We're Investing in Our Customers Through API

 Here's something I hear all the time from IT teams and MSPs: "I love Blumira. I just wish it worked natively with my ticketing system."

It's one of the most important things a customer can tell a product team, because it means we’re solving a real problem. People want Blumira to fit better into their day. Security teams don't live in their cloud SIEM. They live in their ticketing systems, their PSA platforms, their dashboards, their email. If Blumira is going to be a real partner, not just another tab to check, we have to meet people where they live.

That's exactly what LEAP Managed IT did. They connected Blumira's API to their existing stack, ConnectWise, Nilear, and Blumira, and automated ticket reconciliation across all three. They immediately saw results, as their dispatch team saved time previously spent on manually updating, and the help desk avoided platform-hopping during a ticket.

That story, and dozens of conversations like it, are what's driving our investment in our API. We’re unlocking the ability for you to use Blumira's data, intelligence, and capabilities however fits your workflow, your business, your way of operating.

This week, we launched Blumira ITDR and EDR, which is the important work that makes Blumira better at resolving threats for our customers.

Today, I want to talk about something I'm equally excited about: a quick history of our API so far, what's new, and where it's all going.

Where we started

In July 2025, we released our public API, making it easier to connect Blumira to the tools and systems your business already relies on. You could pull security findings, monitor agent deployments, and generate custom reports directly from your stack, fitting security into the way your team already works without disrupting your existing processes.

LEAP's story, which I mentioned up top, was one of the first proofs that this approach works. They took the API and made it solve a real operational problem for their business.

What we knew from LEAP and others: customers didn't just want to see their data somewhere else. They wanted to act on it. 

Where we are

That brings us to now. This release introduces our first write capabilities to the Blumira API (and a bunch of other enhancements).

First access gave you visibility. Now, write access gives you agency. Here's what that looks like in practice:

Your tech never leaves their workflow. Today, a Blumira detection can notify your ticketing system via email. That works, but it's a one-way street. Now we have: detection fires → ticket auto-creates in Your System with full finding context → your tech reviews it, adds comments, updates the responder, decides if investigations are necessary, all from wherever you live.

And we're exploring even more ways for Blumira to continue to integrate better with your system of choice out of the box.

The ecosystem around the API is growing, too. I built a community n8n node for Blumira to show what's possible when you connect security data to workflow automation platforms. Platforms like Rewst let MSPs build custom integrations with any open REST API, which means our Swagger spec plugs right into the automation workflows teams are already building. We're still on the same developer-friendly foundation: OpenAPI v3, standard REST, straightforward patterns.

This is a huge level up, just take a look at what an evolved dashboard built on top of our API can look like:   

(code is available here if you want to try it), but we’re still not done.

Where We're Going

I built a demo Blumira MCP server on a weekend. Not because it was on my to-do list, or the roadmap. I did it because once you see what's possible when security data flows freely into AI tools, you can't unsee it.

Quick explainer if MCP is new to you: the Model Context Protocol is an open standard that lets AI applications connect to external data sources and tools in a standardized way. Think of it as a universal adapter between AI assistants and the systems they need to reason about.

Imagine asking an AI assistant about your security posture and having it reason across your actual Blumira findings, with all the context Blumira already has built in. That's not science fiction. I prototyped it. It works. And it's a glimpse at where this is all heading.

The n8n node, the MCP server, the API itself, these aren't disconnected experiments. They're all expressions of the same belief: an open platform gets more powerful as the tools around it evolve.

The industry seems to agree. Security leaders are calling 2026 the year APIs move from "just a delivery mechanism" to the operational backbone of how businesses actually run, especially as agentic AI reshapes what automation looks like. We're building for that world.

As Randolph Barr, CISO at Cequence Security, said, “In many ways, 2026 will mark a phase in which APIs move from ‘just a delivery mechanism’ to the operational backbone of digital business, especially in a world increasingly dominated by agentic AI and monetization imperatives.”

So, what's next? We're investing in deeper integrations with the platforms where you manage clients, handle tickets, and bring data in. The API is the foundation. What we build on it will make Blumira feel less like a separate tool and more like a capability woven into everything you already do. I'm genuinely excited about what's coming in Q2 and beyond.

What Won't Change

We'll keep shipping, keep iterating, keep being transparent about where we are and where we're headed. That's how we build. And our roadmap, as always, is available at blumira.com/ideas.

We’d love your feedback.

 At the end of the day, this comes back to a simple belief: we remove the effort when you don't have time, and we empower you when you do. The API is how we deliver on both. And we're just getting started.