemUpdates": true,
      "groupRuleSearch": "<string>",
      "groupRuleSearchField": "<string>"
    }
  ],
  "groupContainmentEnabled": true,
  "groupChatOpsEnabled": true,
  "groupSourceSystemUpdates": true,
  "groupsSynced": true,
  "edrSourceId": "<string>",
  "mdmSourceId": "<string>",
  "name": "<string>",
  "hvaOverriddenByUser": true,
  "privateIpAddress": "<string>",
  "live": true,
  "operatingSystem": "<string>",
  "canonicalId": "<string>",
  "canonicalClusterMemberCount": 123,
  "canonicalClusterMembers": [
    {
      "id": "22222222-2222-2222-2222-222222222201",
      "displayLabel": "WS-SAMPLE-BRAVO-WKS$",
      "integrationId": "aaaaaaaa-bbbb-cccc-dddd-eeeeeeee0002",
      "integrationPlatform": "sentinel-one",
      "name": "WS-SAMPLE-BRAVO-WKS$",
      "managed": true,
      "live": true,
      "operatingSystem": "Windows11 - 23H2",
      "createdAt": "2025-01-02T00:00:00.000Z",
      "updatedAt": "2025-01-15T12:00:00.000Z"
    },
    {
      "id": "22222222-2222-2222-2222-222222222202",
      "displayLabel": "WS-SAMPLE-CHARLIE-WKS$",
      "integrationId": "aaaaaaaa-bbbb-cccc-dddd-eeeeeeee0003",
      "integrationPlatform": "crowdstrike-falcon",
      "name": "WS-SAMPLE-CHARLIE-WKS$",
      "managed": true,
      "live": true,
      "operatingSystem": "Windows 10 Enterprise 22H2 (OS build 19045.4046)",
      "createdAt": "2025-01-03T00:00:00.000Z",
      "updatedAt": "2025-01-15T12:00:00.000Z"
    }
  ],
  "managed": true,
  "publicIpAddress": "<string>",
  "lastSeenAt": "<string>",
  "updatedAt": "<string>",
  "raw": {},
  "lockPin": "<string>"
}

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Path Parameters

id
string
required

Unique identifier of the endpoint (UUID)

Response

id
string
required

Unique identifier for the endpoint

displayName
string
required

Human-readable display name for the endpoint

teamId
string
required

ID of the team that owns this endpoint

hva
boolean
required

Indicates if this is a Critical Asset

createdAt
string
required

Timestamp when the endpoint was created

integrationId
string | null
required

ID of the integration that discovered this endpoint

contained
boolean
required

Indicates if the endpoint has been contained/isolated

workstation
boolean
required

Indicates if this is a workstation device

server
boolean
required

Indicates if this is a server device

mobile
boolean
required

Indicates if this is a mobile device

domainController
boolean
required

Indicates if this is a domain controller

groups
object[]
required

Groups assigned to this endpoint

groupContainmentEnabled
boolean
required

Whether all groups on this endpoint allow containment

groupChatOpsEnabled
boolean
required

Whether all groups on this endpoint allow chat ops

groupSourceSystemUpdates
boolean
required

Whether all groups on this endpoint allow outbound updates to the source product

groupsSynced
boolean
required

Whether this endpoint has had its first round of group checks run

edrSourceId
string

ID from the EDR (Endpoint Detection & Response) system

mdmSourceId
string

ID from the MDM (Mobile Device Management) system

name
string

Name of the endpoint

hvaOverriddenByUser
boolean

Indicates if the Critical Asset status was manually overridden by a user

privateIpAddress
string

Private IP address of the endpoint

live
boolean

Indicates if the endpoint is currently active/online

operatingSystem
string

Operating system of the endpoint

operatingSystemCategory
enum<string>

Categorized operating system type

Available options:
Windows,
Windows Server,
macOS,
Linux,
iOS,
Android,
ChromeOS,
Network Device,
Other
canonicalId
string | null

When set, this row is a duplicate source; points at the canonical representative endpoint id

canonicalClusterMemberCount
number | null

Child endpoint rows in the same canonical cluster (canonical_id = root), excluding the root row; null when asset dedupe is off or there are no children

canonicalClusterMembers
object[] | null

Preview of other integration-backed rows in the same canonical cluster (at most five children when count exceeds five); null when none

Example:
[
  {
    "id": "22222222-2222-2222-2222-222222222201",
    "displayLabel": "WS-SAMPLE-BRAVO-WKS$",
    "integrationId": "aaaaaaaa-bbbb-cccc-dddd-eeeeeeee0002",
    "integrationPlatform": "sentinel-one",
    "name": "WS-SAMPLE-BRAVO-WKS$",
    "managed": true,
    "live": true,
    "operatingSystem": "Windows11 - 23H2",
    "createdAt": "2025-01-02T00:00:00.000Z",
    "updatedAt": "2025-01-15T12:00:00.000Z"
  },
  {
    "id": "22222222-2222-2222-2222-222222222202",
    "displayLabel": "WS-SAMPLE-CHARLIE-WKS$",
    "integrationId": "aaaaaaaa-bbbb-cccc-dddd-eeeeeeee0003",
    "integrationPlatform": "crowdstrike-falcon",
    "name": "WS-SAMPLE-CHARLIE-WKS$",
    "managed": true,
    "live": true,
    "operatingSystem": "Windows 10 Enterprise 22H2 (OS build 19045.4046)",
    "createdAt": "2025-01-03T00:00:00.000Z",
    "updatedAt": "2025-01-15T12:00:00.000Z"
  }
]
managed
boolean

Indicates if the endpoint is managed by MDM/EDR

publicIpAddress
string

Public IP address associated with this endpoint

lastSeenAt
string

Timestamp when the endpoint was last seen

updatedAt
string

Timestamp when the endpoint was last updated

raw
object

Raw data from the integration source

lockPin
string | null

Lock PIN for this device, set when the device was locked via MDM (e.g. JumpCloud Apple MDM). Null if not locked or PIN not available.