Detectify API

API Endpoint

This page contains the documentation for the Detectify API accessible at https://api.detectify.com.

The Detectify API enables connectivity and automation through a RESTful interface with the following features:

The API can be accessed using an API key. API keys can be managed using the team page. For more details, see authentication. Depending on your subscription, some API functions may not be available.

Specification

You can download the API specification in the following formats:

Examples

Please have a look at our example implementations of the API if you need help to get started. You can find them on our GitHub page.

Authentication

All HTTP messages must be authenticated using the API key generated on the team page. For additional security, the API also allows signing the messages based on the secret key specified for the API key.

You can specify the API key in the following ways:

  • HTTP Authentication using your API key as username (BASE64 encoded):

    GET /rest/v2/domains/ HTTP/1.1
    Host: api.detectify.com
    Authorization: Basic MTA4NDBiMGY5Mzg5NDJmZWFmYjcxODZkZTc0Yjk2ODI6
  • Using the X-Detectify-Key HTTP header:

    GET /rest/v2/domains/ HTTP/1.1
    Host: api.detectify.com
    X-Detectify-Key: 10840b0f938942feafb7186de74b9682
  • Include in URL:

    https://10840b0f938942feafb7186de74b9682@api.detectify.com/rest/v2/domains/

If you created a secret key for the API key, you need to include the message signature in the request using the X-Detectify-Signature HTTP header, and the time of message creation in Unix time using the X-Detectify-Timestamp HTTP header:

GET /rest/v2/domains HTTP/1.1
Host: api.detectify.com
X-Detectify-Key: 10840b0f938942feafb7186de74b9682
X-Detectify-Signature: 6jpu6S4cQwEY4uLk+xELSe1RhajVJP0QEDpGWZ5T+U0=
X-Detectify-Timestamp: 1519829567

Messages with a timestamp older than 10 seconds before the time of receiving the message, or newer than 5 seconds after the time of receiving the message result in an authentication error.

The signature is a BASE64 hash value using the keyed-hash message authentication code (HMAC) with the SHA-256 compression function. The encryption uses the secret key specified in the settings (with BASE64 encoding). The input for the hash function is a semicolon-separated combination of

  • the HTTP method (capitalized, e.g., GET),

  • the relative URL path after https://api.detectify.com/rest (e.g., /v2/domains/),

  • the API key,

  • the UNIX timestamp specified in the X-Detectify-Timestamp header, and

  • the request body (left empty for requests without body).

Schema:

key = BASE64_DECODE({secret key})
value = {HTTP method};{relative URL};{API key};{timestamp};{request body}
signature = BASE64_ENCODE(HMAC_SHA256(key, value))

Example:

  • HTTP request GET https://api.detectify.com/rest/v2/domains/

  • at 2018-02-28T14:52:47Z, which is UNIX timestamp 1519829567

  • for API key 10840b0f938942feafb7186de74b9682

  • with secret key 0vyTnawJRFn0Q9tWLTM188Olizc72JczHSXoIlsPQIc=

  • generates message signature 6jpu6S4cQwEY4uLk+xELSe1RhajVJP0QEDpGWZ5T+U0=.

key = BASE64_DECODE("0vyTnawJRFn0Q9tWLTM188Olizc72JczHSXoIlsPQIc=")
value = "GET;/v2/domains/;10840b0f938942feafb7186de74b9682;1519829567;"
signature = BASE64_ENCODE(HMAC_SHA256(key, value))

Scans

Scanning functionality includes executing scans, retrieving scan status and managing scan schedules. You can manage scans through scan profiles, which contains the settings for the scan. You can only execute scan on verified domains, and only one scan per scan profile can run at a time.

For optimization purposes, starting/stopping queries only requests the specified operation to be executed, and therefore scans might be delayed by a few minutes.

Execute scans

POST /rest/v2/scans/5605b488634efe810dff4276e28ca7f9/
Requestsexample 1
Headers
X-Detectify-Key: YourAPIKey
X-Detectify-Signature: YourMessageSignature
X-Detectify-Timestamp: YourTimestamp
Responses202400401403404409423502503504

Accepted - Scan start request accepted.

Bad Request - The scan profile token is malformed.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Unauthorized - The API key or the message signature is invalid.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Forbidden - The API key cannot access this endpoint.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Not Found - The scan profile does not exist.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Conflict - A scan is already running on the specified profile.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Locked - The scan profile is deactivated.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Bad Gateway - The REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Temporary outage within the Detectify infrastructure, possibly due to an upgrade of a Detectify component. Please try again later.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Gateway Timeout - Indicates that the request could not be processed in time, possibly due to overload. Please try again later.

Start scan
POST/rest/v2/scans/{scan_profile_token}/

Requests to start a new scan for the scan profile identified by the scan profile token. The scan profile token can be retrieved using Get scan profiles.

The request sets the scan to starting phase, and the infrastructure starts the scan within a few minutes. You can only execute scan on verified domains, and only one scan per scan profile can run at a time. To validate whether the scan started, use Get scan status.

URI Parameters
HideShow
scan_profile_token
string (required) Example: 5605b488634efe810dff4276e28ca7f9

The scan profile token.


DELETE /rest/v2/scans/5605b488634efe810dff4276e28ca7f9/
Requestsexample 1
Headers
X-Detectify-Key: YourAPIKey
X-Detectify-Signature: YourMessageSignature
X-Detectify-Timestamp: YourTimestamp
Responses202400401403404502503504

Accepted - Scan stop request accepted.

Bad Request - The scan profile token is malformed.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Unauthorized - The API key or the message signature is invalid.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Forbidden - The API key cannot access this endpoint.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Not Found - The scan profile does not exist.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Bad Gateway - The REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Temporary outage within the Detectify infrastructure, possibly due to an upgrade of a Detectify component. Please try again later.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Gateway Timeout - The request could not be processed in time possibility due to overload. Please try again later.

Stop scan
DELETE/rest/v2/scans/{scan_profile_token}/

Requests stopping the scan currently running on the scan profile identified by the scan profile token. The scan profile token can be retrieved using Get scan profiles.

The request sets the scan to stopping phase, and is stopped by the infrastructure within a few minutes. To validate whether the scan stopped, use Get scan status.

URI Parameters
HideShow
scan_profile_token
string (required) Example: 5605b488634efe810dff4276e28ca7f9

The scan profile token.


GET /rest/v2/scans/5605b488634efe810dff4276e28ca7f9/
Requestsexample 1
Headers
X-Detectify-Key: YourAPIKey
X-Detectify-Signature: YourMessageSignature
X-Detectify-Timestamp: YourTimestamp
Responses200400401404502503504

OK - Returned scan status.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "scan_profile_token": "5605b488634efe810dff4276e28ca7f9",
  "created": "2018-01-10T08:34:15Z",
  "started": "2018-01-16T16:01:38Z",
  "phase": "starting",
  "state": "starting"
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "scan_profile_token": {
      "type": "string",
      "description": "the token of the scan profile"
    },
    "created": {
      "type": "string",
      "description": "the timestamp the scan was created"
    },
    "started": {
      "type": "string",
      "description": "the timestamp the scan started"
    },
    "phase": {
      "type": "string",
      "enum": [
        "starting",
        "information_gathering",
        "crawling",
        "information_analysis",
        "fingerprinting",
        "exploitation",
        "finalization",
        "stopping"
      ],
      "description": "the scanning phase"
    },
    "state": {
      "type": "string",
      "enum": [
        "starting",
        "running",
        "stopping",
        "stopped",
        "unable_to_resolve",
        "unable_to_complete"
      ],
      "description": "the scanning state"
    }
  }
}

Bad Request - The scan profile token is malformed.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Unauthorized - The API key or the message signature is invalid.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Not Found - The scan profile does not exist.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Bad Gateway - The REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Temporary outage within the Detectify infrastructure, possibly due to an upgrade of a Detectify component. Please try again later.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Gateway Timeout - Indicates that the request could not be processed in time, possibly due to overload. Please try again later.

Get scan status
GET/rest/v2/scans/{scan_profile_token}/

Retrieves the status of the scan currently running on the scan profile identified by the scan profile token. The status contains basic information, such as scanning phase and general status on whether the scan is running. The scan profile token can be retrieved using Get scan profiles.

If there is no scan running on the profile and

  • the last scan succeeded or no scans were executed previously, stopped status is returned (without times and phase).

  • the last scan was unable to start, unable_to_resolve status is returned (without times and phase). This indicates that we could not resolve the domain from our environment. This indicates that there is no report available for the scan. For more details, see the knowledge base.

  • the last scan was unable to complete, unable_to_complete status is returned (without times and phase). This indicates a technical issue occurring during the scan. A partial report is available for the scan, but it may not contain all vulnerabilities.

Timestamps are in ISO 8601 format, UTC.

URI Parameters
HideShow
scan_profile_token
string (required) Example: 5605b488634efe810dff4276e28ca7f9

The scan profile token.


Schedule scans

POST /rest/v2/scanschedules/5605b488634efe810dff4276e28ca7f9/
Requestsexample 1
Headers
Content-Type: application/json
X-Detectify-Key: YourAPIKey
X-Detectify-Signature: YourMessageSignature
X-Detectify-Timestamp: YourTimestamp
Body
{
  "frequency": "once",
  "start": "2018-01-10T08:34:15Z"
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "frequency": {
      "type": "string",
      "enum": [
        "once",
        "daily",
        "weekly",
        "biweekly",
        "monthly"
      ],
      "description": "the scanning frequency"
    },
    "start": {
      "type": "string",
      "description": "the starting timestamp of the schedule"
    }
  },
  "required": [
    "frequency"
  ]
}
Responses200400401403404423502503504

OK - Scan schedule set.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "scan_profile_token": "5605b488634efe810dff4276e28ca7f9",
  "frequency": "once",
  "first_scan": "2018-01-10T08:34:15Z",
  "next_scan": "2018-01-11T08:34:15Z"
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "scan_profile_token": {
      "type": "string",
      "description": "the token of the scan profile"
    },
    "frequency": {
      "type": "string",
      "enum": [
        "once",
        "daily",
        "weekly",
        "biweekly",
        "monthly",
        "never"
      ],
      "description": "the scanning frequency"
    },
    "first_scan": {
      "type": "string",
      "description": "the timestamp of the first scan"
    },
    "next_scan": {
      "type": "string",
      "description": "the timestamp of the next scan"
    }
  }
}

Bad Request - The scan profile token or the request body is malformed.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Unauthorized - The API key or the message signature is invalid.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Forbidden - The API key cannot access this endpoint.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Not Found - The scan profile does not exist.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Locked - The domain is not verified.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Bad Gateway - The REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Temporary outage within the Detectify infrastructure, possibly due to an upgrade of a Detectify component. Please try again later.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Gateway Timeout - Indicates that the request could not be processed in time, possibly due to overload. Please try again later.

Set scan schedule
POST/rest/v2/scanschedules/{scan_profile_token}/

Only available for Enterprise plan.

Sets a scan schedule for the scan profile identified by the scan profile token and returns information on the schedule, such as the timestamp for the first and next scans. The scan profile token can be retrieved using Get scan profiles.

For scheduling, the frequency must be set, which can be once for a single scan or daily, weekly, biweekly or monthly for recurring scans. Optionally, a starting timestamp for the schedule can be specified. Starting timestamp must be specified in ISO 8601 format (encoded when containing UTC offset) or Unix time.

If no starting timestamp is specified, the current timestamp is taken, which results in an instant scan start. If schedule already existed for the specified scan profile, it is overwritten. Timestamps are in ISO 8601 format, UTC.

URI Parameters
HideShow
scan_profile_token
string (required) Example: 5605b488634efe810dff4276e28ca7f9

The scan profile token.


GET /rest/v2/scanschedules/5605b488634efe810dff4276e28ca7f9/
Requestsexample 1
Headers
X-Detectify-Key: YourAPIKey
X-Detectify-Signature: YourMessageSignature
X-Detectify-Timestamp: YourTimestamp
Responses200400401403404502503504

OK - Returned scan schedule.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "scan_profile_token": "5605b488634efe810dff4276e28ca7f9",
  "frequency": "once",
  "first_scan": "2018-01-10T08:34:15Z",
  "next_scan": "2018-01-11T08:34:15Z"
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "scan_profile_token": {
      "type": "string",
      "description": "the token of the scan profile"
    },
    "frequency": {
      "type": "string",
      "enum": [
        "once",
        "daily",
        "weekly",
        "biweekly",
        "monthly",
        "never"
      ],
      "description": "the scanning frequency"
    },
    "first_scan": {
      "type": "string",
      "description": "the timestamp of the first scan"
    },
    "next_scan": {
      "type": "string",
      "description": "the timestamp of the next scan"
    }
  }
}

Bad Request - The scan profile token is malformed.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Unauthorized - The API key or the message signature is invalid.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Forbidden - The API key cannot access this endpoint.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Not Found - The scan profile does not exist.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Bad Gateway - The REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Temporary outage within the Detectify infrastructure, possibly due to an upgrade of a Detectify component. Please try again later.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Gateway Timeout - Indicates that the request could not be processed in time, possibly due to overload. Please try again later.

Get scan schedule
GET/rest/v2/scanschedules/{scan_profile_token}/

Only available for Enterprise plan.

Retrieves scan schedule information on the scan profile identified by the scan profile token, such as frequency and timestamps for the first and next scans. If there is no scan scheduled for the specified profile, schedule information with never frequency is returned without timestamps. The scan profile token can be retrieved using Get scan profiles.

Timestamps are in ISO 8601 format, UTC.

URI Parameters
HideShow
scan_profile_token
string (required) Example: 5605b488634efe810dff4276e28ca7f9

The scan profile token.


DELETE /rest/v2/scanschedules/5605b488634efe810dff4276e28ca7f9/
Requestsexample 1
Headers
X-Detectify-Key: YourAPIKey
X-Detectify-Signature: YourMessageSignature
X-Detectify-Timestamp: YourTimestamp
Responses200400401403502503504

OK - Removed scan schedule.

Bad Request - The scan profile token is malformed.

Headers
Content-Type: application/json
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Unauthorized - The API key or the message signature is invalid.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Forbidden - The API key cannot access this endpoint.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Bad Gateway - The REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Temporary outage within the Detectify infrastructure, possibly due to an upgrade of a Detectify component. Please try again later.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Gateway Timeout - The request could not be processed in time possibility due to overload. Please try again later.

Remove scan schedule
DELETE/rest/v2/scanschedules/{scan_profile_token}/

Only available for Enterprise plan.

Removes scan schedule on the scan profile identified by the scan profile token. The scan profile token can be retrieved using Get scan profiles.

URI Parameters
HideShow
scan_profile_token
string (required) Example: 5605b488634efe810dff4276e28ca7f9

The scan profile token.


Domains

A domain represents a single host that can have one or more scan profiles associated with it.

Domains are identified by the domain token.

The domain information contains the domain name, status (indicating whether the domain is verified), creation time and whether domain monitoring is enabled on the domain. For more information on domain monitoring, see the knowledge base.

Manage domains

POST /rest/v2/domains/
Requestsexample 1
Headers
Content-Type: application/json
X-Detectify-Key: YourAPIKey
X-Detectify-Signature: YourMessageSignature
X-Detectify-Timestamp: YourTimestamp
Body
{
  "name": "example.com"
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "name": {
      "type": "string",
      "description": "host name or IP address and (optional) port number"
    }
  },
  "required": [
    "name"
  ]
}
Responses201400401403423502503504

Created - Domain created.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "name": "www.example.com",
  "status": "verified",
  "created": "2018-01-10T08:34:15Z",
  "token": "9cf53dabf7e213189c89587db33c9cfa",
  "monitored": false
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "name": {
      "type": "string",
      "description": "host name or IP address"
    },
    "status": {
      "type": "string",
      "enum": [
        "verified",
        "unverified"
      ],
      "description": "indicates whether the domain is verified"
    },
    "created": {
      "type": "string",
      "description": "the timestamp the domain was created"
    },
    "token": {
      "type": "string",
      "description": "the domain token"
    },
    "monitored": {
      "type": "boolean",
      "description": "indicates whether domain monitoring is enabled for the domain"
    }
  }
}

Bad Request - The request body is malformed.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Unauthorized - The API key or the message signature is invalid.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Forbidden - The API key cannot access this endpoint.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Locked - The domain already exists.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Bad Gateway - The REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Temporary outage within the Detectify infrastructure, possibly due to an upgrade of a Detectify component. Please try again later.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Gateway Timeout - Indicates that the request could not be processed in time, possibly due to overload. Please try again later.

Add domain
POST/rest/v2/domains/

Only available for Enterprise plan.

Adds a new domain for the team for the specified domain name. The domain name can be a second level domain or subdomain. Optionally, you can specify a port number for the domain that will used for domain verification. The call returns information about the newly created domain including the generated domain token and domain status.


GET /rest/v2/domains/
Requestsexample 1
Headers
X-Detectify-Key: YourAPIKey
X-Detectify-Signature: YourMessageSignature
X-Detectify-Timestamp: YourTimestamp
Responses200401403502503504

OK - Returned domain list.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
[
  {
    "name": "www.example.com",
    "status": "verified",
    "created": "2018-01-10T08:34:15Z",
    "token": "9cf53dabf7e213189c89587db33c9cfa",
    "monitored": false
  }
]
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "array",
  "items": {
    "type": "object",
    "properties": {
      "name": {
        "type": "string",
        "enum": [
          "www.example.com"
        ],
        "description": "host name or IP address"
      },
      "status": {
        "type": "string",
        "enum": [
          "verified",
          "unverified"
        ],
        "description": "indicates whether the domain is verified"
      },
      "created": {
        "type": "string",
        "enum": [
          "2018-01-10T08:34:15Z"
        ],
        "description": "the timestamp the domain was created"
      },
      "token": {
        "type": "string",
        "enum": [
          "9cf53dabf7e213189c89587db33c9cfa"
        ],
        "description": "the domain token"
      },
      "monitored": {
        "type": "boolean",
        "enum": [
          false
        ],
        "description": "indicates whether domain monitoring is enabled for the domain"
      }
    },
    "required": [
      "name",
      "status",
      "created",
      "token",
      "monitored"
    ],
    "additionalProperties": false
  }
}

Unauthorized - The API key or the message signature is invalid.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Forbidden - The API key cannot access this endpoint.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Bad Gateway - The REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Temporary outage within the Detectify infrastructure, possibly due to an upgrade of a Detectify component. Please try again later.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Gateway Timeout - Indicates that the request could not be processed in time, possibly due to overload. Please try again later.

Get domains
GET/rest/v2/domains/

Returns an array of all domains for the team.

If the team has no domains, the response contains an empty array.

Timestamps are in ISO 8601 format, UTC.


DELETE /rest/v2/domains/9cf53dabf7e213189c89587db33c9cfa/
Requestsexample 1
Headers
X-Detectify-Key: YourAPIKey
X-Detectify-Signature: YourMessageSignature
X-Detectify-Timestamp: YourTimestamp
Responses200400401403412502503504

OK - Removed domain.

Bad Request - The domain token is malformed.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Unauthorized - The API key or the message signature is invalid.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Forbidden - The API key cannot access this endpoint.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Precondition Failed - One or more scan profiles exist for the domain.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Bad Gateway - The REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Temporary outage within the Detectify infrastructure, possibly due to an upgrade of a Detectify component. Please try again later.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Gateway Timeout - Indicates that the request could not be processed in time, possibly due to overload. Please try again later.

Remove domain
DELETE/rest/v2/domains/{domain_token}/

Only available for Enterprise plan.

Removes the domain identified by the domain token. The domain token can be retrieved using Get domains.

You can only remove the domain if no scan profiles exist for the domain.

URI Parameters
HideShow
domain_token
string (required) Example: 9cf53dabf7e213189c89587db33c9cfa

The domain token.


GET /rest/v2/domains/9cf53dabf7e213189c89587db33c9cfa/subdomains/
Requestsexample 1
Headers
X-Detectify-Key: YourAPIKey
X-Detectify-Signature: YourMessageSignature
X-Detectify-Timestamp: YourTimestamp
Responses200400401403502503504

OK - Returned subdomain list.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
[
  {
    "name": "www.example.com",
    "status": "verified",
    "created": "2018-01-10T08:34:15Z",
    "token": "9cf53dabf7e213189c89587db33c9cfa",
    "discovered": "2018-01-03T09:54:23Z",
    "last_seen": "2018-03-13T12:05:13Z",
    "tags": [
      {
        "type": "Tag Autodiscovery",
        "value": "autodiscovery"
      }
    ]
  }
]
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "array",
  "items": {
    "type": "object",
    "properties": {
      "name": {
        "type": "string",
        "enum": [
          "www.example.com"
        ],
        "description": "host name or IP address"
      },
      "status": {
        "type": "string",
        "enum": [
          "verified",
          "unverified"
        ],
        "description": "indicates whether the domain is verified (for manual domains)"
      },
      "created": {
        "type": "string",
        "enum": [
          "2018-01-10T08:34:15Z"
        ],
        "description": "the timestamp the domain was created (for manual domains)"
      },
      "token": {
        "type": "string",
        "enum": [
          "9cf53dabf7e213189c89587db33c9cfa"
        ],
        "description": "the domain token (for manual domains)"
      },
      "discovered": {
        "type": "string",
        "enum": [
          "2018-01-03T09:54:23Z"
        ],
        "description": "the timestamp the domain was discovered (for discovered domains)"
      },
      "last_seen": {
        "type": "string",
        "enum": [
          "2018-03-13T12:05:13Z"
        ],
        "description": "the timestamp the domain was last seen (for discovered domains)"
      },
      "tags": {
        "type": "array",
        "items": {
          "type": "object",
          "properties": {
            "type": {
              "type": "string",
              "enum": [
                "Tag Autodiscovery"
              ],
              "description": "the type of the tag"
            },
            "value": {
              "type": "string",
              "enum": [
                "autodiscovery"
              ],
              "description": "the value of the tag"
            }
          },
          "required": [
            "type",
            "value"
          ],
          "additionalProperties": false
        },
        "description": "domain tags"
      }
    },
    "required": [
      "name",
      "status",
      "created",
      "token",
      "discovered",
      "last_seen",
      "tags"
    ],
    "additionalProperties": false
  }
}

Bad Request - The domain token is malformed.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Unauthorized - The API key or the message signature is invalid.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Forbidden - The API key cannot access this endpoint.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Bad Gateway - The REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Temporary outage within the Detectify infrastructure, possibly due to an upgrade of a Detectify component. Please try again later.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Gateway Timeout - Indicates that the request could not be processed in time, possibly due to overload. Please try again later.

Get subdomains
GET/rest/v2/domains/{domain_token}/subdomains/

Retrieves subdomains for the domain identified by the domain token. The domain token can be retrieved using Get domains.

The list includes

  • manually added subdomains (tagged manual with general domain information), and

  • subdomains discovered using DNS information (tagged autodiscovery with discovery times).

URI Parameters
HideShow
domain_token
string (required) Example: 9cf53dabf7e213189c89587db33c9cfa

The domain token.


Scan profiles

A scan profile represents the target of a scan, which can be a domain, subdomain or IP address. Several scan profiles can be created for a domain with different settings or different endpoints.

Scan profiles are identified by the scan profile token.

The scan profile information includes the associated domain token, endpoint, creation time and scan profile status. The scan profile status may be:

  • verified, indicating that the scan profile can be scanned, and no issues occurred during the last scan.

  • unable_to_resolve, indicating that the last scan on the scan profile could not resolve the domain. This indicates that there is no report available for the scan. For more details, see the knowledge base.

  • unable_to_complete, indicating that the last on the scan profile could not complete. This indicates a technical issue occurring during the scan. A partial report is available for the scan, but it may not contain all vulnerabilities.

Manage scan profiles

POST /rest/v2/profiles/
Requestsexample 1
Headers
Content-Type: application/json
X-Detectify-Key: YourAPIKey
X-Detectify-Signature: YourMessageSignature
X-Detectify-Timestamp: YourTimestamp
Body
{
  "domain_token": "9cf53dabf7e213189c89587db33c9cfa",
  "name": "example profile",
  "endpoint": "www.example.com",
  "unique": false,
  "valid": false
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "domain_token": {
      "type": "string",
      "description": "the domain token"
    },
    "name": {
      "type": "string",
      "description": "scan profile name"
    },
    "endpoint": {
      "type": "string",
      "description": "the endpoint of the scan profile, includes host name or IP address and (optional) port number"
    },
    "unique": {
      "type": "boolean",
      "description": "indicates whether the scan profile should be unique for the team"
    },
    "valid": {
      "type": "boolean",
      "description": "indicates whether to validate that the endpoint exists by resolving the host name"
    }
  },
  "required": [
    "endpoint"
  ]
}
Responses201400401403404409412423502503504

Created - Scan profile created.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "name": "example profile",
  "endpoint": "www.example.com",
  "status": "verified",
  "created": "2018-01-10T08:34:15Z",
  "token": "5605b488634efe810dff4276e28ca7f9"
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "name": {
      "type": "string",
      "description": "scan profile name"
    },
    "endpoint": {
      "type": "string",
      "description": "the endpoint of the scan profile, includes host name or IP address and (optional) port number"
    },
    "status": {
      "type": "string",
      "enum": [
        "verified",
        "unverified",
        "unable_to_resolve",
        "unable_to_complete"
      ],
      "description": "indicates the status of the scan profile"
    },
    "created": {
      "type": "string",
      "description": "the timestamp the scan profile was created"
    },
    "token": {
      "type": "string",
      "description": "the scan profile token"
    }
  }
}

Bad Request - The request body is malformed.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Unauthorized - The API key or the message signature is invalid.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Forbidden - The API key cannot access this endpoint.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Not Found - The domain for the specified domain token does not exist.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Conflict - The domain specified by the domain token does not match the scan profile endpoint.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Precondition Failed - The subscription does not allow additional profiles or easy domain verification is not enabled.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Locked - A scan profile already exists with the endpoint.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Bad Gateway - The REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Temporary outage within the Detectify infrastructure, possibly due to an upgrade of a Detectify component. Please try again later.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Gateway Timeout - Indicates that the request could not be processed in time, possibly due to overload. Please try again later.

Add scan profile
POST/rest/v2/profiles/

Only available for Enterprise plan.

Adds a new scan profile using the specified endpoint and name. You can add a scan profile to

  • an existing, verified domain, which is either specified by the domain token or selected based on the endpoint;

  • a non-existing domain that is added along with the scan profile, which requires easy domain verification enabled.

If you do not provide the scan profile name, the endpoint will be used as scan profile name. The scan profile can be optionally specified as

  • unique, indicating that the scan profile should only be added if no scan profile exists with the same endpoint;

  • valid, indicating that the scan profile should be validated by resolving the specified endpoint and sending a HTTP GET request. The request is sent to either the port specified in the endpoint or the standard HTTP/HTTPS ports (80/443) with a timeout of 10 seconds.

The call returns information about the newly created scan profile including the generated scan profile token.


GET /rest/v2/profiles/
Requestsexample 1
Headers
X-Detectify-Key: YourAPIKey
X-Detectify-Signature: YourMessageSignature
X-Detectify-Timestamp: YourTimestamp
Responses200401403502503504

OK - Returned scan profile list.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
[
  {
    "name": "example profile",
    "endpoint": "www.example.com",
    "status": "verified",
    "created": "2018-01-10T08:34:15Z",
    "token": "5605b488634efe810dff4276e28ca7f9"
  }
]
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "array",
  "items": {
    "type": "object",
    "properties": {
      "name": {
        "type": "string",
        "description": "scan profile name"
      },
      "endpoint": {
        "type": "string",
        "description": "the endpoint of the scan profile, includes host name or IP address and (optional) port number"
      },
      "status": {
        "type": "string",
        "enum": [
          "verified",
          "unverified",
          "unable_to_resolve",
          "unable_to_complete"
        ],
        "description": "indicates the status of the scan profile"
      },
      "created": {
        "type": "string",
        "description": "the timestamp the scan profile was created"
      },
      "token": {
        "type": "string",
        "description": "the scan profile token"
      }
    }
  }
}

Unauthorized - The API key or the message signature is invalid.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Forbidden - The API key cannot access this endpoint.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Bad Gateway - The REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Temporary outage within the Detectify infrastructure, possibly due to an upgrade of a Detectify component. Please try again later.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Gateway Timeout - Indicates that the request could not be processed in time, possibly due to overload. Please try again later.

Get scan profiles
GET/rest/v2/profiles/

Returns an array of all scan profiles for the team.

If the team has no scan profiles, the response contains an empty array.

Timestamps are in ISO 8601 format, UTC.


GET /rest/v2/profiles/9cf53dabf7e213189c89587db33c9cfa/
Requestsexample 1
Headers
X-Detectify-Key: YourAPIKey
X-Detectify-Signature: YourMessageSignature
X-Detectify-Timestamp: YourTimestamp
Responses200400401403404502503504

OK - Returned scan profile list.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
[
  {
    "name": "example profile",
    "endpoint": "www.example.com",
    "status": "verified",
    "created": "2018-01-10T08:34:15Z",
    "token": "5605b488634efe810dff4276e28ca7f9"
  }
]
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "array",
  "items": {
    "type": "object",
    "properties": {
      "name": {
        "type": "string",
        "description": "scan profile name"
      },
      "endpoint": {
        "type": "string",
        "description": "the endpoint of the scan profile, includes host name or IP address and (optional) port number"
      },
      "status": {
        "type": "string",
        "enum": [
          "verified",
          "unverified",
          "unable_to_resolve",
          "unable_to_complete"
        ],
        "description": "indicates the status of the scan profile"
      },
      "created": {
        "type": "string",
        "description": "the timestamp the scan profile was created"
      },
      "token": {
        "type": "string",
        "description": "the scan profile token"
      }
    }
  }
}

Bad Request - The domain token is malformed.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Unauthorized - The API key or the message signature is invalid.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Forbidden - The API key cannot access this endpoint.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Not Found - The domain does not exist.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Bad Gateway - The REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Temporary outage within the Detectify infrastructure, possibly due to an upgrade of a Detectify component. Please try again later.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Gateway Timeout - Indicates that the request could not be processed in time, possibly due to overload. Please try again later.

Get scan profiles for domain
GET/rest/v2/profiles/{domain_token}/

Returns all scan profiles for the domain identified by the domain token. The domain token can be retrieved using Get domains.

If the domain has no scan profiles, the response contains an empty array.

Timestamps are in ISO 8601 format, UTC.

URI Parameters
HideShow
domain_token
string (required) Example: 9cf53dabf7e213189c89587db33c9cfa

The domain token.


DELETE /rest/v2/profiles/5605b488634efe810dff4276e28ca7f9/
Requestsexample 1
Headers
X-Detectify-Key: YourAPIKey
X-Detectify-Signature: YourMessageSignature
X-Detectify-Timestamp: YourTimestamp
Responses200400401403502503504

OK - Removed scan profile.

Bad Request - The scan profile token is malformed.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Unauthorized - The API key or the message signature is invalid.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Forbidden - The API key cannot access this endpoint.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Bad Gateway - The REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Temporary outage within the Detectify infrastructure, possibly due to an upgrade of a Detectify component. Please try again later.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Gateway Timeout - Indicates that the request could not be processed in time, possibly due to overload. Please try again later.

Remove scan profile
DELETE/rest/v2/profiles/{scan_profile_token}/

Only available for Enterprise plan.

Removes the scan profile specified by the scan profile token. The scan profile token can be retrieved using Get scan profiles.

URI Parameters
HideShow
scan_profile_token
string (required) Example: 5605b488634efe810dff4276e28ca7f9

The scan profile token.


Manage scan profile settings

GET /rest/v2/profiles/5605b488634efe810dff4276e28ca7f9/settings/
Requestsexample 1
Headers
X-Detectify-Key: YourAPIKey
X-Detectify-Signature: YourMessageSignature
X-Detectify-Timestamp: YourTimestamp
Responses200400401403404502503504

OK - Returned scan profile settings.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "report_lifespan_days": 365,
  "crawl_subdomains": true,
  "blacklisted_subdomains": [
    "shop"
  ],
  "whitelisted_paths": [
    "/secret/path/to/page.php"
  ],
  "blacklisted_paths": [
    "/secret/path/to/page.php"
  ],
  "scan_common_ports": true,
  "whitelisted_ports": [
    80
  ],
  "blacklisted_ports": [
    8080
  ],
  "custom_headers": [
    {
      "name": "special_header",
      "value": "special_value"
    }
  ],
  "custom_cookies": [
    {
      "name": "special_cookie",
      "value": "special_value",
      "secure": true,
      "httponly": false
    }
  ],
  "requests_per_second": 30,
  "basic_auth": {
    "username": "admin",
    "password": "#####"
  },
  "session_cookie": {
    "name": "session_cookie",
    "value": "session_token",
    "secure": true,
    "httponly": true
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "report_lifespan_days": {
      "type": "number",
      "description": "Indicates how many days should we keep the report"
    },
    "crawl_subdomains": {
      "type": "boolean",
      "description": "indicates whether to follow any links we find during crawling to discover subdomains"
    },
    "blacklisted_subdomains": {
      "type": "array",
      "items": {
        "type": "string"
      },
      "description": "The array of subdomains that the scan should avoid"
    },
    "whitelisted_paths": {
      "type": "array",
      "items": {
        "type": "string"
      },
      "description": "The array of paths the scan should include"
    },
    "blacklisted_paths": {
      "type": "array",
      "items": {
        "type": "string"
      },
      "description": "The array of paths the scan should avoid"
    },
    "scan_common_ports": {
      "type": "boolean",
      "description": "indicates whether to scan common HTTP ports"
    },
    "whitelisted_ports": {
      "type": "array",
      "items": {
        "type": "number"
      },
      "description": "The array of ports the scan should include"
    },
    "blacklisted_ports": {
      "type": "array",
      "items": {
        "type": "number"
      },
      "description": "The array of ports the scan should avoid"
    },
    "custom_headers": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "name": {
            "type": "string",
            "description": "the header name"
          },
          "value": {
            "type": "string",
            "description": "the header value"
          }
        }
      },
      "description": "The array of custom headers the scanner should send with every request"
    },
    "custom_cookies": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "name": {
            "type": "string",
            "description": "the cookie name"
          },
          "value": {
            "type": "string",
            "description": "the cookie value"
          },
          "secure": {
            "type": "boolean",
            "description": "indicates whether the cookie should be secure"
          },
          "httponly": {
            "type": "boolean",
            "description": "indicates whether the cookie should be HttpOnly"
          }
        }
      },
      "description": "The array of custom cookies the scanner should send with every request"
    },
    "requests_per_second": {
      "type": "number",
      "description": "sets the maximum number of HTTP requests for every second during the scan"
    },
    "basic_auth": {
      "type": "object",
      "properties": {
        "username": {
          "type": "string",
          "description": "the username"
        },
        "password": {
          "type": "string",
          "description": "the password"
        }
      },
      "description": "basic auth credentials to grant the scanner access to the website"
    },
    "session_cookie": {
      "type": "object",
      "properties": {
        "name": {
          "type": "string",
          "description": "the cookie name"
        },
        "value": {
          "type": "string",
          "description": "the cookie value"
        },
        "secure": {
          "type": "boolean",
          "description": "indicates whether the cookie should be secure"
        },
        "httponly": {
          "type": "boolean",
          "description": "indicates whether the cookie should be HttpOnly"
        }
      },
      "description": "session cookie to grant the scanner access to the website"
    }
  }
}

Bad Request - The scan profile token is malformed.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Unauthorized - The API key or the message signature is invalid.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Forbidden - The API key cannot access this endpoint.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Not Found - The scan profile does not exist.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Bad Gateway - The REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Temporary outage within the Detectify infrastructure, possibly due to an upgrade of a Detectify component. Please try again later.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Gateway Timeout - Indicates that the request could not be processed in time, possibly due to overload. Please try again later.

Get scan profile settings
GET/rest/v2/profiles/{scan_profile_token}/settings/

Returns settings for the scan profile specified by the scan profile token. The scan profile token can be retrieved using Get scan profiles.

The settings contain the following information:

  • Report lifetime: Indicates how many days should we keep the report.

  • Crawl subdomains: Indicates whether to follow any links we find during crawling to discover subdomains.

  • Blacklisted subdomains: The array of subdomains that the scan should avoid.

  • Whitelisted paths: The array of paths the scan should include.

  • Blacklisted paths: The array of paths the scan should avoid.

  • Scan common ports: Indicates whether to scan common HTTP ports such as 80, 443, 3000.

  • Whitelisted ports: The array of ports the scan should include.

  • Blacklisted ports: The array of ports the scan should avoid.

  • Custom headers: The array of custom headers the scanner should send with every request.

  • Custom cookies: The array of custom cookies the scanner should send with every request.

  • Requests per second: Sets the maximum number of HTTP requests for every second during the scan.

  • Basic Auth: Basic auth credentials to grant the scanner access to the website. For security reasons the password is masked.

  • Session Cookie: Session cookie to grant the scanner access to the website.

URI Parameters
HideShow
scan_profile_token
string (required) Example: 5605b488634efe810dff4276e28ca7f9

The scan profile token.


PUT /rest/v2/profiles/5605b488634efe810dff4276e28ca7f9/settings/
Requestsexample 1
Headers
Content-Type: application/json
X-Detectify-Key: YourAPIKey
X-Detectify-Signature: YourMessageSignature
X-Detectify-Timestamp: YourTimestamp
Body
{
  "report_lifespan_days": 365,
  "crawl_subdomains": true,
  "blacklisted_subdomains": [
    "shop"
  ],
  "whitelisted_paths": [
    "/secret/path/to/page.php"
  ],
  "blacklisted_paths": [
    "/secret/path/to/page.php"
  ],
  "scan_common_ports": true,
  "whitelisted_ports": [
    80
  ],
  "blacklisted_ports": [
    8080
  ],
  "custom_headers": [
    {
      "name": "special_header",
      "value": "special_value"
    }
  ],
  "custom_cookies": [
    {
      "name": "special_cookie",
      "value": "special_value",
      "secure": true,
      "httponly": false
    }
  ],
  "requests_per_second": 30,
  "basic_auth": {
    "username": "admin",
    "password": "#####"
  },
  "session_cookie": {
    "name": "session_cookie",
    "value": "session_token",
    "secure": true,
    "httponly": true
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "report_lifespan_days": {
      "type": "number",
      "description": "Indicates how many days should we keep the report"
    },
    "crawl_subdomains": {
      "type": "boolean",
      "description": "indicates whether to follow any links we find during crawling to discover subdomains"
    },
    "blacklisted_subdomains": {
      "type": "array",
      "items": {
        "type": "string"
      },
      "description": "The array of subdomains that the scan should avoid"
    },
    "whitelisted_paths": {
      "type": "array",
      "items": {
        "type": "string"
      },
      "description": "The array of paths the scan should include"
    },
    "blacklisted_paths": {
      "type": "array",
      "items": {
        "type": "string"
      },
      "description": "The array of paths the scan should avoid"
    },
    "scan_common_ports": {
      "type": "boolean",
      "description": "indicates whether to scan common HTTP ports"
    },
    "whitelisted_ports": {
      "type": "array",
      "items": {
        "type": "number"
      },
      "description": "The array of ports the scan should include"
    },
    "blacklisted_ports": {
      "type": "array",
      "items": {
        "type": "number"
      },
      "description": "The array of ports the scan should avoid"
    },
    "custom_headers": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "name": {
            "type": "string",
            "description": "the header name"
          },
          "value": {
            "type": "string",
            "description": "the header value"
          }
        }
      },
      "description": "The array of custom headers the scanner should send with every request"
    },
    "custom_cookies": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "name": {
            "type": "string",
            "description": "the cookie name"
          },
          "value": {
            "type": "string",
            "description": "the cookie value"
          },
          "secure": {
            "type": "boolean",
            "description": "indicates whether the cookie should be secure"
          },
          "httponly": {
            "type": "boolean",
            "description": "indicates whether the cookie should be HttpOnly"
          }
        }
      },
      "description": "The array of custom cookies the scanner should send with every request"
    },
    "requests_per_second": {
      "type": "number",
      "description": "sets the maximum number of HTTP requests for every second during the scan"
    },
    "basic_auth": {
      "type": "object",
      "properties": {
        "username": {
          "type": "string",
          "description": "the username"
        },
        "password": {
          "type": "string",
          "description": "the password"
        }
      },
      "description": "basic auth credentials to grant the scanner access to the website"
    },
    "session_cookie": {
      "type": "object",
      "properties": {
        "name": {
          "type": "string",
          "description": "the cookie name"
        },
        "value": {
          "type": "string",
          "description": "the cookie value"
        },
        "secure": {
          "type": "boolean",
          "description": "indicates whether the cookie should be secure"
        },
        "httponly": {
          "type": "boolean",
          "description": "indicates whether the cookie should be HttpOnly"
        }
      },
      "description": "session cookie to grant the scanner access to the website"
    }
  }
}
Responses200400401403404502503504

OK - Returned scan profile settings.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "report_lifespan_days": 365,
  "crawl_subdomains": true,
  "blacklisted_subdomains": [
    "shop"
  ],
  "whitelisted_paths": [
    "/secret/path/to/page.php"
  ],
  "blacklisted_paths": [
    "/secret/path/to/page.php"
  ],
  "scan_common_ports": true,
  "whitelisted_ports": [
    80
  ],
  "blacklisted_ports": [
    8080
  ],
  "custom_headers": [
    {
      "name": "special_header",
      "value": "special_value"
    }
  ],
  "custom_cookies": [
    {
      "name": "special_cookie",
      "value": "special_value",
      "secure": true,
      "httponly": false
    }
  ],
  "requests_per_second": 30,
  "basic_auth": {
    "username": "admin",
    "password": "#####"
  },
  "session_cookie": {
    "name": "session_cookie",
    "value": "session_token",
    "secure": true,
    "httponly": true
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "report_lifespan_days": {
      "type": "number",
      "description": "Indicates how many days should we keep the report"
    },
    "crawl_subdomains": {
      "type": "boolean",
      "description": "indicates whether to follow any links we find during crawling to discover subdomains"
    },
    "blacklisted_subdomains": {
      "type": "array",
      "items": {
        "type": "string"
      },
      "description": "The array of subdomains that the scan should avoid"
    },
    "whitelisted_paths": {
      "type": "array",
      "items": {
        "type": "string"
      },
      "description": "The array of paths the scan should include"
    },
    "blacklisted_paths": {
      "type": "array",
      "items": {
        "type": "string"
      },
      "description": "The array of paths the scan should avoid"
    },
    "scan_common_ports": {
      "type": "boolean",
      "description": "indicates whether to scan common HTTP ports"
    },
    "whitelisted_ports": {
      "type": "array",
      "items": {
        "type": "number"
      },
      "description": "The array of ports the scan should include"
    },
    "blacklisted_ports": {
      "type": "array",
      "items": {
        "type": "number"
      },
      "description": "The array of ports the scan should avoid"
    },
    "custom_headers": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "name": {
            "type": "string",
            "description": "the header name"
          },
          "value": {
            "type": "string",
            "description": "the header value"
          }
        }
      },
      "description": "The array of custom headers the scanner should send with every request"
    },
    "custom_cookies": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "name": {
            "type": "string",
            "description": "the cookie name"
          },
          "value": {
            "type": "string",
            "description": "the cookie value"
          },
          "secure": {
            "type": "boolean",
            "description": "indicates whether the cookie should be secure"
          },
          "httponly": {
            "type": "boolean",
            "description": "indicates whether the cookie should be HttpOnly"
          }
        }
      },
      "description": "The array of custom cookies the scanner should send with every request"
    },
    "requests_per_second": {
      "type": "number",
      "description": "sets the maximum number of HTTP requests for every second during the scan"
    },
    "basic_auth": {
      "type": "object",
      "properties": {
        "username": {
          "type": "string",
          "description": "the username"
        },
        "password": {
          "type": "string",
          "description": "the password"
        }
      },
      "description": "basic auth credentials to grant the scanner access to the website"
    },
    "session_cookie": {
      "type": "object",
      "properties": {
        "name": {
          "type": "string",
          "description": "the cookie name"
        },
        "value": {
          "type": "string",
          "description": "the cookie value"
        },
        "secure": {
          "type": "boolean",
          "description": "indicates whether the cookie should be secure"
        },
        "httponly": {
          "type": "boolean",
          "description": "indicates whether the cookie should be HttpOnly"
        }
      },
      "description": "session cookie to grant the scanner access to the website"
    }
  }
}

Bad Request - The scan profile token or the request body is malformed.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Unauthorized - The API key or the message signature is invalid.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Forbidden - The API key cannot access this endpoint.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Not Found - The scan profile does not exist.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Bad Gateway - The REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Temporary outage within the Detectify infrastructure, possibly due to an upgrade of a Detectify component. Please try again later.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Gateway Timeout - Indicates that the request could not be processed in time, possibly due to overload. Please try again later.

Update scan profile settings
PUT/rest/v2/profiles/{scan_profile_token}/settings/

Only available for Enterprise plan.

Updates settings for the scan profile specified by the scan profile token and returns the updated settings. The scan profile token can be retrieved using Get scan profiles.

You can update each value individually by specifying the setting in the request body. The update does not affect settings that are not present in the request body. The maximum allowed request body size is 30 KB. The following information can be updated:

  • Report lifetime: Indicates how many days should we keep the report. The value must be between 7 and 10000 days. Send 0 to reset the value to the global report lifetime.

  • Crawl subdomains: Indicates whether to follow any links we find during crawling to discover subdomains.

  • Blacklisted subdomains: The array of subdomains that the scan should avoid. The list should only contain the subdomain part, e.g., blog instead of blog.example.com. To remove all blacklisted domains send an empty array.

  • Whitelisted paths: The array of paths the scan should include. The list should only the relative path of the URL, e.g., /secret/path/of/page.php instead of https://www.example.com/secret/path/of/page.php. To remove all whitelisted paths send an empty array.

  • Blacklisted paths: The array of paths the scan should avoid. The list should only the relative path of the URL, e.g., /secret/path/of/page.php instead of https://www.example.com/secret/path/of/page.php. To remove all blacklisted paths send an empty array.

  • Scan common ports: Indicates whether to scan common HTTP ports such as 80, 443, 3000.

  • Whitelisted ports: The array of ports the scan should include. To remove all whitelisted ports send an empty array.

  • Blacklisted ports: The array of ports the scan should avoid. To remove all blacklisted ports send an empty array.

  • Custom headers: The array of custom headers the scanner should send with every request. Headers must have specified name and value. To remove all custom headers send an empty array.

  • Custom cookies: The array of custom cookies the scanner should send with every request. Cookies must have specified name and value with optional secure and HttpOnly flags. To remove all custom cookies send an empty array.

  • Requests per second: Sets the maximum number of HTTP requests for every second during the scan. The value must be between 5 and 1000. Send 0 for unlimited number of requests per second.

  • Basic Auth: Basic auth credentials (username/password) to grant the scanner access to the website. To remove basic auth credentials send empty username and password.

  • Session Cookie: Session cookie to grant the scanner access to the website. The cookie must have specified name and value with optional secure and HttpOnly flags. To remove session cookie send empty name and value.

Examples:

  • Add or update whitelisted/blacklisted paths:

    {
        "whitelisted_paths": [ "/scan/path1", "/scan/path2" ],
        "blacklisted_paths": [ "/dont/scan/" ],
    }
  • Add or update basic auth:

    {
        "basic_auth": { "username": "admin", "password": "admin" }
    }
  • Disable crawl subdomains and reset requests per second to unlimited:

    {
        "crawl_subdomains": false,
        "requests_per_second": 0,
    }
  • Add or update custom headers, remove all blacklisted paths and basic auth:

    {
        "custom_headers": [{
            "name": "special_header",
            "value": "special_value"
        }],
        "blacklisted_paths": [],
        "basic_auth": { "username": "", "password": "" }
    }
URI Parameters
HideShow
scan_profile_token
string (required) Example: 5605b488634efe810dff4276e28ca7f9

The scan profile token.


Scan reports

Reports present the result of a scan and are created at the instance a scan starts. Therefore, the latest report for a scan profile may be partial and can receive updates until the scan has finished.

Reports are identified by the report token.

Reports are presented at four levels:

  • basic report information contains only the report token and creation time;

  • report summary contains generic information, such as the report URL, overall CVSS score, scan start/stop times and the number of findings at different threat levels;

  • detailed report summary contains the report summary and the UUIDs for findings, which can be used to retrieve finding information;

  • full report contains the report summary and information on findings.

For convenience, queries for reports containing findings have additional filtering options. However, filters do not affect the information in the report summary.

Get reports

GET /rest/v2/reports/5605b488634efe810dff4276e28ca7f9/?from=1516114800&to=1516119398
Requestsexample 1
Headers
X-Detectify-Key: YourAPIKey
X-Detectify-Signature: YourMessageSignature
X-Detectify-Timestamp: YourTimestamp
Responses200400401403404502503504

OK - Returned report list.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
[
  {
    "token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
    "created": "2018-01-09T06:07:12Z"
  }
]
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "array",
  "items": {
    "type": "object",
    "properties": {
      "token": {
        "type": "string",
        "description": "the report token"
      },
      "created": {
        "type": "string",
        "description": "the time the report was created"
      }
    }
  }
}

Bad Request - One or more parameters are malformed.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Unauthorized - The API key or the message signature is invalid.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Forbidden - The API key cannot access this endpoint.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Not Found - The scan profile does not exist.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Bad Gateway - The REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Temporary outage within the Detectify infrastructure, possibly due to an upgrade of a Detectify component. Please try again later.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Gateway Timeout - Indicates that the request could not be processed in time, possibly due to overload. Please try again later.

Get reports
GET/rest/v2/reports/{scan_profile_token}/{?from,to}

Returns report tokens and creation times for the scan profile identified by the scan profile token. The scan profile token can be retrieved using Get scan profiles.

You can filter the results for a time interval using the from and to parameters, which must be specified in ISO 8601 format (encoded when containing UTC offset) or Unix time. If there are no reports available for the specified parameters, the response contains an empty array.

Timestamps are in ISO 8601 format, UTC.

URI Parameters
HideShow
scan_profile_token
string (required) Example: 5605b488634efe810dff4276e28ca7f9

The scan profile token.

from
string (optional) Example: 1516114800

Filters the reports created before the specified timestamp.

to
string (optional) Example: 1516119398

Filters the reports created after the specified timestamp.


Get single report

GET /rest/v2/reports/5605b488634efe810dff4276e28ca7f9/60a0fae258d2c952765e81054929c8e6a6fdbdf77/
Requestsexample 1
Headers
X-Detectify-Key: YourAPIKey
X-Detectify-Signature: YourMessageSignature
X-Detectify-Timestamp: YourTimestamp
Responses200400401403404502503504

OK - Returned report.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
  "scan_profile_token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
  "scan_profile_name": "example profile",
  "created": "2018-01-09T06:07:12Z",
  "started": "2018-01-09T06:07:32Z",
  "stopped": "2018-01-09T17:13:52Z",
  "url": "https://detectify.com/report/5605b488634efe810dff4276e28ca7f9/60a0fae258d2c952765e81054929c8e6a6fdbdf77/",
  "cvss": 9.3,
  "high_level_findings": 4,
  "medium_level_findings": 7,
  "low_level_findings": 11,
  "information_findings": 18
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "token": {
      "type": "string",
      "description": "the report token"
    },
    "scan_profile_token": {
      "type": "string",
      "description": "the scan profile token"
    },
    "scan_profile_name": {
      "type": "string",
      "description": "the name of the scan profile"
    },
    "created": {
      "type": "string",
      "description": "the time the report was created"
    },
    "started": {
      "type": "string",
      "description": "the time the scan started"
    },
    "stopped": {
      "type": "string",
      "description": "the time the scan stopped"
    },
    "url": {
      "type": "string",
      "description": "the direct URL of the report"
    },
    "cvss": {
      "type": "number",
      "description": "the overall CVSS score of the report"
    },
    "high_level_findings": {
      "type": "number",
      "description": "the number of high level vulnerabilities"
    },
    "medium_level_findings": {
      "type": "number",
      "description": "the number of medium level vulnerabilities"
    },
    "low_level_findings": {
      "type": "number",
      "description": "the number of low level vulnerabilities"
    },
    "information_findings": {
      "type": "number",
      "description": "the number of information findings"
    }
  }
}

Bad Request - One or more parameters are malformed.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Unauthorized - The API key or the message signature is invalid.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Forbidden - The API key cannot access this endpoint.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Not Found - The report does not exist.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Bad Gateway - The REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Temporary outage within the Detectify infrastructure, possibly due to an upgrade of a Detectify component. Please try again later.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Gateway Timeout - Indicates that the request could not be processed in time, possibly due to overload. Please try again later.

Get single report
GET/rest/v2/reports/{scan_profile_token}/{report_token}/

Returns the report summary for the report identified by the scan profile token and report token.

Timestamps are in ISO 8601 format, UTC.

URI Parameters
HideShow
scan_profile_token
string (required) Example: 5605b488634efe810dff4276e28ca7f9

The scan profile token.

report_token
string (required) Example: 60a0fae258d2c952765e81054929c8e6a6fdbdf77

The report token.


Get latest report

GET /rest/v2/reports/5605b488634efe810dff4276e28ca7f9/latest/
Requestsexample 1
Headers
X-Detectify-Key: YourAPIKey
X-Detectify-Signature: YourMessageSignature
X-Detectify-Timestamp: YourTimestamp
Responses200400401403404502503504

OK - Returned report.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
  "scan_profile_token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
  "scan_profile_name": "example profile",
  "created": "2018-01-09T06:07:12Z",
  "started": "2018-01-09T06:07:32Z",
  "stopped": "2018-01-09T17:13:52Z",
  "url": "https://detectify.com/report/5605b488634efe810dff4276e28ca7f9/60a0fae258d2c952765e81054929c8e6a6fdbdf77/",
  "cvss": 9.3,
  "high_level_findings": 4,
  "medium_level_findings": 7,
  "low_level_findings": 11,
  "information_findings": 18
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "token": {
      "type": "string",
      "description": "the report token"
    },
    "scan_profile_token": {
      "type": "string",
      "description": "the scan profile token"
    },
    "scan_profile_name": {
      "type": "string",
      "description": "the name of the scan profile"
    },
    "created": {
      "type": "string",
      "description": "the time the report was created"
    },
    "started": {
      "type": "string",
      "description": "the time the scan started"
    },
    "stopped": {
      "type": "string",
      "description": "the time the scan stopped"
    },
    "url": {
      "type": "string",
      "description": "the direct URL of the report"
    },
    "cvss": {
      "type": "number",
      "description": "the overall CVSS score of the report"
    },
    "high_level_findings": {
      "type": "number",
      "description": "the number of high level vulnerabilities"
    },
    "medium_level_findings": {
      "type": "number",
      "description": "the number of medium level vulnerabilities"
    },
    "low_level_findings": {
      "type": "number",
      "description": "the number of low level vulnerabilities"
    },
    "information_findings": {
      "type": "number",
      "description": "the number of information findings"
    }
  }
}

Bad Request - The scan profile token is malformed.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Unauthorized - The API key or the message signature is invalid.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Forbidden - The API key cannot access this endpoint.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Not Found - The report does not exist.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Bad Gateway - The REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Temporary outage within the Detectify infrastructure, possibly due to an upgrade of a Detectify component. Please try again later.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Gateway Timeout - Indicates that the request could not be processed in time, possibly due to overload. Please try again later.

Get latest report
GET/rest/v2/reports/{scan_profile_token}/latest/

Returns the report summary for the latest report for the scan profile identified by the scan profile token. The scan profile token can be retrieved using Get scan profiles.

If there is no scan running for the profile, the response contains the report for the last scan; otherwise, the (partial) report for the ongoing scan.

Timestamps are in ISO 8601 format, UTC.

URI Parameters
HideShow
scan_profile_token
string (required) Example: 5605b488634efe810dff4276e28ca7f9

The scan profile token.


Get single detailed report

GET /rest/v2/detailedreports/5605b488634efe810dff4276e28ca7f9/60a0fae258d2c952765e81054929c8e6a6fdbdf77/?severity=&from=1516114800&to=1516119398
Requestsexample 1
Headers
X-Detectify-Key: YourAPIKey
X-Detectify-Signature: YourMessageSignature
X-Detectify-Timestamp: YourTimestamp
Responses200400401403404502503504

OK - Returned report.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
  "scan_profile_token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
  "scan_profile_name": "example profile",
  "created": "2018-01-09T06:07:12Z",
  "started": "2018-01-09T06:07:32Z",
  "stopped": "2018-01-09T17:13:52Z",
  "url": "https://detectify.com/report/5605b488634efe810dff4276e28ca7f9/60a0fae258d2c952765e81054929c8e6a6fdbdf77/",
  "cvss": 9.3,
  "high_level_findings": 4,
  "medium_level_findings": 7,
  "low_level_findings": 11,
  "information_findings": 18,
  "findings": [
    "941c4794-379b-4efd-bccf-21c4f0c034b1"
  ]
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "token": {
      "type": "string",
      "description": "the report token"
    },
    "scan_profile_token": {
      "type": "string",
      "description": "the scan profile token"
    },
    "scan_profile_name": {
      "type": "string",
      "description": "the name of the scan profile"
    },
    "created": {
      "type": "string",
      "description": "the time the report was created"
    },
    "started": {
      "type": "string",
      "description": "the time the scan started"
    },
    "stopped": {
      "type": "string",
      "description": "the time the scan stopped"
    },
    "url": {
      "type": "string",
      "description": "the direct URL of the report"
    },
    "cvss": {
      "type": "number",
      "description": "the overall CVSS score of the report"
    },
    "high_level_findings": {
      "type": "number",
      "description": "the number of high level vulnerabilities"
    },
    "medium_level_findings": {
      "type": "number",
      "description": "the number of medium level vulnerabilities"
    },
    "low_level_findings": {
      "type": "number",
      "description": "the number of low level vulnerabilities"
    },
    "information_findings": {
      "type": "number",
      "description": "the number of information findings"
    },
    "findings": {
      "type": "array",
      "items": {
        "type": "string"
      },
      "description": "the finding UUIDs"
    }
  }
}

Bad Request - One or more parameters are malformed.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Unauthorized - The API key or the message signature is invalid.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Forbidden - The API key cannot access this endpoint.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Not Found - The report does not exist.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Bad Gateway - The REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Temporary outage within the Detectify infrastructure, possibly due to an upgrade of a Detectify component. Please try again later.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Gateway Timeout - Indicates that the request could not be processed in time, possibly due to overload. Please try again later.

Get single detailed report
GET/rest/v2/detailedreports/{scan_profile_token}/{report_token}/{?severity,from,to}

Only available for Enterprise plan.

Returns the detailed report summary of the latest report for the scan profile identified by the scan profile token and report token.

The detailed report includes the collection of finding UUIDs above the report summary to identify findings within the report. The findings within the report can be filtered based on severity and time interval using the from and to parameters. Time interval values must be specified in ISO 8601 format (encoded when containing UTC offset) or Unix time.

Timestamps are in ISO 8601 format, UTC.

URI Parameters
HideShow
scan_profile_token
string (required) Example: 5605b488634efe810dff4276e28ca7f9

The scan profile token.

report_token
string (required) Example: 60a0fae258d2c952765e81054929c8e6a6fdbdf77

The report token.

severity
string (optional) 

Filters the findings based on the finding severity.

Choices: high medium low information

from
string (optional) Example: 1516114800

Filters the last updated findings before the specified timestamp.

to
string (optional) Example: 1516119398

Filters the last updated findings after the specified timestamp.


Get latest detailed report

GET /rest/v2/detailedreports/5605b488634efe810dff4276e28ca7f9/latest/?severity=&from=1516114800&to=1516119398
Requestsexample 1
Headers
X-Detectify-Key: YourAPIKey
X-Detectify-Signature: YourMessageSignature
X-Detectify-Timestamp: YourTimestamp
Responses200400401403404502503504

OK - Returned report.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
  "scan_profile_token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
  "scan_profile_name": "example profile",
  "created": "2018-01-09T06:07:12Z",
  "started": "2018-01-09T06:07:32Z",
  "stopped": "2018-01-09T17:13:52Z",
  "url": "https://detectify.com/report/5605b488634efe810dff4276e28ca7f9/60a0fae258d2c952765e81054929c8e6a6fdbdf77/",
  "cvss": 9.3,
  "high_level_findings": 4,
  "medium_level_findings": 7,
  "low_level_findings": 11,
  "information_findings": 18,
  "findings": [
    "941c4794-379b-4efd-bccf-21c4f0c034b1"
  ]
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "token": {
      "type": "string",
      "description": "the report token"
    },
    "scan_profile_token": {
      "type": "string",
      "description": "the scan profile token"
    },
    "scan_profile_name": {
      "type": "string",
      "description": "the name of the scan profile"
    },
    "created": {
      "type": "string",
      "description": "the time the report was created"
    },
    "started": {
      "type": "string",
      "description": "the time the scan started"
    },
    "stopped": {
      "type": "string",
      "description": "the time the scan stopped"
    },
    "url": {
      "type": "string",
      "description": "the direct URL of the report"
    },
    "cvss": {
      "type": "number",
      "description": "the overall CVSS score of the report"
    },
    "high_level_findings": {
      "type": "number",
      "description": "the number of high level vulnerabilities"
    },
    "medium_level_findings": {
      "type": "number",
      "description": "the number of medium level vulnerabilities"
    },
    "low_level_findings": {
      "type": "number",
      "description": "the number of low level vulnerabilities"
    },
    "information_findings": {
      "type": "number",
      "description": "the number of information findings"
    },
    "findings": {
      "type": "array",
      "items": {
        "type": "string"
      },
      "description": "the finding UUIDs"
    }
  }
}

Bad Request - One or more parameters are malformed.

Headers
Content-Type: application/json
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Unauthorized - The API key or the message signature is invalid.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Forbidden - The API key cannot access this endpoint.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Not Found - The report does not exist.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Bad Gateway - The REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Temporary outage within the Detectify infrastructure, possibly due to an upgrade of a Detectify component. Please try again later.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Gateway Timeout - Indicates that the request could not be processed in time, possibly due to overload. Please try again later.

Get latest detailed report
GET/rest/v2/detailedreports/{scan_profile_token}/latest/{?severity,from,to}

Only available for Enterprise plan.

Returns the detailed report summary for the latest report for the scan profile identified by the scan profile token. The scan profile token can be retrieved using Get scan profiles.

If there is no scan running for the profile, the response contains the report for the last scan; otherwise, the (partial) report for the ongoing scan. The detailed report includes the collection of finding UUIDs above the report summary to identify findings within the report. The findings within the report can be filtered based on severity and time interval using the from and to parameters. Time interval values must be specified in ISO 8601 format (encoded when containing UTC offset) or Unix time.

Timestamps are in ISO 8601 format, UTC.

URI Parameters
HideShow
scan_profile_token
string (required) Example: 5605b488634efe810dff4276e28ca7f9

The scan profile token.

severity
string (optional) 

Filters the findings based on the finding severity.

Choices: high medium low information

from
string (optional) Example: 1516114800

Filters the last updated findings before the specified timestamp.

to
string (optional) Example: 1516119398

Filters the last updated findings after the specified timestamp.


Get single full report

GET /rest/v2/fullreports/5605b488634efe810dff4276e28ca7f9/60a0fae258d2c952765e81054929c8e6a6fdbdf77/?severity=&from=1516114800&to=1516119398
Requestsexample 1
Headers
X-Detectify-Key: YourAPIKey
X-Detectify-Signature: YourMessageSignature
X-Detectify-Timestamp: YourTimestamp
Responses200400401403404502503504

OK - Returned report.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
  "scan_profile_token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
  "scan_profile_name": "example profile",
  "created": "2018-01-09T06:07:12Z",
  "started": "2018-01-09T06:07:32Z",
  "stopped": "2018-01-09T17:13:52Z",
  "url": "https://detectify.com/report/5605b488634efe810dff4276e28ca7f9/60a0fae258d2c952765e81054929c8e6a6fdbdf77/",
  "cvss": 9.3,
  "high_level_findings": 4,
  "medium_level_findings": 7,
  "low_level_findings": 11,
  "information_findings": 18,
  "findings": [
    {
      "uuid": "941c4794-379b-4efd-bccf-21c4f0c034b1",
      "report_token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
      "scan_profile_token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
      "signature": "52eadaa2-fb97-11e7-8c3f-9a214cf093ae",
      "url": "https://detectify.com/report/5605b488634efe810dff4276e28ca7f9/60a0fae258d2c952765e81054929c8e6a6fdbdf77/941c4794-379b-4efd-bccf-21c4f0c034b1/",
      "found_at": "http://www.example.com/index.html",
      "timestamp": "2018-01-09T06:18:32Z",
      "title": "Cross Site Scripting (XSS)",
      "definition": {
        "uuid": "7fe484a3-0072-43a4-9051-17b02e47e9c8",
        "description": "An attacker can inject JavaScript into the victim's browsers, which will execute under the vulnerable domain.",
        "risk": "An attacker can use this to steal cookies, phishing, tabnabbing etc.",
        "references": [
          {
            "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
            "link": "http://support.detectify.com/customer/en/portal/articles/1711512-cross-site-scripting",
            "name": "REMEDIATION - Detectify Support Center - Cross Site Scripting",
            "source": "Detectify"
          }
        ]
      },
      "score": [
        {
          "version": "2.0",
          "score": "6.4",
          "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"
        }
      ],
      "owasp": [
        {
          "year": "2017",
          "classification": "A7"
        }
      ],
      "cwe": 12,
      "details": [
        {
          "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
          "type": "Geography",
          "name": "default, service_provider_host, service_provider_name, service_provider_mail, domain_statistics_seed, domain_statistics_dns, domain_statistics_vhost, domain_statistics_crawler, boolean_based_sql_injection",
          "value": "59.3293° N, 18.0686° E, Sweden (SE), Stockholms län, Stockholm 117 33"
        }
      ],
      "tags": [
        {
          "type": "Tag New",
          "value": "new"
        }
      ],
      "target": {
        "uuid": "c063bd03-f4eb-4e66-bb22-425f2f90b1d2",
        "type": "Cookie",
        "name": "SessionId",
        "value": "7jq7ffrpe251o7rh5sapo079p2",
        "domain": "example.com",
        "path": "/",
        "secure": true,
        "httponly": "false",
        "expires": "2018-01-09T09:12:50Z",
        "address": "1.1.1.1",
        "port": 80,
        "url": "http://www.example.com/index.html",
        "request_method": "GET",
        "request_version": "1.1",
        "request_headers": [
          {
            "name": "special_header",
            "value": "special_value"
          }
        ],
        "request_body": "...",
        "request_body_base64": false,
        "response_status_code": 200,
        "response_reason_phrase": "OK",
        "response_version": "1.1",
        "response_headers": [
          {
            "name": "special_header",
            "value": "special_value"
          }
        ],
        "response_body": "...",
        "response_body_base64": false,
        "response_encoding": "utf-8"
      },
      "vulnerable_resources": {
        "vulnerable_headers": [
          {
            "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
            "name": "Strict-Transport-Security",
            "direction": "Request"
          }
        ],
        "expected_headers": [
          {
            "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
            "name": "Strict-Transport-Security",
            "direction": "Request",
            "value": "max-age=60000"
          }
        ],
        "vulnerable_cookies": [
          {
            "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
            "name": "SessionId"
          }
        ],
        "vulnerable_variables": [
          {
            "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
            "name": "username",
            "method": "GET"
          }
        ]
      },
      "command_lines": [
        {
          "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
          "unix": "traceroute -m 40 -w 0.5 213.80.101.97",
          "windows": "tracert -h 40 -w 500 213.80.101.97"
        }
      ],
      "highlights": [
        {
          "uuid": "c063bd03-f4eb-4e66-bb22-425f2f90b1d2",
          "field": "url",
          "offset": 7,
          "length": 15
        }
      ]
    }
  ]
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "token": {
      "type": "string",
      "description": "the report token"
    },
    "scan_profile_token": {
      "type": "string",
      "description": "the scan profile token"
    },
    "scan_profile_name": {
      "type": "string",
      "description": "the name of the scan profile"
    },
    "created": {
      "type": "string",
      "description": "the time the report was created"
    },
    "started": {
      "type": "string",
      "description": "the time the scan started"
    },
    "stopped": {
      "type": "string",
      "description": "the time the scan stopped"
    },
    "url": {
      "type": "string",
      "description": "the direct URL of the report"
    },
    "cvss": {
      "type": "number",
      "description": "the overall CVSS score of the report"
    },
    "high_level_findings": {
      "type": "number",
      "description": "the number of high level vulnerabilities"
    },
    "medium_level_findings": {
      "type": "number",
      "description": "the number of medium level vulnerabilities"
    },
    "low_level_findings": {
      "type": "number",
      "description": "the number of low level vulnerabilities"
    },
    "information_findings": {
      "type": "number",
      "description": "the number of information findings"
    },
    "findings": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "uuid": {
            "type": "string",
            "description": "the finding UUID"
          },
          "report_token": {
            "type": "string",
            "description": "the report token"
          },
          "scan_profile_token": {
            "type": "string",
            "description": "the scan profile token"
          },
          "signature": {
            "type": "string",
            "description": "the finding signature"
          },
          "url": {
            "type": "string",
            "description": "the direct URL of the finding"
          },
          "found_at": {
            "type": "string",
            "description": "the URL where the vulnerability was found"
          },
          "timestamp": {
            "type": "string",
            "description": "the time when the vulnerability was found"
          },
          "title": {
            "type": "string",
            "description": "the title of the finding"
          },
          "definition": {
            "type": "object",
            "properties": {
              "uuid": {
                "type": "string",
                "description": "the unique identifier of the node"
              },
              "description": {
                "type": "string",
                "description": "the generic description of the finding"
              },
              "risk": {
                "type": "string",
                "description": "the possible effect of the vulnerability"
              },
              "references": {
                "type": "array",
                "items": {
                  "type": "object",
                  "properties": {
                    "uuid": {
                      "type": "string",
                      "description": "the unique identifier of the node"
                    },
                    "link": {
                      "type": "string",
                      "description": "the URL of the reference"
                    },
                    "name": {
                      "type": "string",
                      "description": "the name of the reference"
                    },
                    "source": {
                      "type": "string",
                      "description": "the name of the reference source"
                    }
                  }
                },
                "description": "a collection of references for further reading"
              }
            },
            "description": "generic information about the vulnerability"
          },
          "score": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "version": {
                  "type": "string",
                  "description": "the CVSS version"
                },
                "score": {
                  "type": "string",
                  "description": "the CVSS score"
                },
                "vector": {
                  "type": "string",
                  "description": "the CVSS vector"
                }
              }
            },
            "description": "the CVSS scores of the finding"
          },
          "owasp": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "year": {
                  "type": "string",
                  "description": "the year of the OWASP classification"
                },
                "classification": {
                  "type": "string",
                  "description": "the OWASP classification"
                }
              }
            },
            "description": "the OWASP classification of the finding"
          },
          "cwe": {
            "type": "number",
            "description": "the CWE (Common Weakness Enumeration) identifier of the finding"
          },
          "details": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "uuid": {
                  "type": "string",
                  "description": "the unique identifier of the node"
                },
                "type": {
                  "type": "string",
                  "enum": [
                    "Geography",
                    "Graph",
                    "HTML",
                    "Image",
                    "Markdown",
                    "Text",
                    "Video"
                  ],
                  "description": "the type of the detail"
                },
                "name": {
                  "type": "string",
                  "description": "the name of the detail"
                },
                "value": {
                  "type": "string",
                  "description": "the value of the detail"
                }
              }
            },
            "description": "detailed information on the finding"
          },
          "tags": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "type": {
                  "type": "string",
                  "description": "the type of the tag"
                },
                "value": {
                  "type": "string",
                  "description": "the value of the tag"
                }
              }
            },
            "description": "finding tags"
          },
          "target": {
            "type": "object",
            "properties": {
              "uuid": {
                "type": "string",
                "description": "the unique identifier of the node"
              },
              "type": {
                "type": "string",
                "enum": [
                  "Cookie",
                  "Domain",
                  "HTTP",
                  "IP",
                  "URL"
                ],
                "description": "the type of the target"
              },
              "name": {
                "type": "string",
                "description": "the cookie name (Cookie)"
              },
              "value": {
                "type": "string",
                "description": "the cookie value (Cookie)"
              },
              "domain": {
                "type": "string",
                "description": "the cookie domain (Cookie)"
              },
              "path": {
                "type": "string",
                "description": "the cookie path (Cookie)"
              },
              "secure": {
                "type": "boolean",
                "description": "indicates whether the cookie is HTTPS only (Cookie)"
              },
              "httponly": {
                "type": "string",
                "description": "indicates whether the cookie is server side only (Cookie)"
              },
              "expires": {
                "type": "string",
                "description": "the timestamp when the cookie expires (Cookie)"
              },
              "address": {
                "type": "string",
                "description": "the domain or IP address (Domain, IP)"
              },
              "port": {
                "type": "number",
                "description": "the port (IP)"
              },
              "url": {
                "type": "string",
                "description": "the target URL (HTTP, URL)"
              },
              "request_method": {
                "type": "string",
                "description": "the request method (HTTP)"
              },
              "request_version": {
                "type": "string",
                "description": "the request version (HTTP)"
              },
              "request_headers": {
                "type": "array",
                "description": "the array of request headers (HTTP)"
              },
              "request_body": {
                "type": "string",
                "description": "the request body (HTTP)"
              },
              "request_body_base64": {
                "type": "boolean",
                "description": "indicates whether the request body is BASE64 encoded (HTTP)"
              },
              "response_status_code": {
                "type": "number",
                "description": "the response status code (HTTP)"
              },
              "response_reason_phrase": {
                "type": "string",
                "description": "the response reason phrase (HTTP)"
              },
              "response_version": {
                "type": "string",
                "description": "the response version (HTTP)"
              },
              "response_headers": {
                "type": "array",
                "description": "the array of response headers (HTTP)"
              },
              "response_body": {
                "type": "string",
                "description": "the response body (HTTP)"
              },
              "response_body_base64": {
                "type": "boolean",
                "description": "indicates whether the response body is BASE64 encoded (HTTP)"
              },
              "response_encoding": {
                "type": "string",
                "description": "the response encoding"
              }
            },
            "description": "the target of the finding"
          },
          "vulnerable_resources": {
            "type": "object",
            "properties": {
              "vulnerable_headers": {
                "type": "array",
                "items": {
                  "type": "object",
                  "properties": {
                    "uuid": {
                      "type": "string",
                      "description": "the unique identifier of the node"
                    },
                    "name": {
                      "type": "string",
                      "description": "the header name"
                    },
                    "direction": {
                      "type": "string",
                      "enum": [
                        "Request",
                        "Response",
                        "Request/Response"
                      ],
                      "description": "the direction of the header"
                    }
                  }
                },
                "description": "the array of vulnerable headers"
              },
              "expected_headers": {
                "type": "array",
                "items": {
                  "type": "object",
                  "properties": {
                    "uuid": {
                      "type": "string",
                      "description": "the unique identifier of the node"
                    },
                    "name": {
                      "type": "string",
                      "description": "the header name"
                    },
                    "direction": {
                      "type": "string",
                      "enum": [
                        "Request",
                        "Response",
                        "Request/Response"
                      ],
                      "description": "the direction of the header"
                    },
                    "value": {
                      "type": "string",
                      "description": "the expected value"
                    }
                  }
                },
                "description": "the array of expected headers"
              },
              "vulnerable_cookies": {
                "type": "array",
                "items": {
                  "type": "object",
                  "properties": {
                    "uuid": {
                      "type": "string",
                      "description": "the unique identifier of the node"
                    },
                    "name": {
                      "type": "string",
                      "description": "the cookie name"
                    }
                  }
                },
                "description": "the array of vulnerable cookies"
              },
              "vulnerable_variables": {
                "type": "array",
                "items": {
                  "type": "object",
                  "properties": {
                    "uuid": {
                      "type": "string",
                      "description": "the unique identifier of the node"
                    },
                    "name": {
                      "type": "string",
                      "description": "the variable name"
                    },
                    "method": {
                      "type": "string",
                      "description": "the HTTP method"
                    }
                  }
                },
                "description": "the array of vulnerable variables"
              }
            },
            "description": "resources on the vulnerability"
          },
          "command_lines": {
            "type": "array",
            "description": "the command lines to reproduce the finding"
          },
          "highlights": {
            "type": "array",
            "description": "the highlights within the finding"
          }
        }
      },
      "description": "the findings"
    }
  }
}

Bad Request - One or more parameters are malformed.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Unauthorized - The API key or the message signature is invalid.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Forbidden - The API key cannot access this endpoint.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Not Found - The report does not exist.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Bad Gateway - The REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Temporary outage within the Detectify infrastructure, possibly due to an upgrade of a Detectify component. Please try again later.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Gateway Timeout - Indicates that the request could not be processed in time, possibly due to overload. Please try again later.

Get single full report
GET/rest/v2/fullreports/{scan_profile_token}/{report_token}/{?severity,from,to}

Only available for Enterprise plan.

Returns the full report for the scan profile identified by the scan profile token and report token.

The findings within the report can be filtered based on severity and time interval using the from and to parameters. Time interval values must be specified in ISO 8601 format (encoded when containing UTC offset) or Unix time. The call returns a maximum of two thousand findings. Please use filtering if the report contains more.

Timestamps are in ISO 8601 format, UTC.

URI Parameters
HideShow
scan_profile_token
string (required) Example: 5605b488634efe810dff4276e28ca7f9

The scan profile token.

report_token
string (required) Example: 60a0fae258d2c952765e81054929c8e6a6fdbdf77

The report token.

severity
string (optional) 

Filters the findings based on the finding severity.

Choices: high medium low information

from
string (optional) Example: 1516114800

Filters the last updated findings before the specified timestamp.

to
string (optional) Example: 1516119398

Filters the last updated findings after the specified timestamp.


Get latest full report

GET /rest/v2/fullreports/5605b488634efe810dff4276e28ca7f9/latest/?severity=&from=1516114800&to=1516119398
Requestsexample 1
Headers
X-Detectify-Key: YourAPIKey
X-Detectify-Signature: YourMessageSignature
X-Detectify-Timestamp: YourTimestamp
Responses200400401403404502503504

OK - Returned report.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
  "scan_profile_token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
  "scan_profile_name": "example profile",
  "created": "2018-01-09T06:07:12Z",
  "started": "2018-01-09T06:07:32Z",
  "stopped": "2018-01-09T17:13:52Z",
  "url": "https://detectify.com/report/5605b488634efe810dff4276e28ca7f9/60a0fae258d2c952765e81054929c8e6a6fdbdf77/",
  "cvss": 9.3,
  "high_level_findings": 4,
  "medium_level_findings": 7,
  "low_level_findings": 11,
  "information_findings": 18,
  "findings": [
    {
      "uuid": "941c4794-379b-4efd-bccf-21c4f0c034b1",
      "report_token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
      "scan_profile_token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
      "signature": "52eadaa2-fb97-11e7-8c3f-9a214cf093ae",
      "url": "https://detectify.com/report/5605b488634efe810dff4276e28ca7f9/60a0fae258d2c952765e81054929c8e6a6fdbdf77/941c4794-379b-4efd-bccf-21c4f0c034b1/",
      "found_at": "http://www.example.com/index.html",
      "timestamp": "2018-01-09T06:18:32Z",
      "title": "Cross Site Scripting (XSS)",
      "definition": {
        "uuid": "7fe484a3-0072-43a4-9051-17b02e47e9c8",
        "description": "An attacker can inject JavaScript into the victim's browsers, which will execute under the vulnerable domain.",
        "risk": "An attacker can use this to steal cookies, phishing, tabnabbing etc.",
        "references": [
          {
            "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
            "link": "http://support.detectify.com/customer/en/portal/articles/1711512-cross-site-scripting",
            "name": "REMEDIATION - Detectify Support Center - Cross Site Scripting",
            "source": "Detectify"
          }
        ]
      },
      "score": [
        {
          "version": "2.0",
          "score": "6.4",
          "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"
        }
      ],
      "owasp": [
        {
          "year": "2017",
          "classification": "A7"
        }
      ],
      "cwe": 12,
      "details": [
        {
          "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
          "type": "Geography",
          "name": "default, service_provider_host, service_provider_name, service_provider_mail, domain_statistics_seed, domain_statistics_dns, domain_statistics_vhost, domain_statistics_crawler, boolean_based_sql_injection",
          "value": "59.3293° N, 18.0686° E, Sweden (SE), Stockholms län, Stockholm 117 33"
        }
      ],
      "tags": [
        {
          "type": "Tag New",
          "value": "new"
        }
      ],
      "target": {
        "uuid": "c063bd03-f4eb-4e66-bb22-425f2f90b1d2",
        "type": "Cookie",
        "name": "SessionId",
        "value": "7jq7ffrpe251o7rh5sapo079p2",
        "domain": "example.com",
        "path": "/",
        "secure": true,
        "httponly": "false",
        "expires": "2018-01-09T09:12:50Z",
        "address": "1.1.1.1",
        "port": 80,
        "url": "http://www.example.com/index.html",
        "request_method": "GET",
        "request_version": "1.1",
        "request_headers": [
          {
            "name": "special_header",
            "value": "special_value"
          }
        ],
        "request_body": "...",
        "request_body_base64": false,
        "response_status_code": 200,
        "response_reason_phrase": "OK",
        "response_version": "1.1",
        "response_headers": [
          {
            "name": "special_header",
            "value": "special_value"
          }
        ],
        "response_body": "...",
        "response_body_base64": false,
        "response_encoding": "utf-8"
      },
      "vulnerable_resources": {
        "vulnerable_headers": [
          {
            "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
            "name": "Strict-Transport-Security",
            "direction": "Request"
          }
        ],
        "expected_headers": [
          {
            "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
            "name": "Strict-Transport-Security",
            "direction": "Request",
            "value": "max-age=60000"
          }
        ],
        "vulnerable_cookies": [
          {
            "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
            "name": "SessionId"
          }
        ],
        "vulnerable_variables": [
          {
            "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
            "name": "username",
            "method": "GET"
          }
        ]
      },
      "command_lines": [
        {
          "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
          "unix": "traceroute -m 40 -w 0.5 213.80.101.97",
          "windows": "tracert -h 40 -w 500 213.80.101.97"
        }
      ],
      "highlights": [
        {
          "uuid": "c063bd03-f4eb-4e66-bb22-425f2f90b1d2",
          "field": "url",
          "offset": 7,
          "length": 15
        }
      ]
    }
  ]
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "token": {
      "type": "string",
      "description": "the report token"
    },
    "scan_profile_token": {
      "type": "string",
      "description": "the scan profile token"
    },
    "scan_profile_name": {
      "type": "string",
      "description": "the name of the scan profile"
    },
    "created": {
      "type": "string",
      "description": "the time the report was created"
    },
    "started": {
      "type": "string",
      "description": "the time the scan started"
    },
    "stopped": {
      "type": "string",
      "description": "the time the scan stopped"
    },
    "url": {
      "type": "string",
      "description": "the direct URL of the report"
    },
    "cvss": {
      "type": "number",
      "description": "the overall CVSS score of the report"
    },
    "high_level_findings": {
      "type": "number",
      "description": "the number of high level vulnerabilities"
    },
    "medium_level_findings": {
      "type": "number",
      "description": "the number of medium level vulnerabilities"
    },
    "low_level_findings": {
      "type": "number",
      "description": "the number of low level vulnerabilities"
    },
    "information_findings": {
      "type": "number",
      "description": "the number of information findings"
    },
    "findings": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "uuid": {
            "type": "string",
            "description": "the finding UUID"
          },
          "report_token": {
            "type": "string",
            "description": "the report token"
          },
          "scan_profile_token": {
            "type": "string",
            "description": "the scan profile token"
          },
          "signature": {
            "type": "string",
            "description": "the finding signature"
          },
          "url": {
            "type": "string",
            "description": "the direct URL of the finding"
          },
          "found_at": {
            "type": "string",
            "description": "the URL where the vulnerability was found"
          },
          "timestamp": {
            "type": "string",
            "description": "the time when the vulnerability was found"
          },
          "title": {
            "type": "string",
            "description": "the title of the finding"
          },
          "definition": {
            "type": "object",
            "properties": {
              "uuid": {
                "type": "string",
                "description": "the unique identifier of the node"
              },
              "description": {
                "type": "string",
                "description": "the generic description of the finding"
              },
              "risk": {
                "type": "string",
                "description": "the possible effect of the vulnerability"
              },
              "references": {
                "type": "array",
                "items": {
                  "type": "object",
                  "properties": {
                    "uuid": {
                      "type": "string",
                      "description": "the unique identifier of the node"
                    },
                    "link": {
                      "type": "string",
                      "description": "the URL of the reference"
                    },
                    "name": {
                      "type": "string",
                      "description": "the name of the reference"
                    },
                    "source": {
                      "type": "string",
                      "description": "the name of the reference source"
                    }
                  }
                },
                "description": "a collection of references for further reading"
              }
            },
            "description": "generic information about the vulnerability"
          },
          "score": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "version": {
                  "type": "string",
                  "description": "the CVSS version"
                },
                "score": {
                  "type": "string",
                  "description": "the CVSS score"
                },
                "vector": {
                  "type": "string",
                  "description": "the CVSS vector"
                }
              }
            },
            "description": "the CVSS scores of the finding"
          },
          "owasp": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "year": {
                  "type": "string",
                  "description": "the year of the OWASP classification"
                },
                "classification": {
                  "type": "string",
                  "description": "the OWASP classification"
                }
              }
            },
            "description": "the OWASP classification of the finding"
          },
          "cwe": {
            "type": "number",
            "description": "the CWE (Common Weakness Enumeration) identifier of the finding"
          },
          "details": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "uuid": {
                  "type": "string",
                  "description": "the unique identifier of the node"
                },
                "type": {
                  "type": "string",
                  "enum": [
                    "Geography",
                    "Graph",
                    "HTML",
                    "Image",
                    "Markdown",
                    "Text",
                    "Video"
                  ],
                  "description": "the type of the detail"
                },
                "name": {
                  "type": "string",
                  "description": "the name of the detail"
                },
                "value": {
                  "type": "string",
                  "description": "the value of the detail"
                }
              }
            },
            "description": "detailed information on the finding"
          },
          "tags": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "type": {
                  "type": "string",
                  "description": "the type of the tag"
                },
                "value": {
                  "type": "string",
                  "description": "the value of the tag"
                }
              }
            },
            "description": "finding tags"
          },
          "target": {
            "type": "object",
            "properties": {
              "uuid": {
                "type": "string",
                "description": "the unique identifier of the node"
              },
              "type": {
                "type": "string",
                "enum": [
                  "Cookie",
                  "Domain",
                  "HTTP",
                  "IP",
                  "URL"
                ],
                "description": "the type of the target"
              },
              "name": {
                "type": "string",
                "description": "the cookie name (Cookie)"
              },
              "value": {
                "type": "string",
                "description": "the cookie value (Cookie)"
              },
              "domain": {
                "type": "string",
                "description": "the cookie domain (Cookie)"
              },
              "path": {
                "type": "string",
                "description": "the cookie path (Cookie)"
              },
              "secure": {
                "type": "boolean",
                "description": "indicates whether the cookie is HTTPS only (Cookie)"
              },
              "httponly": {
                "type": "string",
                "description": "indicates whether the cookie is server side only (Cookie)"
              },
              "expires": {
                "type": "string",
                "description": "the timestamp when the cookie expires (Cookie)"
              },
              "address": {
                "type": "string",
                "description": "the domain or IP address (Domain, IP)"
              },
              "port": {
                "type": "number",
                "description": "the port (IP)"
              },
              "url": {
                "type": "string",
                "description": "the target URL (HTTP, URL)"
              },
              "request_method": {
                "type": "string",
                "description": "the request method (HTTP)"
              },
              "request_version": {
                "type": "string",
                "description": "the request version (HTTP)"
              },
              "request_headers": {
                "type": "array",
                "description": "the array of request headers (HTTP)"
              },
              "request_body": {
                "type": "string",
                "description": "the request body (HTTP)"
              },
              "request_body_base64": {
                "type": "boolean",
                "description": "indicates whether the request body is BASE64 encoded (HTTP)"
              },
              "response_status_code": {
                "type": "number",
                "description": "the response status code (HTTP)"
              },
              "response_reason_phrase": {
                "type": "string",
                "description": "the response reason phrase (HTTP)"
              },
              "response_version": {
                "type": "string",
                "description": "the response version (HTTP)"
              },
              "response_headers": {
                "type": "array",
                "description": "the array of response headers (HTTP)"
              },
              "response_body": {
                "type": "string",
                "description": "the response body (HTTP)"
              },
              "response_body_base64": {
                "type": "boolean",
                "description": "indicates whether the response body is BASE64 encoded (HTTP)"
              },
              "response_encoding": {
                "type": "string",
                "description": "the response encoding"
              }
            },
            "description": "the target of the finding"
          },
          "vulnerable_resources": {
            "type": "object",
            "properties": {
              "vulnerable_headers": {
                "type": "array",
                "items": {
                  "type": "object",
                  "properties": {
                    "uuid": {
                      "type": "string",
                      "description": "the unique identifier of the node"
                    },
                    "name": {
                      "type": "string",
                      "description": "the header name"
                    },
                    "direction": {
                      "type": "string",
                      "enum": [
                        "Request",
                        "Response",
                        "Request/Response"
                      ],
                      "description": "the direction of the header"
                    }
                  }
                },
                "description": "the array of vulnerable headers"
              },
              "expected_headers": {
                "type": "array",
                "items": {
                  "type": "object",
                  "properties": {
                    "uuid": {
                      "type": "string",
                      "description": "the unique identifier of the node"
                    },
                    "name": {
                      "type": "string",
                      "description": "the header name"
                    },
                    "direction": {
                      "type": "string",
                      "enum": [
                        "Request",
                        "Response",
                        "Request/Response"
                      ],
                      "description": "the direction of the header"
                    },
                    "value": {
                      "type": "string",
                      "description": "the expected value"
                    }
                  }
                },
                "description": "the array of expected headers"
              },
              "vulnerable_cookies": {
                "type": "array",
                "items": {
                  "type": "object",
                  "properties": {
                    "uuid": {
                      "type": "string",
                      "description": "the unique identifier of the node"
                    },
                    "name": {
                      "type": "string",
                      "description": "the cookie name"
                    }
                  }
                },
                "description": "the array of vulnerable cookies"
              },
              "vulnerable_variables": {
                "type": "array",
                "items": {
                  "type": "object",
                  "properties": {
                    "uuid": {
                      "type": "string",
                      "description": "the unique identifier of the node"
                    },
                    "name": {
                      "type": "string",
                      "description": "the variable name"
                    },
                    "method": {
                      "type": "string",
                      "description": "the HTTP method"
                    }
                  }
                },
                "description": "the array of vulnerable variables"
              }
            },
            "description": "resources on the vulnerability"
          },
          "command_lines": {
            "type": "array",
            "description": "the command lines to reproduce the finding"
          },
          "highlights": {
            "type": "array",
            "description": "the highlights within the finding"
          }
        }
      },
      "description": "the findings"
    }
  }
}

Bad Request - One or more parameters are malformed.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Unauthorized - The API key or the message signature is invalid.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Forbidden - The API key cannot access this endpoint.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Not Found - The report does not exist.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Bad Gateway - The REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Temporary outage within the Detectify infrastructure, possibly due to an upgrade of a Detectify component. Please try again later.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Gateway Timeout - Indicates that the request could not be processed in time, possibly due to overload. Please try again later.

Get latest full report
GET/rest/v2/fullreports/{scan_profile_token}/latest/{?severity,from,to}

Only available for Enterprise plan.

Returns the latest report for the scan profile identified by the scan profile token. The scan profile token can be retrieved using Get scan profiles.

If there is no scan running for the profile, the response contains the report for the last scan; otherwise, the (partial) report for the ongoing scan. The findings within the report can be filtered based on severity and time interval using the from and to parameters. Time interval values must be specified in ISO 8601 format (encoded when containing UTC offset) or Unix time. The call returns a maximum of two thousand findings. Please use filtering if the report contains more.

Timestamps are in ISO 8601 format, UTC.

URI Parameters
HideShow
scan_profile_token
string (required) Example: 5605b488634efe810dff4276e28ca7f9

The scan profile token.

severity
string (optional) 

Filters the findings based on the finding severity.

Choices: high medium low information

from
string (optional) Example: 1516114800

Filters the last updated findings before the specified timestamp.

to
string (optional) Example: 1516119398

Filters the last updated findings after the specified timestamp.


Scan findings

Findings are the individual entries in a report that represent either a vulnerability or other information acquired or produced during a scan. Findings have a multi-level structure as various information is gathered and aggregated.

Findings are identified by the finding universally unique identifier (UUID). The finding UUID is unique for each finding. Therefore, even if the same vulnerability occurs in multiple scans on the same scan profile, the UUID are different. To track recurring findings between different reports, use finding signature. In addition to finding UUID, most nodes within findings have additional UUID values which are used to identify the node for highlighting. For more details, see highlighting.

Findings include basic information such as the title and location of the finding, the direct finding URL, and more complex information:

  • signature: The finding signature, which is a hash of finding information and are the same for findings occurring in multiple scans for the same scan profile. Hence, the signature can be used to track recurring findings.

  • definition: Generic information about a vulnerability, such as risk and a collection of references for further reading.

  • score: The CVSS score information that contains the CVSS version and vector used to compute the score. Multiple scores can be present for different CVSS versions (e.g., CVSS v2 and v3).

  • OWASP: The OWASP Top 10 classification information based on the year. Multiple scores can be present for different years.

  • CWE: The Common Weakness Enumeration (CWE) identifier of the vulnerability.

  • details: Detailed information on the finding. Finding details include type, name and value.

    The type indicates the format of the value, which can be:

    • Geography: Indicates geographic information following this scheme:

      {latitude}, {longitude}, {country name} ({county code}), {region}, {city} {zip code}

    • Graph: Indicates differences between two sets of data points following this scheme:

      {unit of measurement}, {key 1}=[{value 11} {value 12} …], {key 2}=[{value 21} …]

    • HTML: Indicates a HTML snippet.

    • Image: Indicates an image URL (which can be data URL).

    • Markdown: Indicates a markdown snippet written in GitHub flawored markdown.

    • Text: Indicates plain text.

    • Video: Indicates a video URL.

    The name indicates the topic of the value:

    • boolean_based_sql_injection: Indicates an SQL injection.
    • service_provider_name: Indicates the name provider/name service used.
    • service_provider_host: Indicates the hosting provider/providers used.
    • service_provider_mail: Indicates the mail provider/providers used.
    • domain_statistics_seed: Indicates the seeded domains discovered.
    • domain_statistics_dns: Indicates the domains discovered by DNS bruteforcing.
    • domain_statistics_vhost: Indicates the domains discovered by VHOST bruteforcing.
    • domain_statistics_crawler: Indicates the domains discovered by crawling around on the web application.
    • default: Indicates an unspecified topic.
  • tags: Provides additional information about the finding and enables categorization. Tags come with type and value, where type refers to the purpose of the tag. Currently supported tag types:

    • New: Indicates that the finding is new and did not appear in previous scans.
    • High/Medium/Low: Marks the finding severity used on the website.
    • Crowdsourced: Indicates that the finding comes from a module implemented from Detectify Crowdsource.
    • Accepted Risk: Marks a finding as accepted risk. Can be added/removed through the website.
    • False Positive: Marks a finding as false positive. Can be added/removed through the website.
    • Patched: Marks a finding as fixed. Can be added/removed through the website.
  • target: Provides information on the target of the vulnerability. The information depends on the type value. Supported types are:

    • Cookie: Indicates a HTTP cookie. Example:

      {
          "uuid": "c063bd03-f4eb-4e66-bb22-425f2f90b1d2",
          "type": "Cookie",
          "name": "SessionId",
          "value": "7jq7ffrpe251o7rh5sapo079p2",
          "domain": "example.com",
          "path": "/",
          "secure": true,
          "httponly": false,
          "expires": "2018-01-09T09:12:50Z"
      }
    • Domain: Indicates a domain. Example:

      {
          "uuid": "c063bd03-f4eb-4e66-bb22-425f2f90b1d2",
          "type": "Domain",
          "address": "example.com"
      }
    • HTTP: Indicates a HTTP request with complete information on request/response. Example:

      {
          "uuid":"c063bd03-f4eb-4e66-bb22-425f2f90b1d2",
          "type": "HTTP",
          "url": "http://www.example.com/index.html",
          "request_method": "GET",
          "request_version": "1.1",
          "request_headers": [
              {
                  "name": "Accept",
                  "value": "text/html"
              }
          ],
          "request_body": "",
          "request_body_base64": false,
          "response_status_code": 200,
          "response_reason_phrase": "OK",
          "response_version": "1.1",
          "response_headers": [
              {
                  "name": "Transfer-Encoding",
                  "value": "chunked"
              }
          ],
          "response_body": "...",
          "response_body_base64": false,
          "response_encoding": "utf-8"
      }
    • IP: Indicates an IP address and optionally a port number. Example:

      {
          "uuid": "c063bd03-f4eb-4e66-bb22-425f2f90b1d2",
          "type": "IP",
          "address": "1.1.1.1",
          "port": 80
      }
    • URL: Indicates an URL. Example:

      {
          "uuid": "c063bd03-f4eb-4e66-bb22-425f2f90b1d2",
          "type": "URL",
          "url": "http://www.example.com/index.html"
      }
  • vulnerable_resources: The collection of resources that result in the vulnerability grouped into headers, cookies and variables and expected headers (the lack of which causes the vulnerability).

  • command_lines: The collection of commands that can be used to recreate the vulnerability in a terminal.

  • highlights: Highlighting is a formatting possibility for the findings to mark important information. Highlighting is based on the UUID of the nodes within the finding JSON. Hence, all possible nodes that can be highlighted have a uuid field. The highlight-nodes specify the marked part using field, offset and length values. Field contains the key of the field, whilst offset and length define the part of the value, which is highlighted.

    Example for highlighting www.example.com in the above-specified HTTP target’s URL:

    {
        "uuid": "c063bd03-f4eb-4e66-bb22-425f2f90b1d2",
        "field": "url",
        "offset": 7,
        "length": 15
    }

Get findings for scan profile

GET /rest/v2/findings/5605b488634efe810dff4276e28ca7f9/?severity=&from=1516114800&to=1516119398
Requestsexample 1
Headers
X-Detectify-Key: YourAPIKey
X-Detectify-Signature: YourMessageSignature
X-Detectify-Timestamp: YourTimestamp
Responses200400401403404502503504

OK - Returned findings.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
[
  {
    "uuid": "941c4794-379b-4efd-bccf-21c4f0c034b1",
    "report_token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
    "scan_profile_token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
    "signature": "52eadaa2-fb97-11e7-8c3f-9a214cf093ae",
    "url": "https://detectify.com/report/5605b488634efe810dff4276e28ca7f9/60a0fae258d2c952765e81054929c8e6a6fdbdf77/941c4794-379b-4efd-bccf-21c4f0c034b1/",
    "found_at": "http://www.example.com/index.html",
    "timestamp": "2018-01-09T06:18:32Z",
    "title": "Cross Site Scripting (XSS)",
    "definition": {
      "uuid": "7fe484a3-0072-43a4-9051-17b02e47e9c8",
      "description": "An attacker can inject JavaScript into the victim's browsers, which will execute under the vulnerable domain.",
      "risk": "An attacker can use this to steal cookies, phishing, tabnabbing etc.",
      "references": [
        {
          "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
          "link": "http://support.detectify.com/customer/en/portal/articles/1711512-cross-site-scripting",
          "name": "REMEDIATION - Detectify Support Center - Cross Site Scripting",
          "source": "Detectify"
        }
      ]
    },
    "score": [
      {
        "version": "2.0",
        "score": "6.4",
        "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"
      }
    ],
    "owasp": [
      {
        "year": "2017",
        "classification": "A7"
      }
    ],
    "cwe": 12,
    "details": [
      {
        "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
        "type": "Geography",
        "name": "default, service_provider_host, service_provider_name, service_provider_mail, domain_statistics_seed, domain_statistics_dns, domain_statistics_vhost, domain_statistics_crawler, boolean_based_sql_injection",
        "value": "59.3293° N, 18.0686° E, Sweden (SE), Stockholms län, Stockholm 117 33"
      }
    ],
    "tags": [
      {
        "type": "Tag New",
        "value": "new"
      }
    ],
    "target": {
      "uuid": "c063bd03-f4eb-4e66-bb22-425f2f90b1d2",
      "type": "Cookie",
      "name": "SessionId",
      "value": "7jq7ffrpe251o7rh5sapo079p2",
      "domain": "example.com",
      "path": "/",
      "secure": true,
      "httponly": "false",
      "expires": "2018-01-09T09:12:50Z",
      "address": "1.1.1.1",
      "port": 80,
      "url": "http://www.example.com/index.html",
      "request_method": "GET",
      "request_version": "1.1",
      "request_headers": [
        {
          "name": "special_header",
          "value": "special_value"
        }
      ],
      "request_body": "...",
      "request_body_base64": false,
      "response_status_code": 200,
      "response_reason_phrase": "OK",
      "response_version": "1.1",
      "response_headers": [
        {
          "name": "special_header",
          "value": "special_value"
        }
      ],
      "response_body": "...",
      "response_body_base64": false,
      "response_encoding": "utf-8"
    },
    "vulnerable_resources": {
      "vulnerable_headers": [
        {
          "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
          "name": "Strict-Transport-Security",
          "direction": "Request"
        }
      ],
      "expected_headers": [
        {
          "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
          "name": "Strict-Transport-Security",
          "direction": "Request",
          "value": "max-age=60000"
        }
      ],
      "vulnerable_cookies": [
        {
          "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
          "name": "SessionId"
        }
      ],
      "vulnerable_variables": [
        {
          "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
          "name": "username",
          "method": "GET"
        }
      ]
    },
    "command_lines": [
      {
        "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
        "unix": "traceroute -m 40 -w 0.5 213.80.101.97",
        "windows": "tracert -h 40 -w 500 213.80.101.97"
      }
    ],
    "highlights": [
      {
        "uuid": "c063bd03-f4eb-4e66-bb22-425f2f90b1d2",
        "field": "url",
        "offset": 7,
        "length": 15
      }
    ]
  }
]
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "array",
  "items": {
    "type": "object",
    "properties": {
      "uuid": {
        "type": "string",
        "description": "the finding UUID"
      },
      "report_token": {
        "type": "string",
        "description": "the report token"
      },
      "scan_profile_token": {
        "type": "string",
        "description": "the scan profile token"
      },
      "signature": {
        "type": "string",
        "description": "the finding signature"
      },
      "url": {
        "type": "string",
        "description": "the direct URL of the finding"
      },
      "found_at": {
        "type": "string",
        "description": "the URL where the vulnerability was found"
      },
      "timestamp": {
        "type": "string",
        "description": "the time when the vulnerability was found"
      },
      "title": {
        "type": "string",
        "description": "the title of the finding"
      },
      "definition": {
        "type": "object",
        "properties": {
          "uuid": {
            "type": "string",
            "description": "the unique identifier of the node"
          },
          "description": {
            "type": "string",
            "description": "the generic description of the finding"
          },
          "risk": {
            "type": "string",
            "description": "the possible effect of the vulnerability"
          },
          "references": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "uuid": {
                  "type": "string",
                  "description": "the unique identifier of the node"
                },
                "link": {
                  "type": "string",
                  "description": "the URL of the reference"
                },
                "name": {
                  "type": "string",
                  "description": "the name of the reference"
                },
                "source": {
                  "type": "string",
                  "description": "the name of the reference source"
                }
              }
            },
            "description": "a collection of references for further reading"
          }
        },
        "description": "generic information about the vulnerability"
      },
      "score": {
        "type": "array",
        "items": {
          "type": "object",
          "properties": {
            "version": {
              "type": "string",
              "description": "the CVSS version"
            },
            "score": {
              "type": "string",
              "description": "the CVSS score"
            },
            "vector": {
              "type": "string",
              "description": "the CVSS vector"
            }
          }
        },
        "description": "the CVSS scores of the finding"
      },
      "owasp": {
        "type": "array",
        "items": {
          "type": "object",
          "properties": {
            "year": {
              "type": "string",
              "description": "the year of the OWASP classification"
            },
            "classification": {
              "type": "string",
              "description": "the OWASP classification"
            }
          }
        },
        "description": "the OWASP classification of the finding"
      },
      "cwe": {
        "type": "number",
        "description": "the CWE (Common Weakness Enumeration) identifier of the finding"
      },
      "details": {
        "type": "array",
        "items": {
          "type": "object",
          "properties": {
            "uuid": {
              "type": "string",
              "description": "the unique identifier of the node"
            },
            "type": {
              "type": "string",
              "enum": [
                "Geography",
                "Graph",
                "HTML",
                "Image",
                "Markdown",
                "Text",
                "Video"
              ],
              "description": "the type of the detail"
            },
            "name": {
              "type": "string",
              "description": "the name of the detail"
            },
            "value": {
              "type": "string",
              "description": "the value of the detail"
            }
          }
        },
        "description": "detailed information on the finding"
      },
      "tags": {
        "type": "array",
        "items": {
          "type": "object",
          "properties": {
            "type": {
              "type": "string",
              "description": "the type of the tag"
            },
            "value": {
              "type": "string",
              "description": "the value of the tag"
            }
          }
        },
        "description": "finding tags"
      },
      "target": {
        "type": "object",
        "properties": {
          "uuid": {
            "type": "string",
            "description": "the unique identifier of the node"
          },
          "type": {
            "type": "string",
            "enum": [
              "Cookie",
              "Domain",
              "HTTP",
              "IP",
              "URL"
            ],
            "description": "the type of the target"
          },
          "name": {
            "type": "string",
            "description": "the cookie name (Cookie)"
          },
          "value": {
            "type": "string",
            "description": "the cookie value (Cookie)"
          },
          "domain": {
            "type": "string",
            "description": "the cookie domain (Cookie)"
          },
          "path": {
            "type": "string",
            "description": "the cookie path (Cookie)"
          },
          "secure": {
            "type": "boolean",
            "description": "indicates whether the cookie is HTTPS only (Cookie)"
          },
          "httponly": {
            "type": "string",
            "description": "indicates whether the cookie is server side only (Cookie)"
          },
          "expires": {
            "type": "string",
            "description": "the timestamp when the cookie expires (Cookie)"
          },
          "address": {
            "type": "string",
            "description": "the domain or IP address (Domain, IP)"
          },
          "port": {
            "type": "number",
            "description": "the port (IP)"
          },
          "url": {
            "type": "string",
            "description": "the target URL (HTTP, URL)"
          },
          "request_method": {
            "type": "string",
            "description": "the request method (HTTP)"
          },
          "request_version": {
            "type": "string",
            "description": "the request version (HTTP)"
          },
          "request_headers": {
            "type": "array",
            "description": "the array of request headers (HTTP)"
          },
          "request_body": {
            "type": "string",
            "description": "the request body (HTTP)"
          },
          "request_body_base64": {
            "type": "boolean",
            "description": "indicates whether the request body is BASE64 encoded (HTTP)"
          },
          "response_status_code": {
            "type": "number",
            "description": "the response status code (HTTP)"
          },
          "response_reason_phrase": {
            "type": "string",
            "description": "the response reason phrase (HTTP)"
          },
          "response_version": {
            "type": "string",
            "description": "the response version (HTTP)"
          },
          "response_headers": {
            "type": "array",
            "description": "the array of response headers (HTTP)"
          },
          "response_body": {
            "type": "string",
            "description": "the response body (HTTP)"
          },
          "response_body_base64": {
            "type": "boolean",
            "description": "indicates whether the response body is BASE64 encoded (HTTP)"
          },
          "response_encoding": {
            "type": "string",
            "description": "the response encoding"
          }
        },
        "description": "the target of the finding"
      },
      "vulnerable_resources": {
        "type": "object",
        "properties": {
          "vulnerable_headers": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "uuid": {
                  "type": "string",
                  "description": "the unique identifier of the node"
                },
                "name": {
                  "type": "string",
                  "description": "the header name"
                },
                "direction": {
                  "type": "string",
                  "enum": [
                    "Request",
                    "Response",
                    "Request/Response"
                  ],
                  "description": "the direction of the header"
                }
              }
            },
            "description": "the array of vulnerable headers"
          },
          "expected_headers": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "uuid": {
                  "type": "string",
                  "description": "the unique identifier of the node"
                },
                "name": {
                  "type": "string",
                  "description": "the header name"
                },
                "direction": {
                  "type": "string",
                  "enum": [
                    "Request",
                    "Response",
                    "Request/Response"
                  ],
                  "description": "the direction of the header"
                },
                "value": {
                  "type": "string",
                  "description": "the expected value"
                }
              }
            },
            "description": "the array of expected headers"
          },
          "vulnerable_cookies": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "uuid": {
                  "type": "string",
                  "description": "the unique identifier of the node"
                },
                "name": {
                  "type": "string",
                  "description": "the cookie name"
                }
              }
            },
            "description": "the array of vulnerable cookies"
          },
          "vulnerable_variables": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "uuid": {
                  "type": "string",
                  "description": "the unique identifier of the node"
                },
                "name": {
                  "type": "string",
                  "description": "the variable name"
                },
                "method": {
                  "type": "string",
                  "description": "the HTTP method"
                }
              }
            },
            "description": "the array of vulnerable variables"
          }
        },
        "description": "resources on the vulnerability"
      },
      "command_lines": {
        "type": "array",
        "description": "the command lines to reproduce the finding"
      },
      "highlights": {
        "type": "array",
        "description": "the highlights within the finding"
      }
    }
  }
}

Bad Request - One or more parameters are malformed.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Unauthorized - The API key or the message signature is invalid.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Forbidden - The API key cannot access this endpoint.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Not Found - The scan profile does not exist.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Bad Gateway - The REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Temporary outage within the Detectify infrastructure, possibly due to an upgrade of a Detectify component. Please try again later.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Gateway Timeout - The request could not be processed in time possibility due to overload. Please try again later.

Get findings for scan profile
GET/rest/v2/findings/{scan_profile_token}/{?severity,from,to}

Only available for Enterprise plan.

Returns findings for the scan profile identified by the scan profile token. The scan profile token can be retrieved using Get scan profiles.

The findings can be filtered based on severity and time interval using the from and to parameters. Time interval values must be specified in ISO 8601 format (encoded when containing UTC offset) or Unix time. The call returns a maximum of two thousand findings starting with the latest report. Please use filtering if the profile contains more. If there are no findings available for the specified parameters, the response contains an empty array.

Timestamps are in ISO 8601 format, UTC.

URI Parameters
HideShow
scan_profile_token
string (required) Example: 5605b488634efe810dff4276e28ca7f9

The scan profile token.

severity
string (optional) 

Filters the findings based on the finding severity.

Choices: high medium low information

from
string (optional) Example: 1516114800

Filters the last updated findings before the specified timestamp.

to
string (optional) Example: 1516119398

Filters the last updated findings after the specified timestamp.


Get findings for report

GET /rest/v2/findings/5605b488634efe810dff4276e28ca7f9/60a0fae258d2c952765e81054929c8e6a6fdbdf77/?severity=&from=1516114800&to=1516119398
Requestsexample 1
Headers
X-Detectify-Key: YourAPIKey
X-Detectify-Signature: YourMessageSignature
X-Detectify-Timestamp: YourTimestamp
Responses200400401403404502503504

OK - Returned findings.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
[
  {
    "uuid": "941c4794-379b-4efd-bccf-21c4f0c034b1",
    "report_token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
    "scan_profile_token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
    "signature": "52eadaa2-fb97-11e7-8c3f-9a214cf093ae",
    "url": "https://detectify.com/report/5605b488634efe810dff4276e28ca7f9/60a0fae258d2c952765e81054929c8e6a6fdbdf77/941c4794-379b-4efd-bccf-21c4f0c034b1/",
    "found_at": "http://www.example.com/index.html",
    "timestamp": "2018-01-09T06:18:32Z",
    "title": "Cross Site Scripting (XSS)",
    "definition": {
      "uuid": "7fe484a3-0072-43a4-9051-17b02e47e9c8",
      "description": "An attacker can inject JavaScript into the victim's browsers, which will execute under the vulnerable domain.",
      "risk": "An attacker can use this to steal cookies, phishing, tabnabbing etc.",
      "references": [
        {
          "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
          "link": "http://support.detectify.com/customer/en/portal/articles/1711512-cross-site-scripting",
          "name": "REMEDIATION - Detectify Support Center - Cross Site Scripting",
          "source": "Detectify"
        }
      ]
    },
    "score": [
      {
        "version": "2.0",
        "score": "6.4",
        "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"
      }
    ],
    "owasp": [
      {
        "year": "2017",
        "classification": "A7"
      }
    ],
    "cwe": 12,
    "details": [
      {
        "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
        "type": "Geography",
        "name": "default, service_provider_host, service_provider_name, service_provider_mail, domain_statistics_seed, domain_statistics_dns, domain_statistics_vhost, domain_statistics_crawler, boolean_based_sql_injection",
        "value": "59.3293° N, 18.0686° E, Sweden (SE), Stockholms län, Stockholm 117 33"
      }
    ],
    "tags": [
      {
        "type": "Tag New",
        "value": "new"
      }
    ],
    "target": {
      "uuid": "c063bd03-f4eb-4e66-bb22-425f2f90b1d2",
      "type": "Cookie",
      "name": "SessionId",
      "value": "7jq7ffrpe251o7rh5sapo079p2",
      "domain": "example.com",
      "path": "/",
      "secure": true,
      "httponly": "false",
      "expires": "2018-01-09T09:12:50Z",
      "address": "1.1.1.1",
      "port": 80,
      "url": "http://www.example.com/index.html",
      "request_method": "GET",
      "request_version": "1.1",
      "request_headers": [
        {
          "name": "special_header",
          "value": "special_value"
        }
      ],
      "request_body": "...",
      "request_body_base64": false,
      "response_status_code": 200,
      "response_reason_phrase": "OK",
      "response_version": "1.1",
      "response_headers": [
        {
          "name": "special_header",
          "value": "special_value"
        }
      ],
      "response_body": "...",
      "response_body_base64": false,
      "response_encoding": "utf-8"
    },
    "vulnerable_resources": {
      "vulnerable_headers": [
        {
          "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
          "name": "Strict-Transport-Security",
          "direction": "Request"
        }
      ],
      "expected_headers": [
        {
          "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
          "name": "Strict-Transport-Security",
          "direction": "Request",
          "value": "max-age=60000"
        }
      ],
      "vulnerable_cookies": [
        {
          "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
          "name": "SessionId"
        }
      ],
      "vulnerable_variables": [
        {
          "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
          "name": "username",
          "method": "GET"
        }
      ]
    },
    "command_lines": [
      {
        "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
        "unix": "traceroute -m 40 -w 0.5 213.80.101.97",
        "windows": "tracert -h 40 -w 500 213.80.101.97"
      }
    ],
    "highlights": [
      {
        "uuid": "c063bd03-f4eb-4e66-bb22-425f2f90b1d2",
        "field": "url",
        "offset": 7,
        "length": 15
      }
    ]
  }
]
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "array",
  "items": {
    "type": "object",
    "properties": {
      "uuid": {
        "type": "string",
        "description": "the finding UUID"
      },
      "report_token": {
        "type": "string",
        "description": "the report token"
      },
      "scan_profile_token": {
        "type": "string",
        "description": "the scan profile token"
      },
      "signature": {
        "type": "string",
        "description": "the finding signature"
      },
      "url": {
        "type": "string",
        "description": "the direct URL of the finding"
      },
      "found_at": {
        "type": "string",
        "description": "the URL where the vulnerability was found"
      },
      "timestamp": {
        "type": "string",
        "description": "the time when the vulnerability was found"
      },
      "title": {
        "type": "string",
        "description": "the title of the finding"
      },
      "definition": {
        "type": "object",
        "properties": {
          "uuid": {
            "type": "string",
            "description": "the unique identifier of the node"
          },
          "description": {
            "type": "string",
            "description": "the generic description of the finding"
          },
          "risk": {
            "type": "string",
            "description": "the possible effect of the vulnerability"
          },
          "references": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "uuid": {
                  "type": "string",
                  "description": "the unique identifier of the node"
                },
                "link": {
                  "type": "string",
                  "description": "the URL of the reference"
                },
                "name": {
                  "type": "string",
                  "description": "the name of the reference"
                },
                "source": {
                  "type": "string",
                  "description": "the name of the reference source"
                }
              }
            },
            "description": "a collection of references for further reading"
          }
        },
        "description": "generic information about the vulnerability"
      },
      "score": {
        "type": "array",
        "items": {
          "type": "object",
          "properties": {
            "version": {
              "type": "string",
              "description": "the CVSS version"
            },
            "score": {
              "type": "string",
              "description": "the CVSS score"
            },
            "vector": {
              "type": "string",
              "description": "the CVSS vector"
            }
          }
        },
        "description": "the CVSS scores of the finding"
      },
      "owasp": {
        "type": "array",
        "items": {
          "type": "object",
          "properties": {
            "year": {
              "type": "string",
              "description": "the year of the OWASP classification"
            },
            "classification": {
              "type": "string",
              "description": "the OWASP classification"
            }
          }
        },
        "description": "the OWASP classification of the finding"
      },
      "cwe": {
        "type": "number",
        "description": "the CWE (Common Weakness Enumeration) identifier of the finding"
      },
      "details": {
        "type": "array",
        "items": {
          "type": "object",
          "properties": {
            "uuid": {
              "type": "string",
              "description": "the unique identifier of the node"
            },
            "type": {
              "type": "string",
              "enum": [
                "Geography",
                "Graph",
                "HTML",
                "Image",
                "Markdown",
                "Text",
                "Video"
              ],
              "description": "the type of the detail"
            },
            "name": {
              "type": "string",
              "description": "the name of the detail"
            },
            "value": {
              "type": "string",
              "description": "the value of the detail"
            }
          }
        },
        "description": "detailed information on the finding"
      },
      "tags": {
        "type": "array",
        "items": {
          "type": "object",
          "properties": {
            "type": {
              "type": "string",
              "description": "the type of the tag"
            },
            "value": {
              "type": "string",
              "description": "the value of the tag"
            }
          }
        },
        "description": "finding tags"
      },
      "target": {
        "type": "object",
        "properties": {
          "uuid": {
            "type": "string",
            "description": "the unique identifier of the node"
          },
          "type": {
            "type": "string",
            "enum": [
              "Cookie",
              "Domain",
              "HTTP",
              "IP",
              "URL"
            ],
            "description": "the type of the target"
          },
          "name": {
            "type": "string",
            "description": "the cookie name (Cookie)"
          },
          "value": {
            "type": "string",
            "description": "the cookie value (Cookie)"
          },
          "domain": {
            "type": "string",
            "description": "the cookie domain (Cookie)"
          },
          "path": {
            "type": "string",
            "description": "the cookie path (Cookie)"
          },
          "secure": {
            "type": "boolean",
            "description": "indicates whether the cookie is HTTPS only (Cookie)"
          },
          "httponly": {
            "type": "string",
            "description": "indicates whether the cookie is server side only (Cookie)"
          },
          "expires": {
            "type": "string",
            "description": "the timestamp when the cookie expires (Cookie)"
          },
          "address": {
            "type": "string",
            "description": "the domain or IP address (Domain, IP)"
          },
          "port": {
            "type": "number",
            "description": "the port (IP)"
          },
          "url": {
            "type": "string",
            "description": "the target URL (HTTP, URL)"
          },
          "request_method": {
            "type": "string",
            "description": "the request method (HTTP)"
          },
          "request_version": {
            "type": "string",
            "description": "the request version (HTTP)"
          },
          "request_headers": {
            "type": "array",
            "description": "the array of request headers (HTTP)"
          },
          "request_body": {
            "type": "string",
            "description": "the request body (HTTP)"
          },
          "request_body_base64": {
            "type": "boolean",
            "description": "indicates whether the request body is BASE64 encoded (HTTP)"
          },
          "response_status_code": {
            "type": "number",
            "description": "the response status code (HTTP)"
          },
          "response_reason_phrase": {
            "type": "string",
            "description": "the response reason phrase (HTTP)"
          },
          "response_version": {
            "type": "string",
            "description": "the response version (HTTP)"
          },
          "response_headers": {
            "type": "array",
            "description": "the array of response headers (HTTP)"
          },
          "response_body": {
            "type": "string",
            "description": "the response body (HTTP)"
          },
          "response_body_base64": {
            "type": "boolean",
            "description": "indicates whether the response body is BASE64 encoded (HTTP)"
          },
          "response_encoding": {
            "type": "string",
            "description": "the response encoding"
          }
        },
        "description": "the target of the finding"
      },
      "vulnerable_resources": {
        "type": "object",
        "properties": {
          "vulnerable_headers": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "uuid": {
                  "type": "string",
                  "description": "the unique identifier of the node"
                },
                "name": {
                  "type": "string",
                  "description": "the header name"
                },
                "direction": {
                  "type": "string",
                  "enum": [
                    "Request",
                    "Response",
                    "Request/Response"
                  ],
                  "description": "the direction of the header"
                }
              }
            },
            "description": "the array of vulnerable headers"
          },
          "expected_headers": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "uuid": {
                  "type": "string",
                  "description": "the unique identifier of the node"
                },
                "name": {
                  "type": "string",
                  "description": "the header name"
                },
                "direction": {
                  "type": "string",
                  "enum": [
                    "Request",
                    "Response",
                    "Request/Response"
                  ],
                  "description": "the direction of the header"
                },
                "value": {
                  "type": "string",
                  "description": "the expected value"
                }
              }
            },
            "description": "the array of expected headers"
          },
          "vulnerable_cookies": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "uuid": {
                  "type": "string",
                  "description": "the unique identifier of the node"
                },
                "name": {
                  "type": "string",
                  "description": "the cookie name"
                }
              }
            },
            "description": "the array of vulnerable cookies"
          },
          "vulnerable_variables": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "uuid": {
                  "type": "string",
                  "description": "the unique identifier of the node"
                },
                "name": {
                  "type": "string",
                  "description": "the variable name"
                },
                "method": {
                  "type": "string",
                  "description": "the HTTP method"
                }
              }
            },
            "description": "the array of vulnerable variables"
          }
        },
        "description": "resources on the vulnerability"
      },
      "command_lines": {
        "type": "array",
        "description": "the command lines to reproduce the finding"
      },
      "highlights": {
        "type": "array",
        "description": "the highlights within the finding"
      }
    }
  }
}

Bad Request - One or more parameters are malformed.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Unauthorized - The API key or the message signature is invalid.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Forbidden - The API key cannot access this endpoint.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Not Found - The scan profile does not exist.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Bad Gateway - The REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Temporary outage within the Detectify infrastructure, possibly due to an upgrade of a Detectify component. Please try again later.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Gateway Timeout - Indicates that the request could not be processed in time, possibly due to overload. Please try again later.

Get findings for report
GET/rest/v2/findings/{scan_profile_token}/{report_token}/{?severity,from,to}

Only available for Enterprise plan.

Returns findings for the report identified by the scan profile token and report token.

The findings can be filtered based on severity and time interval using the from and to parameters. Time interval values must be specified in ISO 8601 format (encoded when containing UTC offset) or Unix time. The call returns a maximum of two thousand findings. Please use filtering if the report contains more. If there are no findings available for the specified parameters, the response contains an empty array.

Timestamps are in ISO 8601 format, UTC.

URI Parameters
HideShow
scan_profile_token
string (required) Example: 5605b488634efe810dff4276e28ca7f9

The scan profile token.

report_token
string (required) Example: 60a0fae258d2c952765e81054929c8e6a6fdbdf77

The report token.

severity
string (optional) 

Filters the findings based on the finding severity.

Choices: high medium low information

from
string (optional) Example: 1516114800

Filters the last updated findings before the specified timestamp.

to
string (optional) Example: 1516119398

Filters the findings last updated findings after the specified timestamp.


Get single finding

GET /rest/v2/findings/5605b488634efe810dff4276e28ca7f9/60a0fae258d2c952765e81054929c8e6a6fdbdf77/941c4794-379b-4efd-bccf-21c4f0c034b1/
Requestsexample 1
Headers
X-Detectify-Key: YourAPIKey
X-Detectify-Signature: YourMessageSignature
X-Detectify-Timestamp: YourTimestamp
Responses200400401403404502503504

OK - Returned finding.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "uuid": "941c4794-379b-4efd-bccf-21c4f0c034b1",
  "report_token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
  "scan_profile_token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
  "signature": "52eadaa2-fb97-11e7-8c3f-9a214cf093ae",
  "url": "https://detectify.com/report/5605b488634efe810dff4276e28ca7f9/60a0fae258d2c952765e81054929c8e6a6fdbdf77/941c4794-379b-4efd-bccf-21c4f0c034b1/",
  "found_at": "http://www.example.com/index.html",
  "timestamp": "2018-01-09T06:18:32Z",
  "title": "Cross Site Scripting (XSS)",
  "definition": {
    "uuid": "7fe484a3-0072-43a4-9051-17b02e47e9c8",
    "description": "An attacker can inject JavaScript into the victim's browsers, which will execute under the vulnerable domain.",
    "risk": "An attacker can use this to steal cookies, phishing, tabnabbing etc.",
    "references": [
      {
        "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
        "link": "http://support.detectify.com/customer/en/portal/articles/1711512-cross-site-scripting",
        "name": "REMEDIATION - Detectify Support Center - Cross Site Scripting",
        "source": "Detectify"
      }
    ]
  },
  "score": [
    {
      "version": "2.0",
      "score": "6.4",
      "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"
    }
  ],
  "owasp": [
    {
      "year": "2017",
      "classification": "A7"
    }
  ],
  "cwe": 12,
  "details": [
    {
      "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
      "type": "Geography",
      "name": "default, service_provider_host, service_provider_name, service_provider_mail, domain_statistics_seed, domain_statistics_dns, domain_statistics_vhost, domain_statistics_crawler, boolean_based_sql_injection",
      "value": "59.3293° N, 18.0686° E, Sweden (SE), Stockholms län, Stockholm 117 33"
    }
  ],
  "tags": [
    {
      "type": "Tag New",
      "value": "new"
    }
  ],
  "target": {
    "uuid": "c063bd03-f4eb-4e66-bb22-425f2f90b1d2",
    "type": "Cookie",
    "name": "SessionId",
    "value": "7jq7ffrpe251o7rh5sapo079p2",
    "domain": "example.com",
    "path": "/",
    "secure": true,
    "httponly": "false",
    "expires": "2018-01-09T09:12:50Z",
    "address": "1.1.1.1",
    "port": 80,
    "url": "http://www.example.com/index.html",
    "request_method": "GET",
    "request_version": "1.1",
    "request_headers": [
      {
        "name": "special_header",
        "value": "special_value"
      }
    ],
    "request_body": "...",
    "request_body_base64": false,
    "response_status_code": 200,
    "response_reason_phrase": "OK",
    "response_version": "1.1",
    "response_headers": [
      {
        "name": "special_header",
        "value": "special_value"
      }
    ],
    "response_body": "...",
    "response_body_base64": false,
    "response_encoding": "utf-8"
  },
  "vulnerable_resources": {
    "vulnerable_headers": [
      {
        "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
        "name": "Strict-Transport-Security",
        "direction": "Request"
      }
    ],
    "expected_headers": [
      {
        "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
        "name": "Strict-Transport-Security",
        "direction": "Request",
        "value": "max-age=60000"
      }
    ],
    "vulnerable_cookies": [
      {
        "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
        "name": "SessionId"
      }
    ],
    "vulnerable_variables": [
      {
        "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
        "name": "username",
        "method": "GET"
      }
    ]
  },
  "command_lines": [
    {
      "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
      "unix": "traceroute -m 40 -w 0.5 213.80.101.97",
      "windows": "tracert -h 40 -w 500 213.80.101.97"
    }
  ],
  "highlights": [
    {
      "uuid": "c063bd03-f4eb-4e66-bb22-425f2f90b1d2",
      "field": "url",
      "offset": 7,
      "length": 15
    }
  ]
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "uuid": {
      "type": "string",
      "description": "the finding UUID"
    },
    "report_token": {
      "type": "string",
      "description": "the report token"
    },
    "scan_profile_token": {
      "type": "string",
      "description": "the scan profile token"
    },
    "signature": {
      "type": "string",
      "description": "the finding signature"
    },
    "url": {
      "type": "string",
      "description": "the direct URL of the finding"
    },
    "found_at": {
      "type": "string",
      "description": "the URL where the vulnerability was found"
    },
    "timestamp": {
      "type": "string",
      "description": "the time when the vulnerability was found"
    },
    "title": {
      "type": "string",
      "description": "the title of the finding"
    },
    "definition": {
      "type": "object",
      "properties": {
        "uuid": {
          "type": "string",
          "description": "the unique identifier of the node"
        },
        "description": {
          "type": "string",
          "description": "the generic description of the finding"
        },
        "risk": {
          "type": "string",
          "description": "the possible effect of the vulnerability"
        },
        "references": {
          "type": "array",
          "items": {
            "type": "object",
            "properties": {
              "uuid": {
                "type": "string",
                "description": "the unique identifier of the node"
              },
              "link": {
                "type": "string",
                "description": "the URL of the reference"
              },
              "name": {
                "type": "string",
                "description": "the name of the reference"
              },
              "source": {
                "type": "string",
                "description": "the name of the reference source"
              }
            }
          },
          "description": "a collection of references for further reading"
        }
      },
      "description": "generic information about the vulnerability"
    },
    "score": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "version": {
            "type": "string",
            "description": "the CVSS version"
          },
          "score": {
            "type": "string",
            "description": "the CVSS score"
          },
          "vector": {
            "type": "string",
            "description": "the CVSS vector"
          }
        }
      },
      "description": "the CVSS scores of the finding"
    },
    "owasp": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "year": {
            "type": "string",
            "description": "the year of the OWASP classification"
          },
          "classification": {
            "type": "string",
            "description": "the OWASP classification"
          }
        }
      },
      "description": "the OWASP classification of the finding"
    },
    "cwe": {
      "type": "number",
      "description": "the CWE (Common Weakness Enumeration) identifier of the finding"
    },
    "details": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "uuid": {
            "type": "string",
            "description": "the unique identifier of the node"
          },
          "type": {
            "type": "string",
            "enum": [
              "Geography",
              "Graph",
              "HTML",
              "Image",
              "Markdown",
              "Text",
              "Video"
            ],
            "description": "the type of the detail"
          },
          "name": {
            "type": "string",
            "description": "the name of the detail"
          },
          "value": {
            "type": "string",
            "description": "the value of the detail"
          }
        }
      },
      "description": "detailed information on the finding"
    },
    "tags": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "type": {
            "type": "string",
            "description": "the type of the tag"
          },
          "value": {
            "type": "string",
            "description": "the value of the tag"
          }
        }
      },
      "description": "finding tags"
    },
    "target": {
      "type": "object",
      "properties": {
        "uuid": {
          "type": "string",
          "description": "the unique identifier of the node"
        },
        "type": {
          "type": "string",
          "enum": [
            "Cookie",
            "Domain",
            "HTTP",
            "IP",
            "URL"
          ],
          "description": "the type of the target"
        },
        "name": {
          "type": "string",
          "description": "the cookie name (Cookie)"
        },
        "value": {
          "type": "string",
          "description": "the cookie value (Cookie)"
        },
        "domain": {
          "type": "string",
          "description": "the cookie domain (Cookie)"
        },
        "path": {
          "type": "string",
          "description": "the cookie path (Cookie)"
        },
        "secure": {
          "type": "boolean",
          "description": "indicates whether the cookie is HTTPS only (Cookie)"
        },
        "httponly": {
          "type": "string",
          "description": "indicates whether the cookie is server side only (Cookie)"
        },
        "expires": {
          "type": "string",
          "description": "the timestamp when the cookie expires (Cookie)"
        },
        "address": {
          "type": "string",
          "description": "the domain or IP address (Domain, IP)"
        },
        "port": {
          "type": "number",
          "description": "the port (IP)"
        },
        "url": {
          "type": "string",
          "description": "the target URL (HTTP, URL)"
        },
        "request_method": {
          "type": "string",
          "description": "the request method (HTTP)"
        },
        "request_version": {
          "type": "string",
          "description": "the request version (HTTP)"
        },
        "request_headers": {
          "type": "array",
          "description": "the array of request headers (HTTP)"
        },
        "request_body": {
          "type": "string",
          "description": "the request body (HTTP)"
        },
        "request_body_base64": {
          "type": "boolean",
          "description": "indicates whether the request body is BASE64 encoded (HTTP)"
        },
        "response_status_code": {
          "type": "number",
          "description": "the response status code (HTTP)"
        },
        "response_reason_phrase": {
          "type": "string",
          "description": "the response reason phrase (HTTP)"
        },
        "response_version": {
          "type": "string",
          "description": "the response version (HTTP)"
        },
        "response_headers": {
          "type": "array",
          "description": "the array of response headers (HTTP)"
        },
        "response_body": {
          "type": "string",
          "description": "the response body (HTTP)"
        },
        "response_body_base64": {
          "type": "boolean",
          "description": "indicates whether the response body is BASE64 encoded (HTTP)"
        },
        "response_encoding": {
          "type": "string",
          "description": "the response encoding"
        }
      },
      "description": "the target of the finding"
    },
    "vulnerable_resources": {
      "type": "object",
      "properties": {
        "vulnerable_headers": {
          "type": "array",
          "items": {
            "type": "object",
            "properties": {
              "uuid": {
                "type": "string",
                "description": "the unique identifier of the node"
              },
              "name": {
                "type": "string",
                "description": "the header name"
              },
              "direction": {
                "type": "string",
                "enum": [
                  "Request",
                  "Response",
                  "Request/Response"
                ],
                "description": "the direction of the header"
              }
            }
          },
          "description": "the array of vulnerable headers"
        },
        "expected_headers": {
          "type": "array",
          "items": {
            "type": "object",
            "properties": {
              "uuid": {
                "type": "string",
                "description": "the unique identifier of the node"
              },
              "name": {
                "type": "string",
                "description": "the header name"
              },
              "direction": {
                "type": "string",
                "enum": [
                  "Request",
                  "Response",
                  "Request/Response"
                ],
                "description": "the direction of the header"
              },
              "value": {
                "type": "string",
                "description": "the expected value"
              }
            }
          },
          "description": "the array of expected headers"
        },
        "vulnerable_cookies": {
          "type": "array",
          "items": {
            "type": "object",
            "properties": {
              "uuid": {
                "type": "string",
                "description": "the unique identifier of the node"
              },
              "name": {
                "type": "string",
                "description": "the cookie name"
              }
            }
          },
          "description": "the array of vulnerable cookies"
        },
        "vulnerable_variables": {
          "type": "array",
          "items": {
            "type": "object",
            "properties": {
              "uuid": {
                "type": "string",
                "description": "the unique identifier of the node"
              },
              "name": {
                "type": "string",
                "description": "the variable name"
              },
              "method": {
                "type": "string",
                "description": "the HTTP method"
              }
            }
          },
          "description": "the array of vulnerable variables"
        }
      },
      "description": "resources on the vulnerability"
    },
    "command_lines": {
      "type": "array",
      "description": "the command lines to reproduce the finding"
    },
    "highlights": {
      "type": "array",
      "description": "the highlights within the finding"
    }
  }
}

Bad Request - One or more parameters are malformed.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Unauthorized - The API key or the message signature is invalid.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Forbidden - The API key cannot access this endpoint.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Not Found - The finding does not exist.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Bad Gateway - The REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Temporary outage within the Detectify infrastructure, possibly due to an upgrade of a Detectify component. Please try again later.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Gateway Timeout - Indicates that the request could not be processed in time, possibly due to overload. Please try again later.

Get single finding
GET/rest/v2/findings/{scan_profile_token}/{report_token}/{finding_UUID}/

Only available for Enterprise plan.

Returns a single finding identified by the scan profile token, report token and finding UUID.

Timestamps are in ISO 8601 format, UTC.

URI Parameters
HideShow
scan_profile_token
string (required) Example: 5605b488634efe810dff4276e28ca7f9

The scan profile token.

report_token
string (required) Example: 60a0fae258d2c952765e81054929c8e6a6fdbdf77

The report token.

finding_UUID
string (required) Example: 941c4794-379b-4efd-bccf-21c4f0c034b1

The unique identifier of the finding.


Domain findings

Findings represent either a vulnerability or other information acquired or produced using Domain Monitoring Service. Domain monitoring can be enabled through the website.

Findings have a multi-level structure as various information is gathered and aggregated. Findings are identified by the finding universally unique identifier (UUID), which is unique for each finding.

As opposed to scan findings, domain findings occur over a period of time indicated by the start and end timetamps. The end timestamp is only specified if the vulnerability stopped appearing. If a vulnerability reoccurs after stopping to appear, it is considered a regression of a previous finding. In this case, a new UUID is assigned to the finding, and a regression UUID identifies the finding for which the new finding is a regression of. You can use also the finding signature for tracking recurring findings.

Findings include basic information such as the title and location of the finding, the direct finding URL, and more complex information:

  • signature: The finding signature, which is a hash of finding information and are the same for recurring findings for the same domain.

  • definition: Generic information about a vulnerability, such as risk and a collection of references for further reading.

  • score: The CVSS score information that contains the CVSS version and vector used to compute the score. Multiple scores can be present for different CVSS versions (e.g. CVSS v2 and v3).

  • OWASP: The OWASP Top 10 classification information based on the year. Multiple scores can be present for different years.

  • CWE: The Common Weakness Enumeration (CWE) identifier of the vulnerability.

  • tags: Provides additional information about the finding and enables categorization. Tags come with type and value, where type refers to the purpose of the tag. Currently supported tag types:

    • New: Indicates that the finding is new and did not appear previously.
    • High/Medium/Low: Marks the finding severity used on the website.
    • Crowdsourced: Indicates that the finding comes from a module implemented from Detectify Crowdsource.
    • Accepted Risk: Marks a finding as accepted risk. Can be added/removed through the website.
    • False Positive: Marks a finding as false positive. Can be added/removed through the website.
    • Patched: Marks a finding as fixed. Can be added/removed through the website.
  • target: Provides information on the target of the vulnerability. The information depends on the type value. Supported types are:

    • Cookie: Indicates a HTTP cookie. Example:

      {
          "uuid": "c063bd03-f4eb-4e66-bb22-425f2f90b1d2",
          "type": "Cookie",
          "version": "1.1",
          "name": "SessionId",
          "value": "7jq7ffrpe251o7rh5sapo079p2",
          "domain": "example.com",
          "path": "/",
          "secure": true,
          "httponly": false,
          "expires": "2018-01-09T09:12:50Z"
      }
    • Domain: Indicates a domain. Example:

      {
          "uuid": "c063bd03-f4eb-4e66-bb22-425f2f90b1d2",
          "type": "Domain",
          "address": "example.com"
      }
    • HTTP: Indicates a HTTP request with complete information on request/response. Example:

      {
          "uuid":"c063bd03-f4eb-4e66-bb22-425f2f90b1d2",
          "type": "HTTP",
          "url": "http://www.example.com/index.html",
          "request_method": "GET",
          "request_version": "1.1",
          "request_headers": [
              {
                  "name": "Accept",
                  "value": "text/html"
              }
          ],
          "request_body": "",
          "request_body_base64": false,
          "response_status_code": 200,
          "response_reason_phrase": "OK",
          "response_version": "1.1",
          "response_headers": [
              {
                  "name": "Transfer-Encoding",
                  "value": "chunked"
              }
          ],
          "response_body": "...",
          "response_body_base64": false,
          "response_encoding": "utf-8"
      }
    • IP: Indicates an IP address and optionally a port number. Example:

      {
          "uuid": "c063bd03-f4eb-4e66-bb22-425f2f90b1d2",
          "type": "IP",
          "address": "1.1.1.1",
          "port": 80
      }
    • URL: Indicates an URL. Example:

      {
          "uuid": "c063bd03-f4eb-4e66-bb22-425f2f90b1d2",
          "type": "URL",
          "url": "http://www.example.com/index.html"
      }

Get findings for domain

GET /rest/v2/domains/5605b488634efe810dff4276e28ca7f9/findings/?severity=&from=1516114800&to=1516119398
Requestsexample 1
Headers
X-Detectify-Key: YourAPIKey
X-Detectify-Signature: YourMessageSignature
X-Detectify-Timestamp: YourTimestamp
Responses200400401403404412502503504

OK - Returned domain monitoring finding list.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
[
  {
    "uuid": "941c4794-379b-4efd-bccf-21c4f0c034b1",
    "regression_uuid": "b7afade4-d26a-438b-9827-868c2ab13f64",
    "domain_token": "9cf53dabf7e213189c89587db33c9cfa",
    "signature": "52eadaa2-fb97-11e7-8c3f-9a214cf093ae",
    "url": "https://detectify.com/domains/9cf53dabf7e213189c89587db33c9cfa/findings/941c4794-379b-4efd-bccf-21c4f0c034b1/",
    "found_at": "www.example.com",
    "start_timestamp": "2018-01-09T06:18:32Z",
    "end_timestamp": "2018-09-10T16:32:11Z",
    "title": "Cross Site Scripting (XSS)",
    "definition": {
      "uuid": "7fe484a3-0072-43a4-9051-17b02e47e9c8",
      "description": "An attacker can inject JavaScript into the victim's browsers, which will execute under the vulnerable domain.",
      "risk": "An attacker can use this to steal cookies, phishing, tabnabbing etc.",
      "references": [
        {
          "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
          "link": "http://support.detectify.com/customer/en/portal/articles/1711512-cross-site-scripting",
          "name": "REMEDIATION - Detectify Support Center - Cross Site Scripting",
          "source": "Detectify"
        }
      ]
    },
    "score": [
      {
        "version": "2.0",
        "score": "6.4",
        "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"
      }
    ],
    "owasp": [
      {
        "year": "2017",
        "classification": "A7"
      }
    ],
    "details": [
      {
        "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
        "type": "Geography",
        "name": "default, service_provider_host, service_provider_name, service_provider_mail, domain_statistics_seed, domain_statistics_dns, domain_statistics_vhost, domain_statistics_crawler, boolean_based_sql_injection",
        "value": "59.3293° N, 18.0686° E, Sweden (SE), Stockholms län, Stockholm 117 33"
      }
    ],
    "tags": [
      {
        "type": "Tag New",
        "value": "new"
      }
    ],
    "target": {
      "uuid": "c063bd03-f4eb-4e66-bb22-425f2f90b1d2",
      "type": "Domain",
      "address": "example.com"
    }
  }
]
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "array",
  "items": {
    "type": "object",
    "properties": {
      "uuid": {
        "type": "string",
        "enum": [
          "941c4794-379b-4efd-bccf-21c4f0c034b1"
        ],
        "description": "the finding UUID"
      },
      "regression_uuid": {
        "type": "string",
        "enum": [
          "b7afade4-d26a-438b-9827-868c2ab13f64"
        ],
        "description": "the UUID of the finding this is a regression of"
      },
      "domain_token": {
        "type": "string",
        "enum": [
          "9cf53dabf7e213189c89587db33c9cfa"
        ],
        "description": "the domain token"
      },
      "signature": {
        "type": "string",
        "enum": [
          "52eadaa2-fb97-11e7-8c3f-9a214cf093ae"
        ],
        "description": "the finding signature"
      },
      "url": {
        "type": "string",
        "enum": [
          "https://detectify.com/domains/9cf53dabf7e213189c89587db33c9cfa/findings/941c4794-379b-4efd-bccf-21c4f0c034b1/"
        ],
        "description": "the direct URL of the finding"
      },
      "found_at": {
        "type": "string",
        "enum": [
          "www.example.com"
        ],
        "description": "the domain that is affected by the vulnerability"
      },
      "start_timestamp": {
        "type": "string",
        "enum": [
          "2018-01-09T06:18:32Z"
        ],
        "description": "the time when the vulnerability was first found"
      },
      "end_timestamp": {
        "type": "string",
        "enum": [
          "2018-09-10T16:32:11Z"
        ],
        "description": "the time when the vulnerability stopped being found"
      },
      "title": {
        "type": "string",
        "enum": [
          "Cross Site Scripting (XSS)"
        ],
        "description": "the title of the finding"
      },
      "definition": {
        "type": "object",
        "properties": {
          "uuid": {
            "type": "string",
            "enum": [
              "7fe484a3-0072-43a4-9051-17b02e47e9c8"
            ],
            "description": "the unique identifier of the node"
          },
          "description": {
            "type": "string",
            "enum": [
              "An attacker can inject JavaScript into the victim's browsers, which will execute under the vulnerable domain."
            ],
            "description": "the generic description of the finding"
          },
          "risk": {
            "type": "string",
            "enum": [
              "An attacker can use this to steal cookies, phishing, tabnabbing etc."
            ],
            "description": "the possible effect of the vulnerability"
          },
          "references": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "uuid": {
                  "type": "string",
                  "enum": [
                    "b35da650-b671-45ed-9268-8c374b02f924"
                  ],
                  "description": "the unique identifier of the node"
                },
                "link": {
                  "type": "string",
                  "enum": [
                    "http://support.detectify.com/customer/en/portal/articles/1711512-cross-site-scripting"
                  ],
                  "description": "the URL of the reference"
                },
                "name": {
                  "type": "string",
                  "enum": [
                    "REMEDIATION - Detectify Support Center - Cross Site Scripting"
                  ],
                  "description": "the name of the reference"
                },
                "source": {
                  "type": "string",
                  "enum": [
                    "Detectify"
                  ],
                  "description": "the name of the reference source"
                }
              },
              "required": [
                "uuid",
                "link",
                "name",
                "source"
              ],
              "additionalProperties": false
            },
            "description": "a collection of references for further reading"
          }
        },
        "required": [
          "uuid",
          "description",
          "risk",
          "references"
        ],
        "additionalProperties": false,
        "description": "generic information about the vulnerability"
      },
      "score": {
        "type": "array",
        "items": {
          "type": "object",
          "properties": {
            "version": {
              "type": "string",
              "enum": [
                "2.0"
              ],
              "description": "the CVSS version"
            },
            "score": {
              "type": "string",
              "enum": [
                "6.4"
              ],
              "description": "the CVSS score"
            },
            "vector": {
              "type": "string",
              "enum": [
                "AV:N/AC:L/Au:N/C:P/I:P/A:N"
              ],
              "description": "the CVSS vector"
            }
          },
          "required": [
            "version",
            "score",
            "vector"
          ],
          "additionalProperties": false