API Authentication

The SecurityChecks API uses API keys for authentication. All requests must include a valid API key.

Getting an API Key

1. Sign in to your dashboard
2. Go to Settings > API Keys
3. Click Create API Key
4. Copy your key (it won't be shown again)

API keys follow this format:

• Production: sc_live_xxxxxxxxxxxxxxxxxxxx
• Development: sc_test_xxxxxxxxxxxxxxxxxxxx

Using Your API Key

Include your API key in the Authorization header:

curl https://api.securitychecks.ai/v1/scans \
  -H "Authorization: Bearer sc_live_xxxxx"

Or in code:

const response = await fetch('https://api.securitychecks.ai/v1/scans', {
  headers: {
    'Authorization': `Bearer ${process.env.SECURITYCHECKS_API_KEY}`,
    'Content-Type': 'application/json',
  },
});

API Endpoints

All endpoints are prefixed with https://api.securitychecks.ai/v1

Projects

Scans

Findings

Creating a Scan

curl -X POST https://api.securitychecks.ai/v1/scans \
  -H "Authorization: Bearer sc_live_xxxxx" \
  -H "Content-Type: application/json" \
  -d '{
    "projectSlug": "my-app",
    "branch": "main",
    "commitSha": "abc123"
  }'

Response:

{
  "id": "scan_xxxxx",
  "projectId": "proj_xxxxx",
  "status": "RUNNING",
  "branch": "main",
  "commitSha": "abc123",
  "startedAt": "2024-01-15T10:00:00Z"
}

Submitting Findings

curl -X POST https://api.securitychecks.ai/v1/findings \
  -H "Authorization: Bearer sc_live_xxxxx" \
  -H "Content-Type: application/json" \
  -d '{
    "scanId": "scan_xxxxx",
    "findings": [
      {
        "invariantId": "P0-MISSING-AUTHZ",
        "severity": "P0",
        "title": "Missing Authorization Check",
        "filePath": "src/app/api/admin/route.ts",
        "lineNumber": 15,
        "snippet": "export async function GET() { ... }"
      }
    ]
  }'

Rate Limits

Rate limit headers are included in all responses:

X-RateLimit-Limit: 5000
X-RateLimit-Remaining: 4999
X-RateLimit-Reset: 1705315200

Error Responses

{
  "error": "Unauthorized",
  "message": "Invalid or missing API key",
  "code": "INVALID_API_KEY"
}