Overview
The VulnZap API provides programmatic access to security scanning features, enabling custom integrations, automation, and real-time scan monitoring. Base URL:https://api.vulnzap.com/api/scan
Need an API Key?
Generate your API key in the dashboard
Authentication
All API requests require authentication via API key in thex-api-key header:
Available Endpoints
VulnZap API provides the following endpoints:Start GitHub Scan
POST /github - Scan entire GitHub repository
Start Commit Scan
POST /commit - Scan specific files from a commit
Get Job Status
GET /jobs/:jobId - Retrieve scan status and results
GitHub Scan Events
GET /github/:scanId/events - Real-time SSE updates
Commit Scan Events
GET /commit/:jobId/events - Real-time SSE updates
Rate Limits
Rate limits are enforced based on your subscription plan. When exceeded, you’ll receive:Contact sales@vulnzap.com to increase your rate limits or upgrade your plan.
Response Codes
| Code | Description |
|---|---|
200 | Success |
400 | Bad Request - Invalid parameters or request body |
401 | Unauthorized - Missing or invalid API key |
403 | Forbidden - Subscription limit exceeded |
404 | Not Found - Resource not found |
500 | Internal Server Error |
Best Practices
Use SSE for Real-Time Updates
Use SSE for Real-Time Updates
Use SSE endpoints (
/github/:scanId/events and /commit/:jobId/events) for real-time updates instead of polling. If SSE is not available, poll /jobs/:jobId endpoint every 5-10 seconds.Handle Errors Gracefully
Handle Errors Gracefully
Always check the
success field in responses and handle errors appropriately with proper error messages.Secure Your API Keys
Secure Your API Keys
Never expose your API key in client-side code. Use server-side proxies or environment variables.
Implement Exponential Backoff
Implement Exponential Backoff
For failed requests, implement exponential backoff to avoid overwhelming the API.
Monitor Shared Scans
Monitor Shared Scans