For Developers

RQE API — Real-Time Cyber Risk Quantification

Embed cyber risk scoring, branch-level breakdowns, and cost/benefit modeling into your own products. A plug-and-play REST API that returns quantified risk in JSON format.

Get API Key View Pricing Run Live Demo
ENDPOINT REFERENCE

RQE API v1.1 — Financial Impact Endpoints

GET /api/rqe/health

Confirms the RQE calculation engine is reachable and returns the current API version. Use this for integration health checks and uptime monitoring.

{ "status": "ok", "version": "rqe-v1.1" }
POST /api/rqe/calculate

Accepts cyber risk assumptions and returns structured financial impact outputs, confidence scoring, and assumption flags. Implements the Binary³ five-step RQE financial methodology as defined in the research white paper.Read the methodology →

Request Body

FieldTypeRequiredDescription
directCostsnumberYesDirect attack costs: IR, forensics, legal, regulatory fines
indirectCostsnumberYesIndirect costs: revenue loss, churn, reputational damage
cumulativeProbabilitynumberBernoulli onlyProbability of at least one attack over the time horizon (0–1)
timeHorizonYearsnumberBernoulli onlyYears over which cumulative probability is estimated (min 1)
programCostnumberYesTotal cybersecurity program cost over its full lifespan
programLifespanYearsnumberYesExpected program lifespan in years (min 1)
effectivenessnumberYesProgram risk reduction coefficient (0.0–1.0). Empirical range: 0.30–0.85
probabilityModelstringYes"bernoulli" or "poisson"
lambdanumberPoisson onlyExpected attacks per year. Required when probabilityModel is "poisson"
BERNOULLI MODEL
P_a = 1 - (1 - P)^(1/Y)

Use when you have a cumulative attack probability estimate over a multi-year horizon. Standard actuarial approach.

POISSON MODEL (RECOMMENDED)
P_a = 1 - e^(-λ)

Use when threat intelligence provides an expected annual attack frequency (lambda). Mathematically preferred for cyber risk.

Sample Request

{ "directCosts": 1200000, "indirectCosts": 3000000, "cumulativeProbability": 0.45, "timeHorizonYears": 3, "programCost": 1500000, "programLifespanYears": 3, "effectiveness": 0.70, "probabilityModel": "bernoulli", "lambda": null }

Sample Responserqe-v1.1

{ "version": "rqe-v1.1", "inputs": { "directCosts": 1200000, "indirectCosts": 3000000, "cumulativeProbability": 0.45, "timeHorizonYears": 3, "programCost": 1500000, "programLifespanYears": 3, "effectiveness": 0.70, "probabilityModel": "bernoulli", "lambda": null }, "outputs": { "totalCost": 4200000, "annualProbability": 0.1739, "annualizedLossExpectancy": 730800, "annualizedProgramCost": 500000, "grossMarginImpact": 11560, "roi": 0.0231 }, "confidence": { "label": "Moderate", "score": 72, "summary": "Model confidence is moderate based on supplied assumptions." }, "assumptionFlags": [ { "severity": "info", "field": "effectiveness", "message": "Effectiveness is an estimate. Calibrate against control maturity evidence before use in board reporting." }, { "severity": "info", "field": "probabilityModel", "message": "Bernoulli model assumes i.i.d. annual attack events. Consider Poisson model when lambda is available from threat intelligence." } ], "interpretation": { "marginImpact": "Positive modeled gross margin impact.", "roiSummary": "Estimated cybersecurity ROI is 2.31%." } }

Validation & Error Handling

ConditionHTTP Response
Any numeric field is negative400 — field name and "must be a positive number"
effectiveness outside 0–1400 — "effectiveness must be between 0.0 and 1.0"
cumulativeProbability outside 0–1400 — "cumulativeProbability must be between 0.0 and 1.0"
timeHorizonYears below 1400 — "timeHorizonYears must be at least 1"
programLifespanYears below 1400 — "programLifespanYears must be at least 1"
probabilityModel is "poisson" and lambda is null or missing400 — "lambda is required when probabilityModel is poisson"
probabilityModel is not "bernoulli" or "poisson"400 — "unsupported probabilityModel value"

Confidence Scoring

Every response includes a confidence score (0–100) reflecting the reliability of the supplied assumptions. The score begins at 75 and is adjusted as follows.

ConditionAdjustment
indirectCosts > 4× directCosts−10
cumulativeProbability > 0.80−10
effectiveness > 0.85−10
programLifespanYears > 5−8
probabilityModel is "poisson" with valid lambda+5
effectiveness between 0.30–0.60 (conservative range)+3
ConservativeScore 80–100
ModerateScore 55–79
AggressiveScore below 55

Assumption Flags

The API returns structured warning objects when inputs fall outside empirically validated ranges. Flags are informational and do not block the response.

SeverityFieldTrigger Condition
warningindirectCostsGreater than 4× directCosts
warningcumulativeProbabilityGreater than 0.80
warningeffectivenessGreater than 0.85
warningeffectivenessLess than 0.30
warningprogramLifespanYearsGreater than 5 years
warninggrossMarginImpactCalculated value is negative
infoprobabilityModelBernoulli model used; Poisson recommended when lambda is available
Full methodology, variable definitions, and worked example available in the RQE Research White Paper.
Download White Paper View Research Page
API questions? Contact support@binarycubed.com

Example API Response — Sandbox Data

application/json 
{
  "domain": "demo-target.example.com",
  "scan_id": "rqe_20260423_001",
  "timestamp": "2026-04-23T17:00:00Z",
  "risk_score": 72,
  "exposure_usd": {
    "low": 6200,
    "high": 8700,
    "currency": "USD"
  },
  "top_risk": "SSL certificate expiring in 18 days",
  "priority_fix": "Renew SSL certificate immediately",
  "findings_count": 4,
  "confidence": "high",
  "tier": "sandbox"
}
Start Testing the API View Pricing & Limits

API Overview

  • RESTful JSON API with predictable responses
  • Multi-tenant architecture with isolated data
  • Identity / Perimeter / Logging risk branches
  • Financial impact + risk scores + recommendations
  • Webhook callbacks for threshold alerts

Base URL

https://api.binarycubed.com/rqe/v1

Sandbox environment available by request.

Quickstart

Get started with the RQE API in minutes.

curl -X POST https://api.binarycubed.com/rqe/v1/score \ -H "Authorization: Bearer YOUR_RQE_API_KEY" \ -H "X-Tenant-ID: YOUR_TENANT_ID" \ -H "Content-Type: application/json" \ -d '{ "asset_value": 250000, "likelihood": 0.35, "impact": 0.6, "category": "credential_exposure", "branch": "identity" }'
import requests response = requests.post( "https://api.binarycubed.com/rqe/v1/score", headers={ "Authorization": "Bearer YOUR_RQE_API_KEY", "X-Tenant-ID": "YOUR_TENANT_ID", "Content-Type": "application/json" }, json={ "asset_value": 250000, "likelihood": 0.35, "impact": 0.6, "category": "credential_exposure", "branch": "identity" } ) print(response.json())
const response = await fetch('https://api.binarycubed.com/rqe/v1/score', { method: 'POST', headers: { 'Authorization': 'Bearer YOUR_RQE_API_KEY', 'X-Tenant-ID': 'YOUR_TENANT_ID', 'Content-Type': 'application/json' }, body: JSON.stringify({ asset_value: 250000, likelihood: 0.35, impact: 0.6, category: 'credential_exposure', branch: 'identity' }) }); const data = await response.json(); console.log(data);

Response

{ "risk_score": 68, "branch": "identity", "branch_breakdown": { "identity": 68, "perimeter": 0, "logging": 0 }, "likelihood": 0.35, "impact": 0.60, "severity_multiplier": 1.2, "cost_benefit": { "potential_loss": 52500, "mitigation_cost": 8500, "roi": 5.18 }, "recommendations": [ "Rotate affected keys and credentials.", "Enable multi-factor authentication.", "Add continuous monitoring for anomalous logins." ] }

API Endpoint Catalog

Core endpoints for risk scoring, batch processing, and scenario modeling.

Endpoint Method Description
/health GET API health check and status
/overview GET Tenant-level risk overview
/score POST Compute single asset risk score
/batch/score POST Batch score up to 100 assets
/scenario/what-if POST Run what-if CBA modeling
/timeline GET Historical risk timeline

Compare to Dashboard 2.0

These API endpoints mirror the data available in the Binary³ Dashboard 2.0 interface.

View Dashboard

Pricing & Plans

Monthly
Annual Save 15%

Builder

For solo developers & testing

$49/mo
  • 10,000 API calls/month
  • Single tenant
  • Email support
  • Standard rate limits
  • Sandbox access
Get Started
POPULAR

Startup

For early-stage products

$199/mo
  • 250,000 API calls/month
  • Multi-tenant support
  • Priority support
  • Webhook callbacks
  • Custom rate limits
Get Started

Enterprise

For commercial deployments

Custom
  • Unlimited API calls
  • Multi-tenant at scale
  • Dedicated support
  • SLA guarantees
  • On-prem option
Contact Sales

Overages billed at $0.002 per additional API call.

What Counts as an API Call?

Standard API Call

1 credit

GET, POST to /score, /overview, /timeline

PDF Generation

2 credits

Branded risk report generation

Add-on Options

Add-on Description Price
Branded PDF Templates Custom-branded risk report templates $50/mo
Auto-scan Webhook Scheduled scans with webhook delivery $25/mo
Slack/Email Alerts Real-time threshold notifications Included
Dedicated IP Static IP for firewall whitelisting $100/mo

Risk Formula & Driver Tree

risk_t = likelihood × impact × weight_by_category × severity_multiplier

Identity Branch

KeySweep + RedLure findings

branch: "identity"

Perimeter Branch

Phoros + MicroDefend findings

branch: "perimeter"

Logging Branch

LogSentinel + ForensIQ findings

branch: "logging"

The RQE API returns branch-level and overall risk scores mirroring this structure.

Request API Access

Get your API key and start building.

Prefer email? Contact support@binarycubed.com

Trust & Research

Our risk quantification methodology is built on industry-standard frameworks including FAIR, NIST CSF, and ISO 27005.

View RQE Research