Return on Security

The Signal API

Programmatic REST access to the cybersecurity market dataset behind The Signal — funding rounds, M&A, companies, investors, and the analytics built on them. Build market maps, deal sourcing, and account enrichment on the same data that powers the dashboard.

Get an API key →

Mint a key from your account

Quickstart →

Your first call in two minutes

Authentication →

Bearer keys & safe handling

API Reference →

All 18 endpoints & schemas

Overview

The Signal API is a read-only REST API over Return on Security's curated cybersecurity market data — the same dataset behind The Signal dashboard and the weekly Return on Security newsletter. Every endpoint is a GET that returns JSON, authenticated with a Bearer key. The base URL is:

https://signal.returnonsecurity.com

The dataset spans seven domains across 18 public endpoints:

Companies

Profiles, funding totals, stage & category

Investors

Portfolios, activity, rankings

Funding

Rounds, history, stage percentiles

M&A

Acquisitions, acquirers, buyer types

Rankings

Top funding rounds, investors, acquirers

Distributions

Stage, range & category breakdowns

Access. The API is a paid add-on on Pro and Team plans, and is included with Enterprise. Manage your subscription and keys at your account.

What you can build

The Signal API turns the business of the cyber industry into a queryable dataset. A few things teams build on it:

For investors & corporate development

Market mapping — a live landscape of every funded company in a cybersecurity category, with round sizes, investors, and timing. /companies · /category-data · /top-funding-rounds
Deal sourcing & follow-on — track newly funded startups and stage velocity to find your next entry before the next round. /funding/history · /stages/distribution
Consolidation & acquirer tracking — who's buying, what buyer types are active, and the most acquisitive players in the market. /top-acquisitions · /top-acquirers-by-volume · /buyer-type
Investor benchmarking — league tables and portfolio activity by firm. /top-investors · /investors/{name}

For go-to-market teams

Budget-signal targeting — surface security companies by stage and category right after a raise, when budget is fresh. /companies · /category-data
Account enrichment — attach funding history, investors, and valuation context to your CRM records. /companies/{name} · /investors

For founders & operators

Benchmark your raise — compare your round against stage percentiles for your category. /funding-stage-percentiles · /ranges/breakdown
Category & competitive intel — track the players and momentum in your space. /company-type · /category-data

For analysts, researchers & press

Sector trends & rankings — funding totals, M&A activity, and league tables for reports and stories. /charts · /top-funding-rounds · /top-acquisitions

Why The Signal API

Security-specific, investment-grade

Not a generic startup database — the curated cybersecurity dataset behind The Signal and the weekly Return on Security newsletter, maintained for the business of the cyber industry.

Built for agents, too

The same data is available over the Model Context Protocol, so you can wire it straight into Claude and other AI agents — set it up from your account.

One clean contract

18 REST endpoints, consistent JSON, and freshness + quota headers on every response so clients can cache and back off correctly.

Quickstart

1. Get a key. Go to Account → Developer → API and mint a key. It looks like ros_live_… and is shown once — store it somewhere safe.

2. Export it so you never paste it inline:

export ROS_API_KEY="ros_live_…"

3. Make your first call:

curl -H "Authorization: Bearer $ROS_API_KEY" \
  "https://signal.returnonsecurity.com/api/v2/companies?limit=10"

A successful response is a JSON body plus headers that tell you how fresh the data is (X-Data-Freshness), how much quota you have left (X-Quota-*), and a request id (X-Request-Id) to quote if you need support. Browse every endpoint, parameter, and schema in the API Reference.

Authentication

Every request authenticates with an Authorization: Bearer ros_live_… header. Keys are minted, labelled, and revoked at your account. Access is checked on every request against your live entitlement (Enterprise, or an active API add-on) — so revoking a key or a lapsed add-on takes effect immediately, not at some cache expiry.

Treat a key like a password. Never commit it to source control, never put it in a URL or client-side code, and always call over HTTPS. Read it from an environment variable ($ROS_API_KEY) as shown above. A leaked key can be revoked and re-minted from your account at any time.

Plans & access

The API is a paid product. Every plan that includes it gets the full curated dataset and all 18 endpoints — the difference between plans is the request allowance, not the data.

Plan	API access	Quota
Free	Dashboard only — no API	—
Pro / Team + API add-on	Full API, all endpoints	1,000/day · 30,000/mo
Enterprise	API included	Unlimited

Add the API to a Pro or Team plan for $79/mo from your account; Enterprise includes it. Need more than 30k/mo? That's what Enterprise is for — it lifts the caps entirely.

Premium fields

A few response fields are premium intelligence — they're part of the paid dataset and populated for any API caller (the keys are always present; values are null on the free dashboard). Today that's the investor government-linkage set on /investors: government_linked_tier (govt_chartered / defence_cvc / sovereign_wealth), government_linked_country, and government_linked_since — non-null only for investors in the curated government-linked taxonomy. Each premium field is marked in the API Reference.

Rate limits & quotas

Each key is metered against two windows. Defaults (Enterprise is uncapped):

Window	Limit	Resets
Daily	1,000 requests	00:00 UTC
Monthly	30,000 requests	1st of month, UTC

Every response carries your live counters, so a client can back off before hitting a wall:

Header	Meaning
`X-Quota-Daily-Limit` / `-Remaining`	Daily allowance and what's left
`X-Quota-Monthly-Limit` / `-Remaining`	Monthly allowance and what's left
`Retry-After`	Seconds until the exhausted window resets (on a `429`)
`X-Data-Freshness`	The day the dataset last changed (`YYYY-MM-DD`)
`X-Request-Id`	Correlation id — quote it in any support request

When a window is exhausted the API returns 429 with { "error": …, "code": "quota_exceeded", "window": "daily" } and a Retry-After header. Honor it and retry after the reset.

Errors

Errors use a consistent JSON envelope — an error message and a stable machine-readable code:

{ "error": "API quota exceeded", "code": "quota_exceeded" }

Status	Code	Meaning
401	`auth_required`	Missing or invalid key
403	`api_access_required`	Key valid, but no active API entitlement
404	`not_found`	No entity matches the path parameter (e.g. `/companies/{name}`)
429	`quota_exceeded`	Daily or monthly window exhausted — see `Retry-After`
503	`quota_unavailable`	Metering temporarily unavailable — retry shortly
500	—	Unexpected server error — quote `X-Request-Id` to support

Every error response includes an X-Request-Id. Including it when you contact support lets us pull the exact request from our logs.