# What is GOS API?

The Lineaje GOS workflow is fully automatable via REST APIs. The following table documents the three core API calls required to execute a complete GOS remediation cycle within a CI/CD pipeline.

All API calls require a Bearer token obtained via one of two authentication methods:&#x20;

* **Username / Password**: POST credentials to the identity service to receive an access token (valid 24 hours).&#x20;
* **API Key**: Contact [Lineaje Support](https://support.lineaje.com) to provision a long-lived API key for service-to-service authentication.&#x20;

### How it works&#x20;

The API follows a three-step flow:&#x20;

1. **Authenticate**: Exchange your Lineaje credentials for a Bearer token.&#x20;
2. **Get your project list**: Retrieve your scanned projects and capture the sbom\_id for the project you want to remediate.&#x20;
3. **Request and poll for a fix plan**: Submit the sbom\_id to the fix plan endpoint and poll until the plan status returns as available.&#x20;