SecuProbe
SYSTEMS OPERATIONAL — All security modules running
API Reference

SecuProbe API Documentation

Automate security scanning in your CI/CD pipeline using the SecuProbe REST API. Requires a Pro or Enterprise plan. Get your API key →

Authentication

All API v1 requests require your API key in the Authorization header as a Bearer token. API keys start with sp_live_.

bash
curl https://secuprobe.io/api/v1/scans \
  -H "Authorization: Bearer sp_live_YOUR_API_KEY"

Generate API keys in Dashboard → Settings → API. Keep them secret — do not commit to version control. Store as CI/CD secrets.

Rate Limits

Rate limits are applied per API key per minute. Exceeded requests return 429 Too Many Requests.

PlanRequests / minuteAPI Scans
OneShot201 (included)
Pro60Unlimited
Enterprise200Unlimited

Rate limit headers: X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset (Unix timestamp).

Endpoints

Base URL: https://secuprobe.io/api/v1

POST/api/v1/scansscope: scans:create

Launch a new security scan. Returns immediately with a scan ID — poll GET /scans/:id for status.

bash
curl -X POST https://secuprobe.io/api/v1/scans \
  -H "Authorization: Bearer sp_live_YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{ "url": "https://your-domain.com" }'
json
{
  "scanId": "550e8400-e29b-41d4-a716-446655440000",
  "status": "queued",
  "estimatedDuration": 120,
  "resultsUrl": "https://secuprobe.io/api/v1/scans/550e8400-e29b-41d4-a716-446655440000"
}
GET/api/v1/scans/{id}scope: scans:read

Get scan status and summary. Poll until status is 'completed' or 'failed'.

bash
curl https://secuprobe.io/api/v1/scans/SCAN_ID \
  -H "Authorization: Bearer sp_live_YOUR_API_KEY"
json
{
  "scanId": "550e8400-...",
  "url": "https://your-domain.com",
  "status": "completed",
  "secuScore": 78,
  "vulnerabilitiesCount": {
    "critical": 1,
    "high": 3,
    "medium": 5,
    "low": 8,
    "info": 12
  },
  "completedAt": "2026-03-10T12:00:00Z",
  "reportUrl": "https://secuprobe.io/scan/550e8400-..."
}
GET/api/v1/scans/{id}/vulnerabilitiesscope: scans:read

List all vulnerabilities found in a scan with descriptions and remediation guides.

bash
curl https://secuprobe.io/api/v1/scans/SCAN_ID/vulnerabilities \
  -H "Authorization: Bearer sp_live_YOUR_API_KEY"
json
{
  "total": 29,
  "vulnerabilities": [
    {
      "id": "vuln-uuid",
      "title": "Missing Content-Security-Policy",
      "severity": "high",
      "category": "Security Headers",
      "description": "No CSP header found...",
      "remediationGuide": "1. Add a Content-Security-Policy header..."
    }
  ]
}
GET/api/v1/domainsscope: domains:read

List all validated domains in your account.

bash
curl https://secuprobe.io/api/v1/domains \
  -H "Authorization: Bearer sp_live_YOUR_API_KEY"
json
{
  "domains": [
    {
      "id": "domain-uuid",
      "hostname": "your-domain.com",
      "isValidated": true,
      "createdAt": "2026-01-15T10:00:00Z"
    }
  ]
}

Error Codes

HTTP CodeMeaningAction
400Bad RequestCheck request body / params
401UnauthorizedVerify API key is valid and active
403ForbiddenAction requires a higher plan
404Not FoundResource does not exist or is not yours
429Rate LimitedSlow down — check X-RateLimit-Reset header
500Server ErrorRetry with exponential back-off

Error responses follow the format: { "error": "Human readable message" }

GitHub Actions

Use the official SecuProbe GitHub Action to scan your site on every push or pull request.

yaml
# .github/workflows/security.yml
name: Security Scan

on:
  push:
    branches: [main, develop]
  pull_request:
    branches: [main]

jobs:
  security:
    runs-on: ubuntu-latest
    steps:
      - name: SecuProbe Security Scan
        id: scan
        uses: Garconposey/secuprobe-scan-action@v1.0.0
        with:
          api_key: ${{ secrets.SECUPROBE_API_KEY }}
          url: https://your-app.com
          fail_on_severity: high   # critical | high | medium | low | none

      - name: Print score
        run: |
          echo "SecuScore: ${{ steps.scan.outputs.secu_score }}/100"
          echo "Report: ${{ steps.scan.outputs.report_url }}"

Inputs: api_key (required), url (required), fail_on_severity (default: critical), timeout (default: 600s)

Outputs: scan_id, secu_score, report_url

GitLab CI

Use the SecuProbe API directly in your .gitlab-ci.yml pipeline. Store your API key as a GitLab CI/CD variable named SECUPROBE_API_KEY.

yaml
# .gitlab-ci.yml
stages:
  - deploy
  - security

secuprobe-scan:
  stage: security
  image: curlimages/curl:latest
  script:
    # 1. Start the scan
    - |
      SCAN=$(curl -sf -X POST https://secuprobe.io/api/v1/scans \
        -H "Authorization: Bearer $SECUPROBE_API_KEY" \
        -H "Content-Type: application/json" \
        -d "{\"url\": \"$DEPLOY_URL\"}")
      SCAN_ID=$(echo $SCAN | grep -o '"scanId":"[^"]*"' | cut -d'"' -f4)
      echo "Scan ID: $SCAN_ID"
    # 2. Poll until completed (max 10 minutes)
    - |
      for i in $(seq 1 60); do
        STATUS=$(curl -sf "https://secuprobe.io/api/v1/scans/$SCAN_ID" \
          -H "Authorization: Bearer $SECUPROBE_API_KEY" | grep -o '"status":"[^"]*"' | cut -d'"' -f4)
        echo "Status: $STATUS"
        if [ "$STATUS" = "completed" ] || [ "$STATUS" = "failed" ]; then break; fi
        sleep 10
      done
    # 3. Get result and fail on high/critical
    - |
      RESULT=$(curl -sf "https://secuprobe.io/api/v1/scans/$SCAN_ID" \
        -H "Authorization: Bearer $SECUPROBE_API_KEY")
      CRITICAL=$(echo $RESULT | grep -o '"critical":[0-9]*' | cut -d':' -f2)
      HIGH=$(echo $RESULT | grep -o '"high":[0-9]*' | cut -d':' -f2)
      SCORE=$(echo $RESULT | grep -o '"secuScore":[0-9]*' | cut -d':' -f2)
      echo "SecuScore: $SCORE/100 | Critical: $CRITICAL | High: $HIGH"
      if [ "$CRITICAL" -gt 0 ] || [ "$HIGH" -gt 0 ]; then
        echo "FAILED: High/critical vulnerabilities found"
        exit 1
      fi
  only:
    - main
    - develop

Bitbucket Pipelines

Add SecuProbe to your Bitbucket pipeline. Set SECUPROBE_API_KEY as a repository variable in Bitbucket.

yaml
# bitbucket-pipelines.yml
image: curlimages/curl:latest

pipelines:
  branches:
    main:
      - step:
          name: Deploy
          # ... your deploy step here
      - step:
          name: SecuProbe Security Scan
          script:
            # 1. Start the scan
            - |
              SCAN=$(curl -sf -X POST https://secuprobe.io/api/v1/scans \
                -H "Authorization: Bearer $SECUPROBE_API_KEY" \
                -H "Content-Type: application/json" \
                -d "{\"url\": \"$DEPLOY_URL\"}")
              SCAN_ID=$(echo $SCAN | grep -o '"scanId":"[^"]*"' | cut -d'"' -f4)
              echo "SecuProbe Scan ID: $SCAN_ID"
            # 2. Poll until completed
            - |
              for i in $(seq 1 60); do
                STATUS=$(curl -sf "https://secuprobe.io/api/v1/scans/$SCAN_ID" \
                  -H "Authorization: Bearer $SECUPROBE_API_KEY" | grep -o '"status":"[^"]*"' | cut -d'"' -f4)
                if [ "$STATUS" = "completed" ] || [ "$STATUS" = "failed" ]; then break; fi
                sleep 10
              done
            # 3. Fail on critical vulnerabilities
            - |
              RESULT=$(curl -sf "https://secuprobe.io/api/v1/scans/$SCAN_ID" \
                -H "Authorization: Bearer $SECUPROBE_API_KEY")
              SCORE=$(echo $RESULT | grep -o '"secuScore":[0-9]*' | cut -d':' -f2)
              CRITICAL=$(echo $RESULT | grep -o '"critical":[0-9]*' | cut -d':' -f2)
              echo "SecuScore: $SCORE/100"
              if [ "$CRITICAL" -gt 0 ]; then exit 1; fi

Need help? Visit our support page or explore the integrations catalog.

View pricing →