API Documentation

API Key Required: To use the API programmatically, you need an API key. Get API access for $5/month or use the free web interface (with CAPTCHA verification, no API key needed).

Base URL: https://futuresbom.com/api

Authentication

API Key Authentication (Required for API Access)

To use the API, you must include your API key in the request header. Get your API key from the Dashboard after subscribing to the API Access plan.

x-api-key: sk_your_api_key_here

Note: The free tier (web interface only) does not provide API access. For programmatic access and CI/CD integration, an API key subscription is required.

Check SBOM for EOL Components

POST /api/check

Analyze an SBOM file and check components against EOL data.

Request Headers

                x-api-key: sk_your_api_key_here  # Optional for paid tier

Content-Type: multipart/form-data  # For file upload

Content-Type: application/json     # For JSON body

Request Body (Multipart Form)

Field	Type	Required	Description
`sbom`	File	Yes	SBOM JSON file (CycloneDX or SPDX)
`warnDays`	Integer	No	Days before EOL to trigger warning (default: 180)

Request Body (JSON)

{
  "sbom": {...},           // SBOM JSON object
  "warnDays": 180         // Optional
}

Response

{
  "success": true,
  "timestamp": "2025-12-09T12:00:00.000Z",
  "summary": {
    "total": 10,
    "eol": 2,
    "warning": 3,
    "supported": 5,
    "unknown": 0,
    "notFound": 0,
    "error": 0
  },
  "results": [
    {
      "name": "nodejs",
      "version": "14.21.0",
      "eolProduct": "nodejs",
      "status": "eol",
      "eolDate": "2023-04-30",
      "message": "EOL since 2023-04-30 (955 days ago)",
      "daysUntilEOL": -955
    }
  ],
  "warnDays": 180
}

Example: cURL

curl -X POST https://futuresbom.com/api/check \
  -H "x-api-key: sk_your_api_key_here" \
  -F "[email protected]" \
  -F "warnDays=90"

Example: Node.js

const fs = require('fs');
const FormData = require('form-data');
const axios = require('axios');

const form = new FormData();
form.append('sbom', fs.createReadStream('sbom.json'));
form.append('warnDays', '180');

const response = await axios.post(
  'https://your-domain.azurewebsites.net/api/check',
  form,
  {
    headers: {
      'x-api-key': 'sk_your_api_key_here',
      ...form.getHeaders()
    }
  }
);

console.log(response.data);

Example: Python

import requests

files = {'sbom': open('sbom.json', 'rb')}
data = {'warnDays': 180}
headers = {'x-api-key': 'sk_your_api_key_here'}

response = requests.post(
    'https://futuresbom.com/api/check',
    files=files,
    data=data,
    headers=headers
)

print(response.json())

Get Supported Products

GET /api/products

Retrieve a list of all products supported by the EOL API.

Response

{
  "success": true,
  "count": 300,
  "products": [
    "nodejs",
    "python",
    "postgresql",
    ...
  ]
}

Example

curl https://futuresbom.com/api/products

Get Product EOL Information

GET /api/product/:name

Get detailed EOL information for a specific product.

Parameters

Parameter	Type	Description
`name`	String	Product name (e.g., "nodejs", "python")

Response

{
  "success": true,
  "product": "nodejs",
  "cycles": [
    {
      "cycle": "20",
      "latest": "20.10.0",
      "releaseDate": "2023-04-18",
      "eol": "2026-04-30",
      "support": "2025-10-22"
    }
  ]
}

Example

curl https://futuresbom.com/api/product/nodejs

Get API Usage Statistics

GET /api/usage

Get usage statistics for your API key (requires authentication).

Request Headers

x-api-key: sk_your_api_key_here

Response

{
  "success": true,
  "apiKey": {
    "name": "Production Pipeline",
    "tier": "paid",
    "dailyLimit": 1000,
    "requestsToday": 150,
    "remainingToday": 850
  },
  "history": [
    {
      "date": "2025-12-09",
      "requests": 150,
      "successful": 148
    }
  ]
}

Example

curl https://futuresbom.com/api/usage \
  -H "x-api-key: sk_your_api_key_here"

Get EOL Cache Status

GET /api/cache-status

Check the freshness and status of the EOL data cache. This endpoint provides information about when the cache was last updated and when it will expire. The cache automatically refreshes every 24 hours from endoflife.date.

No Authentication Required: This endpoint is public and does not require an API key.

Response

{
  "productCount": 426,
  "lastUpdated": "2025-12-11T02:38:15.645Z",
  "expiresIn": 86284745,
  "isExpired": false
}

Response Fields

Field	Type	Description
`productCount`	Integer	Number of products currently cached (e.g., nodejs, python, react)
`lastUpdated`	String (ISO 8601)	Timestamp when the cache was last refreshed
`expiresIn`	Integer	Milliseconds until the cache expires and will be refreshed
`isExpired`	Boolean	Whether the cache is currently expired (triggers automatic refresh on next request)

Example: cURL

curl https://futuresbom.com/api/cache-status

Example: Node.js

const axios = require('axios');

const response = await axios.get(
  'https://futuresbom.com/api/cache-status'
);

console.log(`Products cached: ${response.data.productCount}`);
console.log(`Last updated: ${response.data.lastUpdated}`);
console.log(`Cache expires in: ${Math.floor(response.data.expiresIn / 1000 / 60)} minutes`);

Example: Python

import requests
from datetime import datetime, timedelta

response = requests.get('https://futuresbom.com/api/cache-status')
data = response.json()

print(f"Products cached: {data['productCount']}")
print(f"Last updated: {data['lastUpdated']}")
print(f"Expires in: {data['expiresIn'] // 1000 // 60} minutes")

Use Cases

Monitoring: Verify the EOL data is current before running critical checks
Debugging: Troubleshoot issues with stale or missing EOL data
Health Checks: Include in application health monitoring dashboards
Transparency: Show users when the EOL data was last updated

Cache Refresh: The cache automatically refreshes every 24 hours. If the cache is expired when you make a request to /api/check, it will be refreshed automatically before processing your SBOM.

Integration Examples

Azure DevOps Pipeline

steps:
- task: Bash@3
  displayName: 'Check SBOM for EOL'
  inputs:
    targetType: 'inline'
    script: |
      curl -X POST https://futuresbom.com/api/check \
        -H "x-api-key: $(SBOM_EOL_API_KEY)" \
        -F "[email protected]" \
        -o eol-results.json
      
      # Check if there are any EOL components
      EOL_COUNT=$(jq '.summary.eol' eol-results.json)
      if [ "$EOL_COUNT" -gt 0 ]; then
        echo "Found $EOL_COUNT EOL components!"
        exit 1
      fi

GitHub Actions

- name: Check SBOM for EOL
  run: |
    curl -X POST https://your-domain.azurewebsites.net/api/check \
      -H "x-api-key: ${{ secrets.SBOM_EOL_API_KEY }}" \
      -F "[email protected]" \
      -o eol-results.json
    
    EOL_COUNT=$(jq '.summary.eol' eol-results.json)
    if [ "$EOL_COUNT" -gt 0 ]; then
      echo "::error::Found $EOL_COUNT EOL components"
      exit 1
    fi

PowerShell Script

$apiKey = "sk_your_api_key_here"
$sbomPath = "sbom.json"

$headers = @{
    "x-api-key" = $apiKey
}

$form = @{
    sbom = Get-Item -Path $sbomPath
    warnDays = 180
}

$response = Invoke-RestMethod `
    -Uri "https://futuresbom.com/api/check" `
    -Method Post `
    -Headers $headers `
    -Form $form

if ($response.summary.eol -gt 0) {
    Write-Error "Found $($response.summary.eol) EOL components!"
    exit 1
}

Status Codes

Code	Description
`200`	Success
`400`	Bad Request - Invalid input
`401`	Unauthorized - Invalid or missing API key
`403`	Forbidden - API key inactive
`404`	Not Found - Resource doesn't exist
`429`	Too Many Requests - Rate limit exceeded
`500`	Internal Server Error

Rate Limits

Tier	Limit	Window
Free (No API Key)	3 requests	Per day
Paid (API Key)	100 requests	Per day