Tufin

Tufin provides security policy orchestration solutions for managing network security policies across hybrid cloud environments, including firewalls, SDN, and cloud security controls. The Tufin Orchestration Suite (TOS) includes SecureTrack for network topology and policy analysis, SecureChange for automated policy change workflows, SecureApp for application-centric policy management, and SecureCloud for cloud-native security posture management. Tufin offers comprehensive REST APIs and GraphQL APIs for integrating with ITSM, SIEM, and other security tools.

5 APIs 1 Capabilities 0 Features

Cloud SecurityComplianceFirewall ManagementNetwork SecurityNetwork TopologyPolicy OrchestrationRisk ManagementSecurity Policy ManagementZero Trust

APIs

Tufin SecureTrack API

The SecureTrack REST API enables programmatic access to Tufin's network security policy management platform. It supports querying network devices and firewall rules, analyzing n...

Tufin SecureChange API

The SecureChange REST API automates security policy change workflows, enabling programmatic submission and management of access request tickets, approval workflows, and change i...

Tufin SecureApp API

API for application-centric security policy management and micro-segmentation. SecureApp enables teams to manage security policies at the application level, define connectivity ...

Tufin SecureTrack GraphQL API

GraphQL API for the Tufin Orchestration Suite providing flexible querying capabilities for security policy data, network topology, and compliance information. Uses OAuth2 authen...

Tufin SecureCloud API

REST API for Tufin SecureCloud, the cloud-native security policy management platform. Provides endpoints for managing cloud accounts, applications, assets, Kubernetes clusters, ...

Capabilities

Run Capabilities with Naftiko — Deploy and orchestrate these API capabilities using Naftiko Fleet.

Run with Naftiko

Tufin Network Security Policy Management

Unified workflow capability combining Tufin SecureTrack and SecureChange for end-to-end network security policy lifecycle management. Enables network security engineers and SOC ...

Run with Naftiko

Run Capabilities with Naftiko — Deploy and orchestrate these API capabilities using Naftiko Fleet.

Run with Naftiko

Semantic Vocabularies

Tufin Context

0 classes · 6 properties

JSON-LD

API Governance Rules

Tufin API Rules

11 rules · 2 errors 8 warnings 1 info

SPECTRAL

Resources

Documentation

Privacy Policy

Terms of Service

Terms of Service

GettingStarted

GitHub Organization

GitHub Organization

PostmanCollection

PostmanCollection

Sources

name: Tufin
description: >-
  Tufin provides security policy orchestration solutions for managing network security policies
  across hybrid cloud environments, including firewalls, SDN, and cloud security controls.
  The Tufin Orchestration Suite (TOS) includes SecureTrack for network topology and policy
  analysis, SecureChange for automated policy change workflows, SecureApp for application-centric
  policy management, and SecureCloud for cloud-native security posture management. Tufin offers
  comprehensive REST APIs and GraphQL APIs for integrating with ITSM, SIEM, and other security tools.
image: https://www.tufin.com/themes/custom/tufin/logo.svg
url: https://www.tufin.com
created: '2025'
modified: '2026-05-03'
specificationVersion: '0.18'
tags:
  - Cloud Security
  - Compliance
  - Firewall Management
  - Network Security
  - Network Topology
  - Policy Orchestration
  - Risk Management
  - Security Policy Management
  - Zero Trust
apis:
  - name: Tufin SecureTrack API
    description: >-
      The SecureTrack REST API enables programmatic access to Tufin's network security
      policy management platform. It supports querying network devices and firewall rules,
      analyzing network topology and path queries, retrieving policy compliance data,
      performing risk and cleanup analysis, managing rule documentation and recertification,
      and searching for network objects, services, and interfaces across multi-vendor
      firewall infrastructure. Authentication uses HTTP Basic Auth with TOS credentials.
    image: https://www.tufin.com/themes/custom/tufin/logo.svg
    humanURL: https://www.tufin.com/products/securetrack
    baseURL: https://{tos_host}/securetrack/api
    tags:
      - Compliance
      - Firewall Rules
      - Network Devices
      - Network Topology
      - Policy Analysis
      - Risk Analysis
    properties:
      - type: Documentation
        url: https://forum.tufin.com/support/kc/latest/Content/Suite/RESTAPI/securetrack_api.htm
      - type: SwaggerUI
        url: https://forum.tufin.com/support/kc/rest-api/R24-1/securetrack/apidoc/
      - type: Authentication
        url: https://forum.tufin.com/support/kc/latest/Content/Suite/RESTAPI/4423.htm
      - type: Reference
        url: https://forum.tufin.com/support/kc/latest/Content/Suite/RESTAPI/4420.htm
      - type: GettingStarted
        url: https://forum.tufin.com/support/kc/latest/Content/Suite/RESTAPI/4423.htm
      - type: OpenAPI
        url: openapi/tufin-securetrack-openapi.yml
    features:
      - name: Device and Policy Management
        description: Retrieve, add, and update firewall devices and security policies across multi-vendor environments.
      - name: Network Topology Analysis
        description: Query network paths, retrieve topology maps, and analyze traffic flows across the managed network.
      - name: Risk and Compliance Analysis
        description: Identify policy violations, clean up unused rules, and generate compliance reports.
      - name: Rule Search and Documentation
        description: Search for rules, network objects, and services across all managed devices with full documentation support.
  - name: Tufin SecureChange API
    description: >-
      The SecureChange REST API automates security policy change workflows, enabling programmatic
      submission and management of access request tickets, approval workflows, and change
      implementation across network infrastructure. Supports integration with ITSM platforms
      including ServiceNow, Jira, and Remedy for end-to-end change automation.
    image: https://www.tufin.com/themes/custom/tufin/logo.svg
    humanURL: https://www.tufin.com/products/securechange
    baseURL: https://{tos_host}/securechangeworkflow/api
    tags:
      - Approvals
      - Change Management
      - ITSM Integration
      - Policy Changes
      - Ticketing
      - Workflow Automation
    properties:
      - type: Documentation
        url: https://forum.tufin.com/support/kc/latest/Content/Suite/RESTAPI/12309.htm
      - type: SwaggerUI
        url: https://forum.tufin.com/support/kc/rest-api/R24-1/securechangeworkflow/apidoc/
      - type: Reference
        url: https://forum.tufin.com/support/kc/latest/Content/Suite/RESTAPI/12309.htm
      - type: Authentication
        url: https://forum.tufin.com/support/kc/latest/Content/Suite/RESTAPI/4423.htm
      - type: OpenAPI
        url: openapi/tufin-securechange-openapi.yml
    features:
      - name: Access Request Tickets
        description: Create, retrieve, and update security access request tickets programmatically.
      - name: Workflow Automation
        description: Automate the full lifecycle of security policy changes from request through approval to implementation.
      - name: ITSM Integration
        description: Integrate with ServiceNow, Jira, and other ITSM platforms for unified change management.
  - name: Tufin SecureApp API
    description: >-
      API for application-centric security policy management and micro-segmentation.
      SecureApp enables teams to manage security policies at the application level,
      define connectivity requirements, and automate policy changes for application
      deployments.
    image: https://www.tufin.com/themes/custom/tufin/logo.svg
    humanURL: https://www.tufin.com/products/secureapp
    baseURL: https://{tos_host}/securechangeworkflow/api
    tags:
      - Application Security
      - Micro-Segmentation
      - Policy Management
      - Zero Trust
    properties:
      - type: Documentation
        url: https://forum.tufin.com/support/kc/secureapp/
      - type: Reference
        url: https://forum.tufin.com/support/kc/latest/Content/Suite/RESTAPI/6481.htm
  - name: Tufin SecureTrack GraphQL API
    description: >-
      GraphQL API for the Tufin Orchestration Suite providing flexible querying
      capabilities for security policy data, network topology, and compliance
      information. Uses OAuth2 authentication and supports complex nested queries
      across SecureTrack resources including devices, policies, rules, and topology.
    image: https://www.tufin.com/themes/custom/tufin/logo.svg
    humanURL: https://forum.tufin.com/support/kc/latest/Content/ST2/API/API_Introduction.htm
    baseURL: https://{tos_ip}/v2/api/sync/graphql
    tags:
      - GraphQL
      - Network Topology
      - OAuth2
      - Policy Analysis
      - Security Data
    properties:
      - type: Documentation
        url: https://forum.tufin.com/support/kc/latest/Content/ST2/API/API_Introduction.htm
      - type: Authentication
        url: https://forum.tufin.com/support/kc/latest/Content/ST2/API/OAuth2.htm
  - name: Tufin SecureCloud API
    description: >-
      REST API for Tufin SecureCloud, the cloud-native security policy management
      platform. Provides endpoints for managing cloud accounts, applications,
      assets, Kubernetes clusters, and security policies across AWS, Azure, and
      GCP environments. Enables cloud security posture management (CSPM) and
      Kubernetes network policy enforcement through API integration.
    image: https://www.tufin.com/themes/custom/tufin/logo.svg
    humanURL: https://www.tufin.com/tufin-orchestration-suite/securecloud
    baseURL: https://{account}.securecloud.tufin.io/api/v1
    tags:
      - Cloud Security
      - CSPM
      - Kubernetes
      - Multi-Cloud
      - Policy Management
    properties:
      - type: Documentation
        url: https://forum.tufin.com/support/kc/securecloud/
      - type: Reference
        url: https://securecloud.tufin.io/api-documentation/index.html
common:
  - type: Portal
    url: https://forum.tufin.com/
  - type: Support
    url: https://www.tufin.com/support
  - type: Documentation
    url: https://forum.tufin.com/support/kc
  - type: Blog
    url: https://www.tufin.com/blog
  - type: Login
    url: https://portal.tufin.io/
  - type: Contact
    url: https://www.tufin.com/company/contact-us
  - type: Privacy Policy
    url: https://www.tufin.com/privacy-policy
  - type: Terms of Service
    url: https://www.tufin.com/terms-of-use
  - type: Website
    url: https://www.tufin.com
  - type: GettingStarted
    url: https://forum.tufin.com/support/kc/latest/Content/Suite/RESTAPI/4423.htm
  - type: Community
    url: https://community.tufin.com/
  - type: GitHub Organization
    url: https://github.com/Tufin
  - type: SDK
    url: https://gitlab.com/tufinps/pytos2-ce
  - type: SDK
    url: https://github.com/Tufin/pytos
  - type: PostmanCollection
    url: https://github.com/Tufin/postman
  - type: Sign Up
    url: https://www.tufin.com/demo
  - type: Videos
    url: https://www.tufin.com/resources/type/videos
  - type: Developers
    url: https://www.tufin.com/developers
  - type: OpenAPI
    url: openapi/tufin-securetrack-openapi.yml
  - type: OpenAPI
    url: openapi/tufin-securechange-openapi.yml
  - type: Vocabulary
    url: vocabulary/tufin-vocabulary.yml
  - type: JSON-LD
    url: json-ld/tufin-context.jsonld
  - type: JSONSchema
    url: json-schema/tufin-device-schema.json
  - type: JSONSchema
    url: json-schema/tufin-ticket-schema.json
maintainers:
  - FN: Kin Lane
    email: [email protected]