About Integrations
AlloyScan exposes its inventory and audit data to external systems through three distinct integration surfaces. Each surface targets a different consumer and has its own configuration entry point in Admin Center.
How integrations work
AlloyScan integrations split along a clear axis: who initiates the call, and from where.
- Alloy Navigator Sync is an outbound, scheduled data flow that imports AlloyScan inventory into Alloy Navigator. The sync job runs on the Alloy Navigator side, authenticates against AlloyScan with an App registration, and pulls devices, software installations, and audit details into Alloy Navigator's CMDB. A site-level toggle on the AlloyScan side controls which software is imported.
Note: Details may vary by deployment.
-
REST API access via App registrations is the programmatic entry point for any third-party client. You create an App registration under Admin Center > Site Settings > IAM > App registrations, the system issues a Client ID and Client secret, and the client uses those credentials to call the REST API. The API supports PATCH semantics and is subject to per-month and per-instance workload limits.
-
External Tools via Alloy Integration Launcher is a UI-launched integration. When you invoke a tool such as Remote Desktop, VNC, Ping, or a custom PowerShell script from a device record, AlloyScan signals the Alloy Integration Launcher local utility on your workstation, which executes the tool against the target device. Tools never run on the device being audited; they run on the invoker's machine. See About Tools.
Why this design
Splitting integration types by initiator keeps the security boundary explicit. Sync and REST API both authenticate as machine identities (App registration credentials) and stay on the network path between the two services. External Tools, by contrast, operate from the operator's workstation and inherit that workstation's network reach — which is what lets them reach endpoints AlloyScan itself cannot.
App registrations are per-site, not per-instance. Each site issues its own credentials and tracks its own expiration timeline, so a Sync job or third-party client is scoped to exactly one site's data.
Key distinctions
| Surface | Initiator | Authentication | Use case |
|---|---|---|---|
| Alloy Navigator Sync | Alloy Navigator side | App registration (Client ID + secret) | Push AlloyScan inventory into Alloy Navigator CMDB |
| REST API | External client | App registration (Client ID + secret) | Custom programmatic access |
| External Tools | Operator's browser, executed on operator's workstation | Workstation OS credentials | Remote administration of a discovered device |
There are no dedicated connectors for ServiceNow, Jira, or Zendesk. Third-party integrations to those products go through the generic REST API.
Limitations
- API workload ceilings are enforced server-side. Per-second and per-minute rate caps are not surfaced in the UI; only the per-month transaction counter is visible under Admin Center > Site Settings > Limits and usage.
- An expired App registration breaks any integration using it. The system raises a persistent red banner on every page until the registration is renewed.
- The Client secret is shown only at registration time. If it is lost, you must rotate it.