From blumira
Provides patterns for Blumira API authentication, dual path (org vs MSP) structure, filtering syntax, pagination, and error troubleshooting.
How this skill is triggered — by the user, by Claude, or both
Slash command
/blumira:api-patternsWhen to use
When working with Blumira API authentication, understanding the dual path structure (org vs MSP), constructing filtered queries, handling pagination, or troubleshooting API errors. Use when: blumira api, blumira auth, jwt token, blumira filtering, blumira pagination, or api error.
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Blumira exposes a REST API at `https://api.blumira.com/public-api/v1` with two path groups: `/org/*` for direct organization access and `/msp/*` for MSP multi-tenant operations. The MCP server wraps these into tool calls, but understanding the underlying patterns helps construct effective queries.
Blumira exposes a REST API at https://api.blumira.com/public-api/v1 with two path groups: /org/* for direct organization access and /msp/* for MSP multi-tenant operations. The MCP server wraps these into tool calls, but understanding the underlying patterns helps construct effective queries.
Blumira uses JWT tokens for authentication. The token is passed via the X-Blumira-JWT-Token header (MCP Gateway) or as a Bearer token directly against the API.
Authorization: Bearer <JWT_TOKEN>
Alternatively, for Pax8 integrations:
pax8ApiTokenV1: <PAX8_TOKEN>
Important: JWT tokens have expiration times. If you receive 401 errors, the token may need to be regenerated from the Blumira portal.
| Path Group | Prefix | Use Case |
|---|---|---|
| Organization | /org/* | Direct access to a single organization's data |
| MSP | /msp/* | Multi-tenant access across managed accounts |
Organization tools (blumira_findings_*, blumira_agents_*, blumira_users_*) operate on the authenticated org. MSP tools (blumira_msp_*) require MSP-level credentials and can target specific accounts.
Blumira supports powerful query filters appended to field names:
| Operator | Suffix | Example | Description |
|---|---|---|---|
| Equals | .eq | status.eq=10 | Exact match |
| In | .in | severity.in=HIGH,CRITICAL | Match any in list |
| Greater than | .gt | created.gt=2025-01-01 | Greater than |
| Less than | .lt | created.lt=2025-12-31 | Less than |
| Contains | .contains | name.contains=ransomware | Substring match |
| Regex | .regex | name.regex=^brute | Regex match |
| Negation | ! prefix | !status.eq=30 | Negate any filter |
Combining filters: Multiple filters are ANDed together:
GET /org/findings?status.eq=10&severity.in=HIGH,CRITICAL&created.gt=2025-01-01
All list endpoints support pagination parameters:
| Parameter | Description | Default |
|---|---|---|
page | Page number (1-indexed) | 1 |
page_size | Results per page | 25 |
limit | Max total results | — |
order_by | Sort field (prefix - for descending) | varies |
Responses include pagination metadata:
{
"data": [...],
"links": {
"next": "/org/findings?page=2&page_size=25",
"prev": null
},
"meta": {
"total": 142,
"page": 1,
"page_size": 25
}
}
The MCP server includes stateful navigation tools:
blumira_navigate — Navigate to a specific resource or viewblumira_status — Show current navigation contextblumira_back — Return to previous contextThese help maintain context when drilling into findings, devices, or accounts.
blumira_findings_list with filter parametersblumira_findings_getblumira_msp_accounts_list to enumerate accountsblumira_msp_findings_all for cross-account finding overviewblumira_msp_findings_listCause: JWT token is expired, invalid, or missing
Solution: Regenerate the token from Blumira Portal > Settings > API Access. Verify BLUMIRA_JWT_TOKEN is set.
Cause: Token lacks permissions for the requested resource (e.g., org token used for MSP endpoints) Solution: Ensure the token has appropriate scope. MSP endpoints require MSP-level credentials.
Cause: Resource ID doesn't exist or is not accessible from the current scope Solution: Verify the ID and ensure the token has access to the target organization.
Cause: Too many requests in a short period Solution: Back off and retry after a delay. Use pagination to reduce request volume.
Cause: Invalid filter syntax or parameter values
Solution: Check filter operator syntax (.eq, .in, etc.) and ensure values match expected types.
page_size=50) for large datasets instead of fetching everything at onceorder_by=-created to get most recent items firstmeta.total to know if more pages existnpx claudepluginhub wyre-technology/msp-claude-plugins --plugin blumiraManages Blumira MSP multi-tenant operations: list accounts, query cross-account findings, per-account devices/users/keys, and resolve findings.
Provides patterns for IT Glue API authentication, JSON:API requests, filtering, sorting, pagination, rate limiting, and sideloading. Covers regional endpoints and error handling.
Guides usage of SentinelOne Purple MCP tools: connection setup, Service User token auth, transport modes, dual GraphQL/REST API patterns, rate limits, and error handling.