IFO4 API|SDKs & Libraries

SDKs & Libraries

Official SDKs for Python, Node.js, Go, and Java. Plus webhooks, rate limiting, and API changelog.

Official SDKs

Install an SDK and start making API calls in under 5 minutes.

Install with pipPython

pip install ifo4

Python

v2.0.0

\u2713 Up to date

Node.js

v2.0.0

\u2713 Up to date

v2.0.0

\u2713 Up to date

Java

v2.0.0

\u2713 Up to date

Webhooks

Receive real-time notifications when important events occur in your cloud environment.

Setting Up Webhooks

webhook_handler.jsNode.js

// Express.js webhook handler
const express = require('express');
const crypto = require('crypto');
const app = express();

app.use(express.json());

// Verify webhook signature
function verifySignature(payload, signature, secret) {
  const expected = crypto
    .createHmac('sha256', secret)
    .update(JSON.stringify(payload))
    .digest('hex');
  return crypto.timingSafeEqual(
    Buffer.from(signature),
    Buffer.from(expected)
  );
}

app.post('/webhooks/ifo4', (req, res) => {
  const signature = req.headers['x-ifo4-signature'];
  const webhookSecret = process.env.IFO4_WEBHOOK_SECRET;

  // Verify signature
  if (!verifySignature(req.body, signature, webhookSecret)) {
    return res.status(401).json({ error: 'Invalid signature' });
  }

  const { event, data, timestamp } = req.body;

  switch (event) {
    case 'anomaly.detected':
      console.log(`Anomaly: ${data.service} - ${data.description}`);
      sendSlackAlert(data);
      break;

    case 'commitment.expiring':
      console.log(`Expiring: ${data.commitmentId} in ${data.daysRemaining}d`);
      createRenewalTicket(data);
      break;

    case 'compliance.drift':
      console.log(`Drift: ${data.control} - ${data.framework}`);
      notifySecurityTeam(data);
      break;

    default:
      console.log(`Unhandled event: ${event}`);
  }

  res.json({ received: true });
});

app.listen(3000);

Webhook Event Types

Event	Description	Severity
anomaly.detected	A cost anomaly has been detected in one of your accounts	High
anomaly.resolved	A previously detected anomaly has returned to normal	Info
commitment.expiring	A commitment (RI/SP) is expiring within your configured window	Medium
commitment.underutilized	A commitment has fallen below your utilization threshold	Medium
compliance.drift	A compliance control has drifted out of compliance	High
compliance.resolved	A compliance violation has been remediated	Info
phantom.new_app	A new unauthorized application has been discovered	Medium
phantom.high_risk	A high-risk shadow IT application has been detected	High
gccf.drift	Capital drift detected in a government program	High
forecast.threshold	Forecasted spend exceeds your configured threshold	Medium
tags.violation	Tag compliance has dropped below threshold	Low

Rate Limiting

Rate limits protect the API and ensure fair usage. Limits vary by plan.

Plan	Requests/Min	Requests/Day	Burst Limit	Concurrency
Free	10	1,000	20	2
Starter	100	50,000	200	10
Professional	1,000	500,000	2,000	50
Enterprise	Custom	Unlimited	Custom	Custom

Rate Limit Response Headers

Response Headers

X-RateLimit-Limit: 1000          # Max requests per minute
X-RateLimit-Remaining: 987       # Remaining requests in window
X-RateLimit-Reset: 1711324800    # Unix timestamp when window resets
Retry-After: 30                  # Seconds to wait (only on 429)

Recommended Retry Strategy

retry_strategy.pyPython

import time
import random

def api_call_with_retry(func, max_retries=5):
    """Exponential backoff with jitter"""
    for attempt in range(max_retries):
        try:
            return func()
        except ifo4.RateLimitError as e:
            if attempt == max_retries - 1:
                raise
            # Use Retry-After header if available
            wait = e.retry_after if e.retry_after else (2 ** attempt)
            # Add jitter to prevent thundering herd
            jitter = random.uniform(0, wait * 0.1)
            time.sleep(wait + jitter)
        except ifo4.ServerError:
            if attempt == max_retries - 1:
                raise
            time.sleep(2 ** attempt)

# Usage
result = api_call_with_retry(
    lambda: client.benchmark.score(industry="finserv", cloud_spend=5_000_000)
)

Changelog

API version history, new features, and breaking changes.

v2.0.0

2026-03-15

IFO4 API v2.0 - General Availability

New Phantom Shadow AI detection endpoint
GCCF Government Capital Control Framework
Oracle commitment negotiation insights
Expanded PRISM normalization for GCP
BREAKINGAuthentication header changed from Authorization to X-API-Key
BREAKINGAll date fields now use ISO 8601 with timezone

v1.8.0

2026-02-01

Maturity Assessment Improvements

Added roadmap generation to maturity assessment
New benchmark comparison by industry vertical
Improved forecast accuracy with ensemble models
Added webhook support for compliance drift events

v1.7.0

2026-01-10

Oracle Enhancements

New commitment simulation engine
Renewal tracking with proactive alerts
Negotiation insights for EDP agreements
Portfolio utilization analysis

v1.6.0

2025-12-01

Phantom Shadow IT Discovery

Initial Phantom API release
Shadow IT discovery from network and SSO logs
License utilization analysis
Risk assessment framework

v1.5.0

2025-10-15

Compliance & GCCF Preview

SOC2 and FedRAMP compliance checks
GCCF preview for government programs
Audit evidence generation
Custom compliance frameworks support

Ready to integrate?

Pick your language, install the SDK, and start building.

Open Playground API Reference