Skip to content

Developers · REST API

Build on the facility risk graph.

A clean REST API for asset risk scores, capital plans, work orders, and audit-grade provenance. Sync Rivolq with the systems your team already runs — on your terms, with your credentials.

Quickstart

One authenticated call to the risk of any asset.

Pass a scoped token, get back the compound risk score and the factors behind it. JSON in, JSON out — no SDK required to start.

rivolq — curl — 80×24
pending
{  "asset_id": "ahu-204",  "risk_score": 87,  "band": "critical",  "dollar_exposure": 412000,  "top_factors": [    "age_past_useful_life",    "rising_fault_frequency",    "single_point_of_failure"  ],  "confidence": 0.91,  "as_of": "2026-06-08T00:00:00Z"}

Data flow

Anatomy of a synced call.

A scoped token pulls condition and cost out of the systems you already run, scores it against the risk graph, and pushes the answer back to where your team decides — read-first, signed, and logged end to end.

Your systems →

CMMS / EAMwork orders
ERP & financecost of record
Inspectionscondition data

Rivolq risk graph

scoped token · /v1

→ Your tools

Warehouse / BISnowflake · BigQuery
Webhookssigned events
Reportsboard-ready PDF

Endpoints

Every number on the platform, as an endpoint.

The same risk scores, capital recommendations, and audit trails that power the Rivolq UI are reachable over a documented REST API — so they can move into the tools where decisions actually get made.

Risk
GET/v1/assets/{id}/risk

Compound risk score, band, $ exposure, and contributing factors

GET/v1/facilities/{id}/risk

Rolled-up facility risk with the assets driving it

Assets
GET/v1/assets

List and filter the asset registry with cursor pagination

PUT/v1/assets/{id}

Upsert asset attributes, condition, and hierarchy

Planning
GET/v1/capital-plans

Ranked capital recommendations and scenario outputs

POST/v1/work-orders

Create and sync work orders and PM schedules

Events
POST/v1/webhooks

Subscribe to signed risk and capital-decision events

GET/v1/reports/{id}

Generate board-ready reports with provenance attached

Built for the people who own the integration.

The API is designed around the constraints of enterprise IT — control, auditability, and predictability — not just developer convenience.

01

Scoped, revocable tokens.

Authenticate with API keys or OAuth 2.0 client credentials. Every token is scoped per integration and read-only by default — write access is granted explicitly, so your systems of record stay authoritative and under your control.

02

Versioned and stable.

Every endpoint is versioned under /v1/. Breaking changes ship as a new version with advance notice, so the integration you build today keeps working tomorrow.

03

Audit-grade by default.

Every call is logged, timestamped, and attributable. When an auditor asks what data moved, when, and on whose authority, the answer is a query — not a conversation.

04

Predictable by design.

Generous rate limits with clear headers, cursor-based pagination, and a single consistent error envelope. No surprise throttling in the middle of a sync.

Who builds on the Rivolq API.

Platform & IT teams

Wire Rivolq into the stack we already run.

Connect risk scores and capital plans to your CMMS, ERP, and identity provider with scoped credentials your team owns end to end.

Data & analytics

Pull the numbers into the warehouse, not a PDF.

Sync risk, exposure, and provenance into Snowflake, BigQuery, or your BI layer for reporting that lives where your analysts already work.

Solution partners

Build on top of the risk graph.

Embed Rivolq intelligence into your own product or service offering with stable, versioned endpoints and webhook events.

Ready to build?

The full reference — every endpoint, schema, and authentication detail — lives in the developer portal. Need credentials or a scoping call? Our team will set you up.

Frequently asked questions

The short version. The developer portal has the full, always-current reference.

Is the Rivolq API available today?

The REST API is available to pilot and early-access customers, with scoped credentials issued during onboarding. The full endpoint reference and authentication details live in the developer portal, and standard catalog connectors expand through general availability.

How do I authenticate?

Rivolq supports API keys and OAuth 2.0 client-credential flows. Each token is scoped to a specific integration and is read-only unless write access is explicitly granted. Credentials are managed from your account and can be rotated or revoked at any time.

Can I write data back into my CMMS or ERP?

Yes, on request. The API is read-first by default. Write-back to systems like your CMMS or ERP is opt-in per integration so your systems of record stay authoritative and under your control.

Do you offer webhooks?

Yes. You can subscribe to events such as high-severity risk changes and capital-decision notifications. Rivolq posts signed payloads to your endpoint so alerts route into Teams, Slack, ServiceNow, or any tool that accepts a webhook.

Where is the full API reference?

The complete, always-current reference — endpoints, schemas, and authentication — lives in the Rivolq developer portal at app.rivolq.com/developers. This page is the overview; the portal is the source of truth.

Rivolq
Book a demo