Generate an API token in Settings > API Tokens inside your Orca tenant and store it securely.
Determine your regional base URL: app.us.orcasecurity.io for US tenants or app.eu.orcasecurity.io for EU tenants.
Send GET requests to /api/alerts with the header Authorization: Token YOUR_TOKEN to list alerts; add query parameters such as type (vulnerability, malware) and severity to filter results.
Page through results using the offset and limit query parameters returned in the response envelope.
Parse the returned JSON to extract fields such as asset_unique_id, severity, state, and recommendation for each alert.
Automate periodic polling by scheduling the request on a cron or pipeline step and forwarding results to your SIEM or ticketing system.
Known gotchas
The Authorization scheme is Token, not Bearer; using Bearer will result in 401 errors.
Tenant base URLs are region-scoped; requests to the wrong region return 404 or redirect errors.
Orca's public API surface is not fully documented externally; consult your tenant's Settings > API for the current OpenAPI spec.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp