Volume
API Endpoints
Use the API and GraphQL surface when you need direct object control over investigations, entities, evidence, alerts, and reporting.
200+
Integration
Integration Guide
Plan the identity lane, transport lane, and partner connectors before data is pushed into live casework, evidence, and alert workflows.
Delivery posture
Map identity, transport, evidence handling, and partner systems before data is pushed into live investigative workflows.
Primary integration lanes
REST + GraphQL
Outbound events
Webhooks
Typed client support
SDKs
Vendor certification path
Partner intake
Operating context
Plan the integration around the investigation workflow, not around a generic data pipe
Design the connector around the investigation workflow it feeds. The platform supports inbound data capture, outbound event delivery, and the review controls that sit around both.
Query model
GraphQL Support
GraphQL is the best fit when clients need one workspace request instead of a long chain of endpoint calls.
Full
Realtime
Real-time Streaming
Use event streams and subscriptions when triage, collaboration, and alerting must update without polling loops.
WebSocket
Inbound lane
Inbound Integrations
Push data into Public Safety from your systems. Ideal for data providers, OSINT sources, and enterprise systems.
- Real-time data ingestion via API
- Batch file imports (CSV, XML, JSON)
- Automated data enrichment pipelines
- Deduplication and entity resolution
Outbound lane
Outbound Integrations
Receive data and alerts from Public Safety. Perfect for downstream systems, dashboards, and notification services.
- Webhook notifications for events
- GraphQL subscriptions for real-time data
- Scheduled data exports
- Custom report generation
Intake target
The connector design should reflect the same investigation, profile, and alert state analysts are expected to work from.
Operational routing
Inbound and outbound flows should line up with the routing, review, and automation patterns already present in the product.
Getting Started
Stand up the lane in the order that identity, transport, and first-call validation actually happen
A clean rollout starts by proving auth, transport, and minimal workspace access before connector volume or automation is turned on.
- 1
Obtain API Credentials
Request API credentials from your Public Safety administrator or through the dashboard. You'll receive an API key and organization ID.
- 2
Install the SDK
Install the Public Safety SDK for your preferred programming language. We support Python, JavaScript/TypeScript, and more.
- 3
Configure Authentication
Initialize the SDK with your API key and configure any environment-specific settings.
- 4
Make Your First API Call
Test your integration by making a simple API call to list investigations or check your connection status.
Authentication Example
Token acquisition check
Validate that the identity lane works before any larger connector or file-import job is introduced.
Token Authentication Flow
curl -X POST https://auth.knogin.com/v1/login \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "[email protected]" \
-d "password=your-password" \
-d "platform=argus"
curl -X GET https://api.knogin.com/v1/health \
-H "Authorization: Bearer <argus_auth_token>"Authentication & Authorization
Authentication baseline
Prove the identity lane first. Every transport path depends on the same token issuance, session posture, and access scoping decisions.
API Key Authentication
Simple bearer token authentication for server-to-server integrations. API keys are scoped to specific permissions and can be rotated regularly.
Authorization: Bearer <api_key>OAuth 2.0 / OpenID Connect
Full OAuth 2.0 support for user-delegated access. Ideal for applications that act on behalf of users with their consent.
OAuth 2.0 / OpenID ConnectJWT Token Authentication
Short-lived JWT tokens for stateless authentication. Tokens include user claims and permissions for fine-grained access control.
argus_auth_token (JWT)Transport lanes
Integration Methods
Choose the transport lane that matches the workflow: direct object control, live subscriptions, or scheduled bulk movement.
Method
GraphQL API
Our primary API interface. GraphQL allows you to request exactly the data you need in a single request, reducing bandwidth and improving performance.
- Query exactly the fields you need
- Real-time subscriptions for live updates
- Strongly typed schema with introspection
Method
REST API
Traditional RESTful endpoints for simple CRUD operations and compatibility with existing tooling.
- Standard HTTP methods (GET, POST, PUT, DELETE)
- JSON request and response bodies
- OpenAPI 3.0 specification available
Method
WebSocket / Real-time
Persistent connections for real-time data streaming. Receive instant notifications when data changes.
- Low-latency push notifications
- Alert streaming and event subscriptions
- Automatic reconnection handling
Method
File Import / Export
Bulk data operations through file uploads and scheduled exports. Supports multiple formats including CSV, Excel, and XML.
- CSV, XLSX, XML, JSON formats
- STIX 2.1 threat intelligence format
- Automated scheduled imports
Data Formats & Taxonomy
Shape data to the product model early so search, graph, and evidence features do not need a second translation layer
Normalize payloads to the product model early so graph, search, evidence, and reporting features do not need a second translation layer.
Core Entity Types
Supported entity model
Public Safety supports a comprehensive set of entity types for law enforcement and intelligence operations. Each entity type has specific attributes, identifiers, and relationship capabilities.
Person
Organization
Vehicle
Location
Document
Phone
Email
Social Account
IP Address
Cryptocurrency
Domain
Event
Format family
API Formats
Structured transport for direct client and service integrations.
- JSON (application/json)
- GraphQL
- Multipart form-data
Format family
Import Formats
Bulk-load options for migration, partner exchange, and scheduled ingestion.
- CSV / TSV
- Excel (XLSX)
- XML / NIEM
- STIX 2.1
Format family
File Attachments
Binary file types that feed OCR, transcription, and evidence workflows.
- PDF, DOCX, TXT
- JPEG, PNG, GIF, WebP
- MP3, WAV, OGG
- MP4, MOV, AVI
Entity Schema Example
Sample entity payload
This is the shape downstream graph, alert, and reporting workflows expect when external systems send profile records into the platform.
Person Entity (JSON)
{
"id": "profile-uuid-123",
"type": "PERSON",
"attributes": {
"firstName": "John",
"lastName": "Doe",
"dateOfBirth": "1985-03-15"
},
"identifiers": [
{ "type": "PASSPORT", "value": "AB123456", "country": "US" }
],
"contacts": [
{ "type": "EMAIL", "value": "[email protected]" }
],
"metadata": {
"source": "vendor-system",
"sourceId": "ext-12345"
}
}Document intake
Schema, file metadata, and provenance should be captured in the same way the review surface expects to consume them.
Pre-Built Connectors
Use named connectors where they exist, then scope the custom gap instead of pretending every source is interchangeable
Start with the named connector that already matches the operating system in play, then scope the custom gap instead of treating every source as interchangeable.
Operational systems
Law Enforcement Systems
These are the systems most likely to touch frontline dispatch, records, evidence, and statutory reporting workflows.
CAD Systems
AvailableRMS Platforms
AvailableEvidence.com
AvailableNCIC/NLETS
AvailableCJIS
AvailableNIBRS
AvailableExternal intelligence
Intelligence & OSINT Providers
Partner and provider integrations should be scoped by legal basis, quota profile, and the actual entity types being enriched.
TLOxp
PartnerLexisNexis
PartnerBabel Street
PartnerRecorded Future
PartnerVirusTotal
AvailableShodan
AvailableEnterprise systems
Enterprise Systems
Enterprise connectors matter when identity, case payloads, or downstream evidence export has to stay inside an existing customer environment.
Microsoft 365 / Entra ID
AvailableGoogle Workspace
AvailableSalesforce
AvailableServiceNow
AvailableSlack
AvailableAWS S3
AvailableNeed a custom connector?
Custom connector boundary
Use the custom path when a proprietary system still needs to land in the same object, audit, and review model as the standard connectors.
SDKs & Client Libraries
Choose the client lane that matches the team running the workflow
Use the client lane that matches the team running the workflow, then keep the first proof of value narrow and reviewable.
Client
JavaScript / TypeScript
Full-featured SDK for Node.js and browser environments with TypeScript support.
- Node.js 18+
- Browser ESM
- TypeScript types
Client
Python
Pythonic SDK with async support for data science and automation workflows.
- Python 3.10+
- Async support
- Type hints
Client
Java / Kotlin
Enterprise-grade SDK for Java and Kotlin applications with Android support.
- Java 17+
- Kotlin coroutines
- Android compatible
Client
C# / .NET
Modern .NET SDK with async/await patterns for Windows and cross-platform apps.
- .NET 6+
- Async/await
- NuGet package
Client
Go
Lightweight Go client with context support for high-performance services.
- Go 1.21+
- Context support
- Zero dependencies
Client
REST / cURL
Direct REST API access with OpenAPI spec, Postman collection, and interactive documentation.
- OpenAPI 3.0 spec
- Postman collection
- Interactive docs
SDK Usage Example (TypeScript)
Typed SDK pattern
Keep the initial proof of value narrow: create a case, attach evidence, and verify the object comes back with the expected status.
SDK Usage Example (TypeScript)
import { PublicSafetyClient } from '@argus/sdk';
const argus = new PublicSafetyClient({
apiKey: process.env.ARGUS_API_KEY,
organizationId: 'your-org-id',
environment: 'production',
});
const investigation = await argus.investigations.create({
title: 'Financial Fraud Case #2024-001',
priority: 'HIGH',
});
await argus.evidence.upload({
investigationId: investigation.id,
file: documentBuffer,
metadata: { type: 'document', chainOfCustody: true },
});Webhooks & Event Notifications
Use outbound events when the external system needs to react to operational state changes, not just read static records
Use outbound events when the downstream system needs to react to operational state changes, not just read a static export.
Available Events
Core outbound event types
Keep the first webhook rollout focused on high-signal transitions instead of mirroring every field change.
alert.createdalert.updatedinvestigation.createdinvestigation.updatedprofile.enrichedevidence.processedreport.generatedworkflow.completedWebhook Security
Webhook control requirements
The event lane has to be reviewable: sign every payload, retry safely, and keep source allowlists explicit.
- HMAC-SHA256 signature verification for payload authenticity
- Automatic retry with exponential backoff for failed deliveries
- IP allowlisting for webhook endpoints available
- Idempotency keys to prevent duplicate processing
Webhook Payload & Verification
Event payload shape
Payloads should be easy to verify, route, and persist in downstream oversight systems.
Webhook Payload & Verification
{
"id": "evt_abc123",
"type": "alert.created",
"timestamp": "2024-06-20T14:30:00Z",
"data": {
"alertId": "alert-xyz789",
"severity": "HIGH",
"investigationId": "inv-123",
"metadata": {
"triggerRule": "financial-threshold",
"matchScore": 0.95
}
},
"signature": "sha256=a1b2c3d4..."
}Automation state
Webhook contracts should align with the same alert, workflow, and report-generation moments operators see inside the platform.
Security Requirements
Integration delivery is not complete until the security and test lanes are proven with real traffic patterns
Integration delivery is incomplete until the security controls, review posture, and compliance target have been proven with realistic traffic.
Technical Requirements
Baseline security requirements
These controls are the minimum expectation before a live data source is connected.
- TLS 1.2 or higher required for all connections
- Authentication required for all API requests
- AES-256 encryption for data at rest
- Complete audit logging of all API access
- Role-based access control (RBAC) enforcement
Compliance Certifications
Compliance lanes
The compliance target depends on procurement, customer environment, and the actual systems being connected.
- CJIS Security Policy compliant
- FedRAMP Moderate authorized
- SOC 2 Type II certified
- ISO 27001 certified
- GDPR compliant for EU data
Testing & Sandbox Environment
Testing and certification
Use the sandbox to validate auth, payload shape, alerting behavior, and operator review paths before anything reaches production tenants.
Sandbox Environment
Run the full request path against realistic data without touching live investigative records.
Test Data Sets
Use seeded entities, relationships, and alerts that exercise the same search, graph, and review surfaces operators will use.
Integration Certification
Treat certification as a control review and operational readiness check, not just a listing step.
Integration Testing Process
- 1Request sandbox access through the partner portal
- 2Develop and test your integration against the sandbox API
- 3Submit your integration for review by our team
- 4Complete security assessment and penetration testing
- 5Receive certification and deploy to production
Become an Integration Partner
Vendor and partner intake
Use the intake form when you need to scope a connector, review a deployment boundary, or line up a partner certification path.
Vendor Integration Request
Tell us about your integration needs and we'll get back to you within 2-3 business days.
Need the delivery plan reviewed?
Walk through connector scope, evidence handling, webhook controls, and certification assumptions before production traffic is turned on.