Detectify API

API Endpoint

This page contains the documentation for the Detectify API accessible at https://api.detectify.com.

The Detectify API enables connectivity and automation through a RESTful interface with the following features:

The API can be accessed using an API key. API keys can be managed using the team page. For more details, see authentication. Depending on your subscription, some API functions may not be available.

Specification

You can download the API specification in the following formats:

Examples

Please have a look at our example implementations of the API if you need help to get started. You can find them on our GitHub page.

Authentication

All HTTP messages must be authenticated using the API key generated on the team page. For additional security, the API also allows signing the messages based on the secret key specified for the API key.

You can specify the API key in the following ways:

  • HTTP Authentication using your API key as username (BASE64 encoded):

    GET /rest/v2/domains/ HTTP/1.1
    Host: api.detectify.com
    Authorization: Basic MTA4NDBiMGY5Mzg5NDJmZWFmYjcxODZkZTc0Yjk2ODI6
  • Using the X-Detectify-Key HTTP header:

    GET /rest/v2/domains/ HTTP/1.1
    Host: api.detectify.com
    X-Detectify-Key: 10840b0f938942feafb7186de74b9682
  • Include in URL:

    https://10840b0f938942feafb7186de74b9682@api.detectify.com/rest/v2/domains/

If you created a secret key for the API key, you need to include the message signature in the request using the X-Detectify-Signature HTTP header, and the time of message creation in Unix time using the X-Detectify-Timestamp HTTP header:

GET /rest/v2/domains HTTP/1.1
Host: api.detectify.com
X-Detectify-Key: 10840b0f938942feafb7186de74b9682
X-Detectify-Signature: 6jpu6S4cQwEY4uLk+xELSe1RhajVJP0QEDpGWZ5T+U0=
X-Detectify-Timestamp: 1519829567

Messages with a timestamp older than 10 seconds before the time of receiving the message, or newer than 5 seconds after the time of receiving the message result in an authentication error.

The signature is a BASE64 hash value using the keyed-hash message authentication code (HMAC) with the SHA-256 compression function. The encryption uses the secret key specified in the settings (with BASE64 encoding). The input for the hash function is a semicolon-separated combination of

  • the HTTP method (capitalized, e.g., GET),

  • the relative URL path after https://api.detectify.com/rest (e.g., /v2/domains/),

  • the API key,

  • the UNIX timestamp specified in the X-Detectify-Timestamp header, and

  • the request body (left empty for requests without body).

Schema:

key = BASE64_DECODE({secret key})
value = {HTTP method};{relative URL};{API key};{timestamp};{request body}
signature = BASE64_ENCODE(HMAC_SHA256(key, value))

Example:

  • HTTP request GET https://api.detectify.com/rest/v2/domains/

  • at 2018-02-28T14:52:47Z, which is UNIX timestamp 1519829567

  • for API key 10840b0f938942feafb7186de74b9682

  • with secret key 0vyTnawJRFn0Q9tWLTM188Olizc72JczHSXoIlsPQIc=

  • generates message signature 6jpu6S4cQwEY4uLk+xELSe1RhajVJP0QEDpGWZ5T+U0=.

key = BASE64_DECODE("0vyTnawJRFn0Q9tWLTM188Olizc72JczHSXoIlsPQIc=")
value = "GET;/v2/domains/;10840b0f938942feafb7186de74b9682;1519829567;"
signature = BASE64_ENCODE(HMAC_SHA256(key, value))

Asset inventory

Asset inventory allows managing assets, such as domains and IP addresses.

Assets can be identified by the domain token and the asset UUID. The domain token only exists for assets and IPs that were manually added. The asset UUID exists also for autodiscovered subdomains and can be used to manage owners.

The asset information contains the domain name or IP address, status (indicating whether the asset is verified), creation/update time, owner and whether asset monitoring is enabled.

Manage assets

POST /rest/v2/domains/
Requestsexample 1
Headers
Content-Type: application/json
X-Detectify-Key: YourAPIKey
X-Detectify-Signature: YourMessageSignature
X-Detectify-Timestamp: YourTimestamp
Body
{
  "name": "example.com"
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "name": {
      "type": "string",
      "description": "domain name or IP address and (optional) port number"
    }
  },
  "required": [
    "name"
  ]
}
Responses201400401403423502503504

Created - Asset created.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "uuid": "941c4794-379b-4efd-bccf-21c4f0c034b1",
  "name": "www.example.com",
  "status": "verified",
  "created": "2018-01-10T08:34:15Z",
  "updated": "2019-05-28T08:34:15Z",
  "token": "9cf53dabf7e213189c89587db33c9cfa",
  "monitored": false,
  "owner": {
    "name": "marketing"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "uuid": {
      "type": "string",
      "description": "the asset UUID"
    },
    "name": {
      "type": "string",
      "description": "domain name or IP address"
    },
    "status": {
      "type": "string",
      "enum": [
        "verified",
        "unverified"
      ],
      "description": "indicates whether the asset is verified"
    },
    "created": {
      "type": "string",
      "description": "the timestamp the asset was created"
    },
    "updated": {
      "type": "string",
      "description": "the timestamp the asset was last updated"
    },
    "token": {
      "type": "string",
      "description": "the domain token"
    },
    "monitored": {
      "type": "boolean",
      "description": "indicates whether asset monitoring is enabled for the asset"
    },
    "owner": {
      "type": "object",
      "properties": {
        "name": {
          "type": "string",
          "description": "the name of the owner"
        }
      },
      "description": "the owner of the asset"
    }
  }
}

Bad Request - The request body is malformed.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Unauthorized - The API key or the message signature is invalid.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Forbidden - The API key cannot access this endpoint.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Locked - The asset already exists.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Bad Gateway - The REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Temporary outage within the Detectify infrastructure, possibly due to an upgrade of a Detectify component. Please try again later.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Gateway Timeout - Indicates that the request could not be processed in time, possibly due to overload. Please try again later.

Add asset
POST/rest/v2/domains/

Only available for Enterprise plan.

Adds a new asset for the team for the specified domain name or IP address. In case of domains the domain name can be a second level domain or subdomain. Optionally, you can specify a port number for the asset that will used for asset verification. The call returns information about the newly created asset including the generated domain token and status.


GET /rest/v2/domains/
Requestsexample 1
Headers
X-Detectify-Key: YourAPIKey
X-Detectify-Signature: YourMessageSignature
X-Detectify-Timestamp: YourTimestamp
Responses200401403502503504

OK - Returned assets.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
[
  {
    "uuid": "941c4794-379b-4efd-bccf-21c4f0c034b1",
    "name": "www.example.com",
    "status": "verified",
    "created": "2018-01-10T08:34:15Z",
    "updated": "2019-05-28T08:34:15Z",
    "token": "9cf53dabf7e213189c89587db33c9cfa",
    "monitored": false,
    "owner": {
      "name": "marketing"
    }
  }
]
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "array",
  "items": {
    "type": "object",
    "properties": {
      "uuid": {
        "type": "string",
        "enum": [
          "941c4794-379b-4efd-bccf-21c4f0c034b1"
        ],
        "description": "the asset UUID"
      },
      "name": {
        "type": "string",
        "enum": [
          "www.example.com"
        ],
        "description": "domain name or IP address"
      },
      "status": {
        "type": "string",
        "enum": [
          "verified",
          "unverified"
        ],
        "description": "indicates whether the asset is verified"
      },
      "created": {
        "type": "string",
        "enum": [
          "2018-01-10T08:34:15Z"
        ],
        "description": "the timestamp the asset was created"
      },
      "updated": {
        "type": "string",
        "enum": [
          "2019-05-28T08:34:15Z"
        ],
        "description": "the timestamp the asset was last updated"
      },
      "token": {
        "type": "string",
        "enum": [
          "9cf53dabf7e213189c89587db33c9cfa"
        ],
        "description": "the domain token"
      },
      "monitored": {
        "type": "boolean",
        "enum": [
          false
        ],
        "description": "indicates whether asset monitoring is enabled for the asset"
      },
      "owner": {
        "type": "object",
        "properties": {
          "name": {
            "type": "string",
            "enum": [
              "marketing"
            ],
            "description": "the name of the owner"
          }
        },
        "required": [
          "name"
        ],
        "additionalProperties": false,
        "description": "the owner of the asset"
      }
    },
    "required": [
      "uuid",
      "name",
      "status",
      "created",
      "updated",
      "token",
      "monitored",
      "owner"
    ],
    "additionalProperties": false
  }
}

Unauthorized - The API key or the message signature is invalid.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Forbidden - The API key cannot access this endpoint.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Bad Gateway - The REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Temporary outage within the Detectify infrastructure, possibly due to an upgrade of a Detectify component. Please try again later.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Gateway Timeout - Indicates that the request could not be processed in time, possibly due to overload. Please try again later.

Get root assets
GET/rest/v2/domains/

Returns an array of all root assets for the team.

If the team has no assets, the response contains an empty array.

Timestamps are in ISO 8601 format, UTC.


GET /rest/v2/domains/9cf53dabf7e213189c89587db33c9cfa/subdomains/
Requestsexample 1
Headers
X-Detectify-Key: YourAPIKey
X-Detectify-Signature: YourMessageSignature
X-Detectify-Timestamp: YourTimestamp
Responses200400401403502503504

OK - Returned subdomains.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
[
  {
    "uuid": "941c4794-379b-4efd-bccf-21c4f0c034b1",
    "name": "www.example.com",
    "status": "verified",
    "created": "2018-01-10T08:34:15Z",
    "updated": "2019-05-28T08:34:15Z",
    "token": "9cf53dabf7e213189c89587db33c9cfa",
    "discovered": "2018-01-03T09:54:23Z",
    "last_seen": "2018-03-13T12:05:13Z",
    "tags": [
      {
        "type": "Tag Autodiscovery",
        "value": "autodiscovery"
      }
    ],
    "owner": {
      "name": "marketing"
    }
  }
]
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "array",
  "items": {
    "type": "object",
    "properties": {
      "uuid": {
        "type": "string",
        "enum": [
          "941c4794-379b-4efd-bccf-21c4f0c034b1"
        ],
        "description": "the asset UUID"
      },
      "name": {
        "type": "string",
        "enum": [
          "www.example.com"
        ],
        "description": "host name or IP address"
      },
      "status": {
        "type": "string",
        "enum": [
          "verified",
          "unverified"
        ],
        "description": "indicates whether the subdomain is verified (for manual subdomains)"
      },
      "created": {
        "type": "string",
        "enum": [
          "2018-01-10T08:34:15Z"
        ],
        "description": "the timestamp the subdomain was created (for manual domains)"
      },
      "updated": {
        "type": "string",
        "enum": [
          "2019-05-28T08:34:15Z"
        ],
        "description": "the timestamp the subdomain was last updated"
      },
      "token": {
        "type": "string",
        "enum": [
          "9cf53dabf7e213189c89587db33c9cfa"
        ],
        "description": "the domain token (for manually added assets)"
      },
      "discovered": {
        "type": "string",
        "enum": [
          "2018-01-03T09:54:23Z"
        ],
        "description": "the timestamp the subdomain was discovered (for discovered subdomains)"
      },
      "last_seen": {
        "type": "string",
        "enum": [
          "2018-03-13T12:05:13Z"
        ],
        "description": "the timestamp the subdomain was last seen (for discovered subdomains)"
      },
      "tags": {
        "type": "array",
        "items": {
          "type": "object",
          "properties": {
            "type": {
              "type": "string",
              "enum": [
                "Tag Autodiscovery"
              ],
              "description": "the type of the tag"
            },
            "value": {
              "type": "string",
              "enum": [
                "autodiscovery"
              ],
              "description": "the value of the tag"
            }
          },
          "required": [
            "type",
            "value"
          ],
          "additionalProperties": false
        },
        "description": "the tags associated with the subdomain"
      },
      "owner": {
        "type": "object",
        "properties": {
          "name": {
            "type": "string",
            "enum": [
              "marketing"
            ],
            "description": "the name of the owner"
          }
        },
        "required": [
          "name"
        ],
        "additionalProperties": false,
        "description": "the owner of the subdomain"
      }
    },
    "required": [
      "uuid",
      "name",
      "status",
      "created",
      "updated",
      "token",
      "discovered",
      "last_seen",
      "tags",
      "owner"
    ],
    "additionalProperties": false
  }
}

Bad Request - The domain token is malformed.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Unauthorized - The API key or the message signature is invalid.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Forbidden - The API key cannot access this endpoint.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Bad Gateway - The REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Temporary outage within the Detectify infrastructure, possibly due to an upgrade of a Detectify component. Please try again later.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Gateway Timeout - Indicates that the request could not be processed in time, possibly due to overload. Please try again later.

Get subdomains
GET/rest/v2/domains/{domain_token}/subdomains/

Retrieves subdomains (including the root domain) for the root asset identified by the domain token. The domain token can be retrieved using Get root assets.

The response includes

  • manually added subdomains (tagged manual with general asset information),

  • subdomains that are endpoints for a scan profile (tagged scanprofile) and

  • subdomains discovered using DNS information (tagged autodiscovery with discovery times).

For IP addresses, an empty array is returned.

URI Parameters
HideShow
domain_token
string (required) Example: 9cf53dabf7e213189c89587db33c9cfa

The domain token.


DELETE /rest/v2/domains/9cf53dabf7e213189c89587db33c9cfa/
Requestsexample 1
Headers
X-Detectify-Key: YourAPIKey
X-Detectify-Signature: YourMessageSignature
X-Detectify-Timestamp: YourTimestamp
Responses200400401403412502503504

OK - Removed asset.

Bad Request - The domain token is malformed.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Unauthorized - The API key or the message signature is invalid.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Forbidden - The API key cannot access this endpoint.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Precondition Failed - One or more scan profiles exist for the asset.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Bad Gateway - The REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Temporary outage within the Detectify infrastructure, possibly due to an upgrade of a Detectify component. Please try again later.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Gateway Timeout - Indicates that the request could not be processed in time, possibly due to overload. Please try again later.

Remove asset
DELETE/rest/v2/domains/{domain_token}/

Only available for Enterprise plan.

Removes the asset identified by the domain token. The domain token can be retrieved using Get root assets.

You can only remove the asset if no scan profiles exist, which has the same domain or IP address as endpoint.

URI Parameters
HideShow
domain_token
string (required) Example: 9cf53dabf7e213189c89587db33c9cfa

The domain token.


Manage asset settings

PUT /rest/v2/domains/9cf53dabf7e213189c89587db33c9cfa/settings/
Requestsexample 1
Headers
X-Detectify-Key: YourAPIKey
X-Detectify-Signature: YourMessageSignature
X-Detectify-Timestamp: YourTimestamp
Body
{
  "monitoring": true,
  "scrape": true,
  "brute_force": true
}
Schema
{
  "type": "object",
  "properties": {
    "monitoring": {
      "type": "boolean",
      "description": "enables or disables asset monitoring on a given asset"
    },
    "scrape": {
      "type": "boolean",
      "description": "retrieve subdomains from various public sources on the internet"
    },
    "brute_force": {
      "type": "boolean",
      "description": "check subdomains against a comprehensive list of possible subdomains"
    }
  },
  "$schema": "http://json-schema.org/draft-04/schema#"
}
Responses200400401403404502503504

OK - Updated settings.

Body
{
  "monitoring": true,
  "scrape": true,
  "brute_force": true
}
Schema
{
  "type": "object",
  "properties": {
    "monitoring": {
      "type": "boolean",
      "description": "enables or disables asset monitoring on a given asset"
    },
    "scrape": {
      "type": "boolean",
      "description": "retrieve subdomains from various public sources on the internet"
    },
    "brute_force": {
      "type": "boolean",
      "description": "check subdomains against a comprehensive list of possible subdomains"
    }
  },
  "$schema": "http://json-schema.org/draft-04/schema#"
}

Bad Request - The domain token is malformed or the asset is not a domain.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Unauthorized - The API key or the message signature is invalid.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Forbidden - The API key cannot access this functionality.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Not Found - The asset does not exist.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Bad Gateway - The REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Temporary outage within the Detectify infrastructure, possibly due to an upgrade of a Detectify component. Please try again later.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Gateway Timeout - Indicates that the request could not be processed in time, possibly due to overload. Please try again later.

Update asset settings
PUT/rest/v2/domains/{domain_token}/settings/

Only available for Enterprise plan.

Updates the asset settings for an asset identified by the domain token. The domain token can be retrieved using Get root assets.

The settings contain the following information:

  • Monitoring: indicates whether asset monitoring is enabled on the asset. Asset monitoring can only be enabled for domains.

  • Scrape: indicates whether to retrieve domains from various public sources on the internet when asset monitoring is enabled.

  • Brute force: indicates whether to check subdomains against a comprehensive list of possible subdomains when asset monitoring is enabled.

URI Parameters
HideShow
domain_token
string (required) Example: 9cf53dabf7e213189c89587db33c9cfa

The domain token.


GET /rest/v2/domains/9cf53dabf7e213189c89587db33c9cfa/settings/
Requestsexample 1
Headers
X-Detectify-Key: YourAPIKey
X-Detectify-Signature: YourMessageSignature
X-Detectify-Timestamp: YourTimestamp
Responses200400401403404502503504

OK - Returned asset settings.

Body
{
  "monitoring": true,
  "scrape": true,
  "brute_force": true
}
Schema
{
  "type": "object",
  "properties": {
    "monitoring": {
      "type": "boolean",
      "description": "enables or disables asset monitoring on a given asset"
    },
    "scrape": {
      "type": "boolean",
      "description": "retrieve subdomains from various public sources on the internet"
    },
    "brute_force": {
      "type": "boolean",
      "description": "check subdomains against a comprehensive list of possible subdomains"
    }
  },
  "$schema": "http://json-schema.org/draft-04/schema#"
}

Bad Request - The domain token or payload are malformed.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Unauthorized - The API key or the message signature is invalid.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Forbidden - The API key cannot access this functionality.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Not Found - The asset does not exist.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Bad Gateway - The REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Temporary outage within the Detectify infrastructure, possibly due to an upgrade of a Detectify component. Please try again later.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Gateway Timeout - Indicates that the request could not be processed in time, possibly due to overload. Please try again later.

Get asset settings
GET/rest/v2/domains/{domain_token}/settings/

Gets the asset settings for an asset identified by the domain token. The domain token can be retrieved using Get root assets.

The settings contain the following information:

  • Monitoring: indicates whether asset monitoring is enabled on the asset.

  • Scrape: indicates whether to retrieve domains from various public sources on the internet when asset monitoring is enabled.

  • Brute force: indicates whether to check subdomains against a comprehensive list of possible subdomains when asset monitoring is enabled.

URI Parameters
HideShow
domain_token
string (required) Example: 9cf53dabf7e213189c89587db33c9cfa

The domain token.


PUT /rest/v2/domains/0b14fd3e-9c30-4038-9d78-b5e7d992dc01/owner/
Requestsexample 1
Headers
X-Detectify-Key: YourAPIKey
X-Detectify-Signature: YourMessageSignature
X-Detectify-Timestamp: YourTimestamp
Body
{
  "name": "detectify"
}
Schema
{
  "type": "object",
  "properties": {
    "name": {
      "type": "string",
      "description": "the name of the asset owner"
    }
  },
  "$schema": "http://json-schema.org/draft-04/schema#"
}
Responses200400401403502503504

OK - owner updated.

Bad Request - The asset UUID is malformed.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Unauthorized - The API key or the message signature is invalid.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Forbidden - The API key cannot access this functionality.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Bad Gateway - The REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Temporary outage within the Detectify infrastructure, possibly due to an upgrade of a Detectify component. Please try again later.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Gateway Timeout - Indicates that the request could not be processed in time, possibly due to overload. Please try again later.

Update asset owner
PUT/rest/v2/domains/{asset_uuid}/owner/

Only available for Enterprise plan.

Sets the asset owner for the domain or IP address, identified by the asset UUID. The asset UUID can be retrieved using Get root assets or Get subdomains. If the asset is a domain, any subdomains of that domain that do not already have an owner will be assigned the same owner.

URI Parameters
HideShow
asset_uuid
string (required) Example: 0b14fd3e-9c30-4038-9d78-b5e7d992dc01

The asset UUID.


Asset monitoring

Asset monitoring findings are vulnerabilities detected on asset level, such as potential subdomain takeover. Asset monitoring can be enabled using Update asset settings.

Finding have a multi-level structure as various information is gathered and aggregated. Findings are identified by the finding universally unique identifier (UUID), which is unique for each finding.

As opposed to scan findings, asset monitoring findings occur over a period of time indicated by the start and end timetamps. The end timestamp is only specified if the vulnerability stopped appearing. If a vulnerability reoccurs after stopping to appear, it is considered a regression of a previous finding. In this case, a new UUID is assigned to the finding, and a regression UUID identifies the finding for which the new finding is a regression of. You can use also the finding signature for tracking recurring findings.

Findings include basic information such as the title and location of the finding, the direct finding URL, and more complex information:

  • signature: The finding signature, which is a hash of finding information and are the same for recurring findings for the same asset.

  • definition: Generic information about a vulnerability, such as risk and a collection of references for further reading.

  • score: The CVSS score information that contains the CVSS version and vector used to compute the score. Multiple scores can be present for different CVSS versions (e.g. CVSS v2 and v3).

  • OWASP: The OWASP Top 10 classification information based on the year. Multiple scores can be present for different years.

  • CWE: The Common Weakness Enumeration (CWE) identifier of the vulnerability.

  • tags: Provides additional information about the finding and enables categorization. Tags come with type and value, where type refers to the purpose of the tag. Currently supported tag types:

    • New: Indicates that the finding is new and did not appear previously.
    • High/Medium/Low: Marks the finding severity used on the website.
    • Crowdsourced: Indicates that the finding comes from a module implemented from Detectify Crowdsource.
    • Accepted Risk: Marks a finding as accepted risk. Can be added/removed through the website.
    • False Positive: Marks a finding as false positive. Can be added/removed through the website.
    • Patched: Marks a finding as fixed. Can be added/removed through the website.
  • target: Provides information on the target of the vulnerability. The information depends on the type value. Supported types are:

    • Cookie: Indicates a HTTP cookie. Example:

      {
          "uuid": "c063bd03-f4eb-4e66-bb22-425f2f90b1d2",
          "type": "Cookie",
          "version": "1.1",
          "name": "SessionId",
          "value": "7jq7ffrpe251o7rh5sapo079p2",
          "domain": "example.com",
          "path": "/",
          "secure": true,
          "httponly": false,
          "expires": "2018-01-09T09:12:50Z"
      }
    • Domain: Indicates a domain. Example:

      {
          "uuid": "c063bd03-f4eb-4e66-bb22-425f2f90b1d2",
          "type": "Domain",
          "address": "example.com"
      }
    • HTTP: Indicates a HTTP request with complete information on request/response. Example:

      {
          "uuid":"c063bd03-f4eb-4e66-bb22-425f2f90b1d2",
          "type": "HTTP",
          "url": "http://www.example.com/index.html",
          "request_method": "GET",
          "request_version": "1.1",
          "request_headers": [
              {
                  "name": "Accept",
                  "value": "text/html"
              }
          ],
          "request_body": "",
          "request_body_base64": false,
          "response_status_code": 200,
          "response_reason_phrase": "OK",
          "response_version": "1.1",
          "response_headers": [
              {
                  "name": "Transfer-Encoding",
                  "value": "chunked"
              }
          ],
          "response_body": "...",
          "response_body_base64": false,
          "response_encoding": "utf-8"
      }
    • IP: Indicates an IP address and optionally a port number. Example:

      {
          "uuid": "c063bd03-f4eb-4e66-bb22-425f2f90b1d2",
          "type": "IP",
          "address": "1.1.1.1",
          "port": 80
      }
    • URL: Indicates an URL. Example:

      {
          "uuid": "c063bd03-f4eb-4e66-bb22-425f2f90b1d2",
          "type": "URL",
          "url": "http://www.example.com/index.html"
      }

Get findings for asset

GET /rest/v2/domains/5605b488634efe810dff4276e28ca7f9/findings/?severity=&from=1516114800&to=1516119398
Requestsexample 1
Headers
X-Detectify-Key: YourAPIKey
X-Detectify-Signature: YourMessageSignature
X-Detectify-Timestamp: YourTimestamp
Responses200400401403404502503504

OK - Returned asset monitoring findings.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
[
  {
    "uuid": "941c4794-379b-4efd-bccf-21c4f0c034b1",
    "regression_uuid": "b7afade4-d26a-438b-9827-868c2ab13f64",
    "domain_token": "9cf53dabf7e213189c89587db33c9cfa",
    "signature": "52eadaa2-fb97-11e7-8c3f-9a214cf093ae",
    "url": "https://detectify.com/domains/9cf53dabf7e213189c89587db33c9cfa/findings/941c4794-379b-4efd-bccf-21c4f0c034b1/",
    "found_at": "www.example.com",
    "start_timestamp": "2018-01-09T06:18:32Z",
    "end_timestamp": "2018-09-10T16:32:11Z",
    "title": "Cross Site Scripting (XSS)",
    "definition": {
      "uuid": "7fe484a3-0072-43a4-9051-17b02e47e9c8",
      "description": "An attacker can inject JavaScript into the victim's browsers, which will execute under the vulnerable domain.",
      "risk": "An attacker can use this to steal cookies, phishing, tabnabbing etc.",
      "references": [
        {
          "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
          "link": "http://support.detectify.com/customer/en/portal/articles/1711512-cross-site-scripting",
          "name": "REMEDIATION - Detectify Support Center - Cross Site Scripting",
          "source": "Detectify"
        }
      ]
    },
    "score": [
      {
        "version": "2.0",
        "score": "6.4",
        "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"
      }
    ],
    "owasp": [
      {
        "year": "2017",
        "classification": "A7"
      }
    ],
    "details": [
      {
        "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
        "type": "Geography",
        "name": "default, service_provider_host, service_provider_name, service_provider_mail, domain_statistics_seed, domain_statistics_dns, domain_statistics_vhost, domain_statistics_crawler, boolean_based_sql_injection",
        "value": "59.3293° N, 18.0686° E, Sweden (SE), Stockholms län, Stockholm 117 33"
      }
    ],
    "tags": [
      {
        "type": "Tag New",
        "value": "new"
      }
    ],
    "target": {
      "uuid": "c063bd03-f4eb-4e66-bb22-425f2f90b1d2",
      "type": "Domain",
      "address": "example.com"
    }
  }
]
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "array",
  "items": {
    "type": "object",
    "properties": {
      "uuid": {
        "type": "string",
        "enum": [
          "941c4794-379b-4efd-bccf-21c4f0c034b1"
        ],
        "description": "the finding UUID"
      },
      "regression_uuid": {
        "type": "string",
        "enum": [
          "b7afade4-d26a-438b-9827-868c2ab13f64"
        ],
        "description": "the UUID of the finding this is a regression of"
      },
      "domain_token": {
        "type": "string",
        "enum": [
          "9cf53dabf7e213189c89587db33c9cfa"
        ],
        "description": "the domain token"
      },
      "signature": {
        "type": "string",
        "enum": [
          "52eadaa2-fb97-11e7-8c3f-9a214cf093ae"
        ],
        "description": "the finding signature"
      },
      "url": {
        "type": "string",
        "enum": [
          "https://detectify.com/domains/9cf53dabf7e213189c89587db33c9cfa/findings/941c4794-379b-4efd-bccf-21c4f0c034b1/"
        ],
        "description": "the direct URL of the finding"
      },
      "found_at": {
        "type": "string",
        "enum": [
          "www.example.com"
        ],
        "description": "the domain that is affected by the vulnerability"
      },
      "start_timestamp": {
        "type": "string",
        "enum": [
          "2018-01-09T06:18:32Z"
        ],
        "description": "the time when the vulnerability was first found"
      },
      "end_timestamp": {
        "type": "string",
        "enum": [
          "2018-09-10T16:32:11Z"
        ],
        "description": "the time when the vulnerability stopped being found"
      },
      "title": {
        "type": "string",
        "enum": [
          "Cross Site Scripting (XSS)"
        ],
        "description": "the title of the finding"
      },
      "definition": {
        "type": "object",
        "properties": {
          "uuid": {
            "type": "string",
            "enum": [
              "7fe484a3-0072-43a4-9051-17b02e47e9c8"
            ],
            "description": "the unique identifier of the node"
          },
          "description": {
            "type": "string",
            "enum": [
              "An attacker can inject JavaScript into the victim's browsers, which will execute under the vulnerable domain."
            ],
            "description": "the generic description of the finding"
          },
          "risk": {
            "type": "string",
            "enum": [
              "An attacker can use this to steal cookies, phishing, tabnabbing etc."
            ],
            "description": "the possible effect of the vulnerability"
          },
          "references": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "uuid": {
                  "type": "string",
                  "enum": [
                    "b35da650-b671-45ed-9268-8c374b02f924"
                  ],
                  "description": "the unique identifier of the node"
                },
                "link": {
                  "type": "string",
                  "enum": [
                    "http://support.detectify.com/customer/en/portal/articles/1711512-cross-site-scripting"
                  ],
                  "description": "the URL of the reference"
                },
                "name": {
                  "type": "string",
                  "enum": [
                    "REMEDIATION - Detectify Support Center - Cross Site Scripting"
                  ],
                  "description": "the name of the reference"
                },
                "source": {
                  "type": "string",
                  "enum": [
                    "Detectify"
                  ],
                  "description": "the name of the reference source"
                }
              },
              "required": [
                "uuid",
                "link",
                "name",
                "source"
              ],
              "additionalProperties": false
            },
            "description": "a collection of references for further reading"
          }
        },
        "required": [
          "uuid",
          "description",
          "risk",
          "references"
        ],
        "additionalProperties": false,
        "description": "generic information about the vulnerability"
      },
      "score": {
        "type": "array",
        "items": {
          "type": "object",
          "properties": {
            "version": {
              "type": "string",
              "enum": [
                "2.0"
              ],
              "description": "the CVSS version"
            },
            "score": {
              "type": "string",
              "enum": [
                "6.4"
              ],
              "description": "the CVSS score"
            },
            "vector": {
              "type": "string",
              "enum": [
                "AV:N/AC:L/Au:N/C:P/I:P/A:N"
              ],
              "description": "the CVSS vector"
            }
          },
          "required": [
            "version",
            "score",
            "vector"
          ],
          "additionalProperties": false
        },
        "description": "the CVSS scores of the finding"
      },
      "owasp": {
        "type": "array",
        "items": {
          "type": "object",
          "properties": {
            "year": {
              "type": "string",
              "enum": [
                "2017"
              ],
              "description": "the year of the OWASP classification"
            },
            "classification": {
              "type": "string",
              "enum": [
                "A7"
              ],
              "description": "the OWASP classification"
            }
          },
          "required": [
            "year",
            "classification"
          ],
          "additionalProperties": false
        },
        "description": "the OWASP classification of the finding"
      },
      "details": {
        "type": "array",
        "items": {
          "type": "object",
          "properties": {
            "uuid": {
              "type": "string",
              "enum": [
                "b35da650-b671-45ed-9268-8c374b02f924"
              ],
              "description": "the unique identifier of the node"
            },
            "type": {
              "type": "string",
              "enum": [
                "Geography",
                "Graph",
                "HTML",
                "Image",
                "Markdown",
                "Text",
                "Video"
              ],
              "description": "the type of the detail"
            },
            "name": {
              "type": "string",
              "enum": [
                "default, service_provider_host, service_provider_name, service_provider_mail, domain_statistics_seed, domain_statistics_dns, domain_statistics_vhost, domain_statistics_crawler, boolean_based_sql_injection"
              ],
              "description": "the name of the detail"
            },
            "value": {
              "type": "string",
              "enum": [
                "59.3293° N, 18.0686° E, Sweden (SE), Stockholms län, Stockholm 117 33"
              ],
              "description": "the value of the detail"
            }
          },
          "required": [
            "uuid",
            "type",
            "name",
            "value"
          ],
          "additionalProperties": false
        },
        "description": "detailed information on the finding"
      },
      "tags": {
        "type": "array",
        "items": {
          "type": "object",
          "properties": {
            "type": {
              "type": "string",
              "enum": [
                "Tag New"
              ],
              "description": "the type of the tag"
            },
            "value": {
              "type": "string",
              "enum": [
                "new"
              ],
              "description": "the value of the tag"
            }
          },
          "required": [
            "type",
            "value"
          ],
          "additionalProperties": false
        },
        "description": "finding tags"
      },
      "target": {
        "type": "object",
        "properties": {
          "uuid": {
            "type": "string",
            "enum": [
              "c063bd03-f4eb-4e66-bb22-425f2f90b1d2"
            ],
            "description": "the unique identifier of the node"
          },
          "type": {
            "type": "string",
            "enum": [
              "Domain",
              "IP"
            ],
            "description": "the type of the target"
          },
          "address": {
            "type": "string",
            "enum": [
              "example.com"
            ],
            "description": "the domain name or IP address"
          }
        },
        "required": [
          "uuid",
          "type",
          "address"
        ],
        "additionalProperties": false,
        "description": "the target of the finding"
      }
    },
    "required": [
      "uuid",
      "regression_uuid",
      "domain_token",
      "signature",
      "url",
      "found_at",
      "start_timestamp",
      "end_timestamp",
      "title",
      "definition",
      "score",
      "owasp",
      "details",
      "tags",
      "target"
    ],
    "additionalProperties": false
  }
}

Bad Request - One or more parameters are malformed.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Unauthorized - The API key or the message signature is invalid.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Forbidden - The API key cannot access this endpoint.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Not Found - The asset does not exist.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Bad Gateway - The REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Temporary outage within the Detectify infrastructure, possibly due to an upgrade of a Detectify component. Please try again later.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Gateway Timeout - Indicates that the request could not be processed in time, possibly due to overload. Please try again later.

Get findings for asset
GET/rest/v2/domains/{domain_token}/findings/{?severity,from,to}

Returns asset monitoring findings for the asset identified by the domain token. The domain token can be retrieved using Get root assets.

The findings can be filtered based on severity and time interval using the from and to parameters. Time interval values must be specified in ISO 8601 format (encoded when containing UTC offset) or Unix time. The call returns a maximum of two thousand findings starting with the latest report. Please use filtering if the asset contains more. If there are no findings available for the specified parameters, the response contains an empty array.

URI Parameters
HideShow
domain_token
string (required) Example: 5605b488634efe810dff4276e28ca7f9

The domain token.

severity
string (optional) 

Filters the findings based on the finding severity.

Choices: high medium low information

from
string (optional) Example: 1516114800

Filters out the findings occurring before the specified timestamp.

to
string (optional) Example: 1516119398

Filters out the findings occurring after the specified timestamp.


Get finding UUIDs for asset

GET /rest/v2/domains/5605b488634efe810dff4276e28ca7f9/findinguuids/?severity=&from=1516114800&to=1516119398
Requestsexample 1
Headers
X-Detectify-Key: YourAPIKey
X-Detectify-Signature: YourMessageSignature
X-Detectify-Timestamp: YourTimestamp
Responses200400401403404502503504

OK - Returned asset monitoring finding UUIDs.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
[
  "2d98fde5-6c65-4792-83cf-ef90022a8e48"
]

Bad Request - One or more parameters are malformed.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Unauthorized - The API key or the message signature is invalid.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Forbidden - The API key cannot access this endpoint.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Not Found - The asset does not exist.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Bad Gateway - The REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Temporary outage within the Detectify infrastructure, possibly due to an upgrade of a Detectify component. Please try again later.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Gateway Timeout - Indicates that the request could not be processed in time, possibly due to overload. Please try again later.

Get finding UUIDs for asset
GET/rest/v2/domains/{domain_token}/findinguuids/{?severity,from,to}

Returns UUIDs for asset monitoring findings for the asset identified by the domain token. The domain token can be retrieved using Get root assets.

The findings can be filtered based on severity and time interval using the from and to parameters. Time interval values must be specified in ISO 8601 format (encoded when containing UTC offset) or Unix time. If there are no findings available for the specified parameters, the response contains an empty array.

URI Parameters
HideShow
domain_token
string (required) Example: 5605b488634efe810dff4276e28ca7f9

The domain token.

severity
string (optional) 

Filters the findings based on the finding severity.

Choices: high medium low information

from
string (optional) Example: 1516114800

Filters out the findings occurring before the specified timestamp.

to
string (optional) Example: 1516119398

Filters out the findings occurring after the specified timestamp.


Get single finding

GET /rest/v2/domains/5605b488634efe810dff4276e28ca7f9/findings/941c4794-379b-4efd-bccf-21c4f0c034b1/
Requestsexample 1
Headers
X-Detectify-Key: YourAPIKey
X-Detectify-Signature: YourMessageSignature
X-Detectify-Timestamp: YourTimestamp
Responses200400401403404502503504

OK - Returned asset monitoring finding.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "uuid": "941c4794-379b-4efd-bccf-21c4f0c034b1",
  "regression_uuid": "b7afade4-d26a-438b-9827-868c2ab13f64",
  "domain_token": "9cf53dabf7e213189c89587db33c9cfa",
  "signature": "52eadaa2-fb97-11e7-8c3f-9a214cf093ae",
  "url": "https://detectify.com/domains/9cf53dabf7e213189c89587db33c9cfa/findings/941c4794-379b-4efd-bccf-21c4f0c034b1/",
  "found_at": "www.example.com",
  "start_timestamp": "2018-01-09T06:18:32Z",
  "end_timestamp": "2018-09-10T16:32:11Z",
  "title": "Cross Site Scripting (XSS)",
  "definition": {
    "uuid": "7fe484a3-0072-43a4-9051-17b02e47e9c8",
    "description": "An attacker can inject JavaScript into the victim's browsers, which will execute under the vulnerable domain.",
    "risk": "An attacker can use this to steal cookies, phishing, tabnabbing etc.",
    "references": [
      {
        "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
        "link": "http://support.detectify.com/customer/en/portal/articles/1711512-cross-site-scripting",
        "name": "REMEDIATION - Detectify Support Center - Cross Site Scripting",
        "source": "Detectify"
      }
    ]
  },
  "score": [
    {
      "version": "2.0",
      "score": "6.4",
      "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"
    }
  ],
  "owasp": [
    {
      "year": "2017",
      "classification": "A7"
    }
  ],
  "details": [
    {
      "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
      "type": "Geography",
      "name": "default, service_provider_host, service_provider_name, service_provider_mail, domain_statistics_seed, domain_statistics_dns, domain_statistics_vhost, domain_statistics_crawler, boolean_based_sql_injection",
      "value": "59.3293° N, 18.0686° E, Sweden (SE), Stockholms län, Stockholm 117 33"
    }
  ],
  "tags": [
    {
      "type": "Tag New",
      "value": "new"
    }
  ],
  "target": {
    "uuid": "c063bd03-f4eb-4e66-bb22-425f2f90b1d2",
    "type": "Domain",
    "address": "example.com"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "uuid": {
      "type": "string",
      "enum": [
        "941c4794-379b-4efd-bccf-21c4f0c034b1"
      ],
      "description": "the finding UUID"
    },
    "regression_uuid": {
      "type": "string",
      "enum": [
        "b7afade4-d26a-438b-9827-868c2ab13f64"
      ],
      "description": "the UUID of the finding this is a regression of"
    },
    "domain_token": {
      "type": "string",
      "enum": [
        "9cf53dabf7e213189c89587db33c9cfa"
      ],
      "description": "the domain token"
    },
    "signature": {
      "type": "string",
      "enum": [
        "52eadaa2-fb97-11e7-8c3f-9a214cf093ae"
      ],
      "description": "the finding signature"
    },
    "url": {
      "type": "string",
      "enum": [
        "https://detectify.com/domains/9cf53dabf7e213189c89587db33c9cfa/findings/941c4794-379b-4efd-bccf-21c4f0c034b1/"
      ],
      "description": "the direct URL of the finding"
    },
    "found_at": {
      "type": "string",
      "enum": [
        "www.example.com"
      ],
      "description": "the domain that is affected by the vulnerability"
    },
    "start_timestamp": {
      "type": "string",
      "enum": [
        "2018-01-09T06:18:32Z"
      ],
      "description": "the time when the vulnerability was first found"
    },
    "end_timestamp": {
      "type": "string",
      "enum": [
        "2018-09-10T16:32:11Z"
      ],
      "description": "the time when the vulnerability stopped being found"
    },
    "title": {
      "type": "string",
      "enum": [
        "Cross Site Scripting (XSS)"
      ],
      "description": "the title of the finding"
    },
    "definition": {
      "type": "object",
      "properties": {
        "uuid": {
          "type": "string",
          "enum": [
            "7fe484a3-0072-43a4-9051-17b02e47e9c8"
          ],
          "description": "the unique identifier of the node"
        },
        "description": {
          "type": "string",
          "enum": [
            "An attacker can inject JavaScript into the victim's browsers, which will execute under the vulnerable domain."
          ],
          "description": "the generic description of the finding"
        },
        "risk": {
          "type": "string",
          "enum": [
            "An attacker can use this to steal cookies, phishing, tabnabbing etc."
          ],
          "description": "the possible effect of the vulnerability"
        },
        "references": {
          "type": "array",
          "items": {
            "type": "object",
            "properties": {
              "uuid": {
                "type": "string",
                "enum": [
                  "b35da650-b671-45ed-9268-8c374b02f924"
                ],
                "description": "the unique identifier of the node"
              },
              "link": {
                "type": "string",
                "enum": [
                  "http://support.detectify.com/customer/en/portal/articles/1711512-cross-site-scripting"
                ],
                "description": "the URL of the reference"
              },
              "name": {
                "type": "string",
                "enum": [
                  "REMEDIATION - Detectify Support Center - Cross Site Scripting"
                ],
                "description": "the name of the reference"
              },
              "source": {
                "type": "string",
                "enum": [
                  "Detectify"
                ],
                "description": "the name of the reference source"
              }
            },
            "required": [
              "uuid",
              "link",
              "name",
              "source"
            ],
            "additionalProperties": false
          },
          "description": "a collection of references for further reading"
        }
      },
      "required": [
        "uuid",
        "description",
        "risk",
        "references"
      ],
      "additionalProperties": false,
      "description": "generic information about the vulnerability"
    },
    "score": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "version": {
            "type": "string",
            "enum": [
              "2.0"
            ],
            "description": "the CVSS version"
          },
          "score": {
            "type": "string",
            "enum": [
              "6.4"
            ],
            "description": "the CVSS score"
          },
          "vector": {
            "type": "string",
            "enum": [
              "AV:N/AC:L/Au:N/C:P/I:P/A:N"
            ],
            "description": "the CVSS vector"
          }
        },
        "required": [
          "version",
          "score",
          "vector"
        ],
        "additionalProperties": false
      },
      "description": "the CVSS scores of the finding"
    },
    "owasp": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "year": {
            "type": "string",
            "enum": [
              "2017"
            ],
            "description": "the year of the OWASP classification"
          },
          "classification": {
            "type": "string",
            "enum": [
              "A7"
            ],
            "description": "the OWASP classification"
          }
        },
        "required": [
          "year",
          "classification"
        ],
        "additionalProperties": false
      },
      "description": "the OWASP classification of the finding"
    },
    "details": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "uuid": {
            "type": "string",
            "enum": [
              "b35da650-b671-45ed-9268-8c374b02f924"
            ],
            "description": "the unique identifier of the node"
          },
          "type": {
            "type": "string",
            "enum": [
              "Geography",
              "Graph",
              "HTML",
              "Image",
              "Markdown",
              "Text",
              "Video"
            ],
            "description": "the type of the detail"
          },
          "name": {
            "type": "string",
            "enum": [
              "default, service_provider_host, service_provider_name, service_provider_mail, domain_statistics_seed, domain_statistics_dns, domain_statistics_vhost, domain_statistics_crawler, boolean_based_sql_injection"
            ],
            "description": "the name of the detail"
          },
          "value": {
            "type": "string",
            "enum": [
              "59.3293° N, 18.0686° E, Sweden (SE), Stockholms län, Stockholm 117 33"
            ],
            "description": "the value of the detail"
          }
        },
        "required": [
          "uuid",
          "type",
          "name",
          "value"
        ],
        "additionalProperties": false
      },
      "description": "detailed information on the finding"
    },
    "tags": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "type": {
            "type": "string",
            "enum": [
              "Tag New"
            ],
            "description": "the type of the tag"
          },
          "value": {
            "type": "string",
            "enum": [
              "new"
            ],
            "description": "the value of the tag"
          }
        },
        "required": [
          "type",
          "value"
        ],
        "additionalProperties": false
      },
      "description": "finding tags"
    },
    "target": {
      "type": "object",
      "properties": {
        "uuid": {
          "type": "string",
          "enum": [
            "c063bd03-f4eb-4e66-bb22-425f2f90b1d2"
          ],
          "description": "the unique identifier of the node"
        },
        "type": {
          "type": "string",
          "enum": [
            "Domain",
            "IP"
          ],
          "description": "the type of the target"
        },
        "address": {
          "type": "string",
          "enum": [
            "example.com"
          ],
          "description": "the domain name or IP address"
        }
      },
      "required": [
        "uuid",
        "type",
        "address"
      ],
      "additionalProperties": false,
      "description": "the target of the finding"
    }
  },
  "required": [
    "uuid",
    "regression_uuid",
    "domain_token",
    "signature",
    "url",
    "found_at",
    "start_timestamp",
    "end_timestamp",
    "title",
    "definition",
    "score",
    "owasp",
    "details",
    "tags",
    "target"
  ],
  "additionalProperties": false
}

Bad Request - The domain token or the finding UUID is malformed.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Unauthorized - The API key or the message signature is invalid.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Forbidden - The API key cannot access this endpoint.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Not Found - The finding does not exist.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Bad Gateway - The REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Temporary outage within the Detectify infrastructure, possibly due to an upgrade of a Detectify component. Please try again later.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Gateway Timeout - Indicates that the request could not be processed in time, possibly due to overload. Please try again later.

Get single finding
GET/rest/v2/domains/{domain_token}/findings/{finding_UUID}/

Returns a single asset monitoring finding identified by the domain token and finding UUID.

URI Parameters
HideShow
domain_token
string (required) Example: 5605b488634efe810dff4276e28ca7f9

The domain token.

finding_UUID
string (required) Example: 941c4794-379b-4efd-bccf-21c4f0c034b1

The unique identifier of the finding.


Fingerprints

Fingerprints provide information on software discovered on assets via asset monitoring or deep scan. These fingerprints allow Detectify to run specific vulnerability tests related to the technology.

Information on the technology includes the vendor, name, version (when available) and one or more types, which reflects some categorization of the technology. Currently, the following categories are available:

  • hosting-provider: Hosting providers, defined by the owner of the IP-addresses, such as AWS, GCE, Azure, Binero, 000webhost, Wix, …

  • name-provider: Domain registrars, such as GoDaddy, Loopia, Google DNS, Amazon R53, …

  • mail-provider: E-mail providers, such as GSuite (GMail), Outlook, mail.com, …

  • saas: SaaS providers, which may overlap with hosting providers, such as Heroku, AWS S3, CloudFlare, Shopify, …

  • waf: Web application firewalls, such as Incapsula, F5 Big-IP, CloudFlare, Wordfence, mod_security, …

  • server: Web server, such as nginx, Apache, Tomcat, IIS, Caddy, …

  • os: Operating systems, such as Windows, Linux, FreeBSD, …

  • cms: Content management systems, such as WordPress, Drupal, Joomla!, SiteCore, DNN, …

  • db: Database software, such as MySQL, PostgreSQL, MongoDB, ElasticSearch, …

  • js: JavaScript frameworks, such as jQuery, AngularJS, ReactJS, …

  • app: Misc applications that usually live along with web applications, such as RabbitMQ Web UI, Grafana, pprof, phpMyAdmin, CKEditor, Werkzeug, …

  • framework: Frameworks are defined as libraries you build software upon, such as Express, Laravel, Flask, …

  • runtime: The runtime for software, such as .NET Framework, JRE, Node.js, …

  • language: Programming languages, such as PHP, JS, Python, Ruby, C#, …

  • api: Various kinds of API interfaces, such as WSDL, REST/JSON, REST/XML, Graphql, …

  • authentication: Various kinds of authentication standards, such as OAuth 2.0, SAML, Basic auth, …

  • protocol: Various vendor specific application level protocols, such as Apache JServ, Oracle T3, …

  • library: Various software libraries that could be present in customer systems, such as ImageMagick, mod_ssl, …

One or more locations are also provided for the fingerprint, where the technology was found. The location can be specified in different formats. The information depends on the type value. Supported types are:

  • Domain: Indicates a domain. Example:

    {
        "type": "Domain",
        "address": "example.com"
    }
  • IP: Indicates an IP address and optionally a port number. Example:

    {
        "type": "IP",
        "address": "1.1.1.1",
        "port": 80
    }
  • URL: Indicates an URL. Example:

    {
        "type": "URL",
        "url": "http://www.example.com/index.html"
    }

Timestamps are in ISO 8601 format, UTC.

Get fingerprints

GET /rest/v2/fingerprints/c49390bd53c81f8430eed7bf8b44f2a2/?recursive=true
Requestsexample 1
Headers
X-Detectify-Key: YourAPIKey
X-Detectify-Signature: YourMessageSignature
X-Detectify-Timestamp: YourTimestamp
Responses200400401403404502503504

OK - Returned fingerprints.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
[
  {
    "software_vendor": "oracle",
    "software_name": "mysql",
    "software_version": "1.2.3",
    "created": "2018-05-10T11:45:15Z",
    "updated": "2018-05-10T11:55:23Z",
    "confidence": 0.66,
    "types": [
      "db"
    ],
    "found_by": [
      "Deep Scan"
    ],
    "found_at": [
      {
        "type": "Domain",
        "address": "1.1.1.1",
        "port": 80,
        "url": "http://www.example.com/index.html"
      }
    ]
  }
]
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "array",
  "items": {
    "type": "object",
    "properties": {
      "software_vendor": {
        "type": "string",
        "description": "the software vendor"
      },
      "software_name": {
        "type": "string",
        "description": "the software name"
      },
      "software_version": {
        "type": "string",
        "description": "the version of the software, when available"
      },
      "created": {
        "type": "string",
        "description": "the time when the fingerprint was initially found"
      },
      "updated": {
        "type": "string",
        "description": "the time when the fingerprint was last updated"
      },
      "confidence": {
        "type": "number",
        "description": "the confidence of the fingerprint, value between 0 and 1 with 1 indicating maximum confidence"
      },
      "types": {
        "type": "array",
        "items": {
          "type": "string"
        },
        "description": "the types under which the fingerprint is classified"
      },
      "found_by": {
        "type": "array",
        "items": {
          "type": "string"
        },
        "description": "the services that found the fingerprint"
      },
      "found_at": {
        "type": "array",
        "items": {
          "type": "object",
          "properties": {
            "type": {
              "type": "string",
              "enum": [
                "Domain",
                "IP",
                "URL"
              ],
              "description": "the type of the location"
            },
            "address": {
              "type": "string",
              "description": "the domain name or IP address (Domain, IP)"
            },
            "port": {
              "type": "number",
              "description": "the port (IP)"
            },
            "url": {
              "type": "string",
              "description": "the target URL (URL)"
            }
          }
        },
        "description": "the locations where the fingerprint was found"
      }
    }
  }
}

Bad Request - One or more parameters are malformed.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Unauthorized - The API key or the message signature is invalid.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Forbidden - The API key cannot access this functionality.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Not Found - The identifier does not exist.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Bad Gateway - The REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Temporary outage within the Detectify infrastructure, possibly due to an upgrade of a Detectify component. Please try again later.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Gateway Timeout - Indicates that the request could not be processed in time, possibly due to overload. Please try again later.

Get fingerprints
GET/rest/v2/fingerprints/{identifier}/{?recursive}

Only available for Enterprise plan.

Returns fingerprints for an asset based on its identifier, which can be a domain token or an asset UUID. The domain token and asset UUID can be retrieved using Get root assets or Get subdomains. By default, fingerprints for subdomains of the asset are also returned.

URI Parameters
HideShow
identifier
string (required) Example: c49390bd53c81f8430eed7bf8b44f2a2

An identifier which can be either a domain token or an asset UUID.

recursive
boolean (optional) Example: true

Whether or not the fingerprints of subdomains should be returned. The default value is true.


Scan profiles

A scan profile represents the target of a deep scan. Scan profiles are associated with assets and have various settings that influence deep scan behavior.

Scan profiles are identified by the scan profile token.

The scan profile information includes the associated domain token, endpoint, creation time and scan profile status. The scan profile status may be:

  • verified, indicating that the scan profile can be scanned, and no issues occurred during the last scan.

  • unable_to_resolve, indicating that the last scan on the scan profile could not resolve the asset. This indicates that there is no report available for the scan. For more details, see the knowledge base.

  • unable_to_complete, indicating that the last on the scan profile could not complete. This indicates a technical issue occurring during the scan. A partial report is available for the scan, but it may not contain all vulnerabilities.

Manage scan profiles

POST /rest/v2/profiles/
Requestsexample 1
Headers
Content-Type: application/json
X-Detectify-Key: YourAPIKey
X-Detectify-Signature: YourMessageSignature
X-Detectify-Timestamp: YourTimestamp
Body
{
  "domain_token": "9cf53dabf7e213189c89587db33c9cfa",
  "name": "example profile",
  "endpoint": "www.example.com",
  "unique": false,
  "valid": false
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "domain_token": {
      "type": "string",
      "description": "the domain token"
    },
    "name": {
      "type": "string",
      "description": "scan profile name"
    },
    "endpoint": {
      "type": "string",
      "description": "the endpoint of the scan profile, includes host name or IP address and (optional) port number"
    },
    "unique": {
      "type": "boolean",
      "description": "indicates whether the scan profile should be unique for the team"
    },
    "valid": {
      "type": "boolean",
      "description": "indicates whether to validate that the endpoint exists by resolving the host name"
    }
  },
  "required": [
    "endpoint"
  ]
}
Responses201400401403404409412423502503504

Created - Scan profile created.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "name": "example profile",
  "endpoint": "www.example.com",
  "status": "verified",
  "created": "2018-01-10T08:34:15Z",
  "token": "5605b488634efe810dff4276e28ca7f9"
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "name": {
      "type": "string",
      "description": "scan profile name"
    },
    "endpoint": {
      "type": "string",
      "description": "the endpoint of the scan profile, includes host name or IP address and (optional) port number"
    },
    "status": {
      "type": "string",
      "enum": [
        "verified",
        "unverified",
        "unable_to_resolve",
        "unable_to_complete"
      ],
      "description": "indicates the status of the scan profile"
    },
    "created": {
      "type": "string",
      "description": "the timestamp the scan profile was created"
    },
    "token": {
      "type": "string",
      "description": "the scan profile token"
    }
  }
}

Bad Request - The request body is malformed.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Unauthorized - The API key or the message signature is invalid.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Forbidden - The API key cannot access this endpoint.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Not Found - The asset for the specified domain token does not exist.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Conflict - The asset specified by the domain token does not match the scan profile endpoint.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Precondition Failed - The subscription does not allow additional profiles or easy domain verification is not enabled.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Locked - A scan profile already exists with the endpoint.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Bad Gateway - The REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Temporary outage within the Detectify infrastructure, possibly due to an upgrade of a Detectify component. Please try again later.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Gateway Timeout - Indicates that the request could not be processed in time, possibly due to overload. Please try again later.

Add scan profile
POST/rest/v2/profiles/

Only available for Enterprise plan.

Adds a new scan profile using the specified endpoint and name. You can add a scan profile to

  • an existing, verified asset, which is either specified by the domain token or selected based on the endpoint;

  • a non-existing asset (domain or IP address) that is added along with the scan profile, which requires easy domain verification enabled.

If you do not provide the scan profile name, the endpoint will be used as scan profile name. The scan profile can be optionally specified as

  • unique, indicating that the scan profile should only be added if no scan profile exists with the same endpoint;

  • valid, indicating that the scan profile should be validated by resolving the specified endpoint and sending a HTTP GET request. The request is sent to either the port specified in the endpoint or the standard HTTP/HTTPS ports (80/443) with a timeout of 10 seconds.

The call returns information about the newly created scan profile including the generated scan profile token.


GET /rest/v2/profiles/
Requestsexample 1
Headers
X-Detectify-Key: YourAPIKey
X-Detectify-Signature: YourMessageSignature
X-Detectify-Timestamp: YourTimestamp
Responses200401403502503504

OK - Returned scan profiles.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
[
  {
    "name": "example profile",
    "endpoint": "www.example.com",
    "status": "verified",
    "created": "2018-01-10T08:34:15Z",
    "token": "5605b488634efe810dff4276e28ca7f9"
  }
]
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "array",
  "items": {
    "type": "object",
    "properties": {
      "name": {
        "type": "string",
        "description": "scan profile name"
      },
      "endpoint": {
        "type": "string",
        "description": "the endpoint of the scan profile, includes host name or IP address and (optional) port number"
      },
      "status": {
        "type": "string",
        "enum": [
          "verified",
          "unverified",
          "unable_to_resolve",
          "unable_to_complete"
        ],
        "description": "indicates the status of the scan profile"
      },
      "created": {
        "type": "string",
        "description": "the timestamp the scan profile was created"
      },
      "token": {
        "type": "string",
        "description": "the scan profile token"
      }
    }
  }
}

Unauthorized - The API key or the message signature is invalid.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Forbidden - The API key cannot access this endpoint.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Bad Gateway - The REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Temporary outage within the Detectify infrastructure, possibly due to an upgrade of a Detectify component. Please try again later.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Gateway Timeout - Indicates that the request could not be processed in time, possibly due to overload. Please try again later.

Get scan profiles
GET/rest/v2/profiles/

Returns an array of all scan profiles for the team.

If the team has no scan profiles, the response contains an empty array.

Timestamps are in ISO 8601 format, UTC.


GET /rest/v2/profiles/9cf53dabf7e213189c89587db33c9cfa/
Requestsexample 1
Headers
X-Detectify-Key: YourAPIKey
X-Detectify-Signature: YourMessageSignature
X-Detectify-Timestamp: YourTimestamp
Responses200400401403404502503504

OK - Returned scan profiles.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
[
  {
    "name": "example profile",
    "endpoint": "www.example.com",
    "status": "verified",
    "created": "2018-01-10T08:34:15Z",
    "token": "5605b488634efe810dff4276e28ca7f9"
  }
]
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "array",
  "items": {
    "type": "object",
    "properties": {
      "name": {
        "type": "string",
        "description": "scan profile name"
      },
      "endpoint": {
        "type": "string",
        "description": "the endpoint of the scan profile, includes host name or IP address and (optional) port number"
      },
      "status": {
        "type": "string",
        "enum": [
          "verified",
          "unverified",
          "unable_to_resolve",
          "unable_to_complete"
        ],
        "description": "indicates the status of the scan profile"
      },
      "created": {
        "type": "string",
        "description": "the timestamp the scan profile was created"
      },
      "token": {
        "type": "string",
        "description": "the scan profile token"
      }
    }
  }
}

Bad Request - The domain token is malformed.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Unauthorized - The API key or the message signature is invalid.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Forbidden - The API key cannot access this endpoint.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Not Found - The asset does not exist.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Bad Gateway - The REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Temporary outage within the Detectify infrastructure, possibly due to an upgrade of a Detectify component. Please try again later.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Gateway Timeout - Indicates that the request could not be processed in time, possibly due to overload. Please try again later.

Get scan profiles for asset
GET/rest/v2/profiles/{domain_token}/

Returns all scan profiles for the asset identified by the domain token. The domain token can be retrieved using Get root assets.

If the asset has no scan profiles, the response contains an empty array.

Timestamps are in ISO 8601 format, UTC.

URI Parameters
HideShow
domain_token
string (required) Example: 9cf53dabf7e213189c89587db33c9cfa

The domain token.


DELETE /rest/v2/profiles/5605b488634efe810dff4276e28ca7f9/
Requestsexample 1
Headers
X-Detectify-Key: YourAPIKey
X-Detectify-Signature: YourMessageSignature
X-Detectify-Timestamp: YourTimestamp
Responses200400401403502503504

OK - Removed scan profile.

Bad Request - The scan profile token is malformed.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Unauthorized - The API key or the message signature is invalid.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Forbidden - The API key cannot access this endpoint.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Bad Gateway - The REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Temporary outage within the Detectify infrastructure, possibly due to an upgrade of a Detectify component. Please try again later.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Gateway Timeout - Indicates that the request could not be processed in time, possibly due to overload. Please try again later.

Remove scan profile
DELETE/rest/v2/profiles/{scan_profile_token}/

Only available for Enterprise plan.

Removes the scan profile specified by the scan profile token. The scan profile token can be retrieved using Get scan profiles.

URI Parameters
HideShow
scan_profile_token
string (required) Example: 5605b488634efe810dff4276e28ca7f9

The scan profile token.


Manage scan profile settings

GET /rest/v2/profiles/5605b488634efe810dff4276e28ca7f9/settings/
Requestsexample 1
Headers
X-Detectify-Key: YourAPIKey
X-Detectify-Signature: YourMessageSignature
X-Detectify-Timestamp: YourTimestamp
Responses200400401403404502503504

OK - Returned scan profile settings.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "report_lifespan_days": 365,
  "crawl_subdomains": true,
  "blacklisted_subdomains": [
    "shop"
  ],
  "whitelisted_paths": [
    "/secret/path/to/page.php"
  ],
  "blacklisted_paths": [
    "/secret/path/to/page.php"
  ],
  "scan_common_ports": true,
  "whitelisted_ports": [
    80
  ],
  "blacklisted_ports": [
    8080
  ],
  "custom_headers": [
    {
      "name": "special_header",
      "value": "special_value"
    }
  ],
  "custom_cookies": [
    {
      "name": "special_cookie",
      "value": "special_value",
      "secure": true,
      "httponly": false
    }
  ],
  "requests_per_second": 30,
  "basic_auth": {
    "username": "admin",
    "password": "#####"
  },
  "session_cookie": {
    "name": "session_cookie",
    "value": "session_token",
    "secure": true,
    "httponly": true
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "report_lifespan_days": {
      "type": "number",
      "description": "Indicates how many days should we keep the report"
    },
    "crawl_subdomains": {
      "type": "boolean",
      "description": "indicates whether to follow any links we find during crawling to discover subdomains"
    },
    "blacklisted_subdomains": {
      "type": "array",
      "items": {
        "type": "string"
      },
      "description": "The array of subdomains that the scan should avoid"
    },
    "whitelisted_paths": {
      "type": "array",
      "items": {
        "type": "string"
      },
      "description": "The array of paths the scan should include"
    },
    "blacklisted_paths": {
      "type": "array",
      "items": {
        "type": "string"
      },
      "description": "The array of paths the scan should avoid"
    },
    "scan_common_ports": {
      "type": "boolean",
      "description": "indicates whether to scan common HTTP ports"
    },
    "whitelisted_ports": {
      "type": "array",
      "items": {
        "type": "number"
      },
      "description": "The array of ports the scan should include"
    },
    "blacklisted_ports": {
      "type": "array",
      "items": {
        "type": "number"
      },
      "description": "The array of ports the scan should avoid"
    },
    "custom_headers": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "name": {
            "type": "string",
            "description": "the header name"
          },
          "value": {
            "type": "string",
            "description": "the header value"
          }
        }
      },
      "description": "The array of custom headers the deep scan should send with every request"
    },
    "custom_cookies": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "name": {
            "type": "string",
            "description": "the cookie name"
          },
          "value": {
            "type": "string",
            "description": "the cookie value"
          },
          "secure": {
            "type": "boolean",
            "description": "indicates whether the cookie should be secure"
          },
          "httponly": {
            "type": "boolean",
            "description": "indicates whether the cookie should be HttpOnly"
          }
        }
      },
      "description": "The array of custom cookies the deep scan should send with every request"
    },
    "requests_per_second": {
      "type": "number",
      "description": "sets the maximum number of HTTP requests for every second during the scan"
    },
    "basic_auth": {
      "type": "object",
      "properties": {
        "username": {
          "type": "string",
          "description": "the username"
        },
        "password": {
          "type": "string",
          "description": "the password"
        }
      },
      "description": "basic auth credentials to grant the deep scan access to the website"
    },
    "session_cookie": {
      "type": "object",
      "properties": {
        "name": {
          "type": "string",
          "description": "the cookie name"
        },
        "value": {
          "type": "string",
          "description": "the cookie value"
        },
        "secure": {
          "type": "boolean",
          "description": "indicates whether the cookie should be secure"
        },
        "httponly": {
          "type": "boolean",
          "description": "indicates whether the cookie should be HttpOnly"
        }
      },
      "description": "session cookie to grant the deep scan access to the website"
    }
  }
}

Bad Request - The scan profile token is malformed.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Unauthorized - The API key or the message signature is invalid.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Forbidden - The API key cannot access this endpoint.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Not Found - The scan profile does not exist.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Bad Gateway - The REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Temporary outage within the Detectify infrastructure, possibly due to an upgrade of a Detectify component. Please try again later.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Gateway Timeout - Indicates that the request could not be processed in time, possibly due to overload. Please try again later.

Get scan profile settings
GET/rest/v2/profiles/{scan_profile_token}/settings/

Returns settings for the scan profile specified by the scan profile token. The scan profile token can be retrieved using Get scan profiles.

The settings contain the following information:

  • Report lifetime: Indicates how many days should we keep the report.

  • Crawl subdomains: Indicates whether to follow any links we find during crawling to discover subdomains.

  • Blacklisted subdomains: The array of subdomains that the scan should avoid.

  • Whitelisted paths: The array of paths the scan should include.

  • Blacklisted paths: The array of paths the scan should avoid.

  • Scan common ports: Indicates whether to scan common HTTP ports such as 80, 443, 3000.

  • Whitelisted ports: The array of ports the scan should include.

  • Blacklisted ports: The array of ports the scan should avoid.

  • Custom headers: The array of custom headers the deep scan should send with every request.

  • Custom cookies: The array of custom cookies the deep scan should send with every request.

  • Requests per second: Sets the maximum number of HTTP requests for every second during the scan.

  • Basic Auth: Basic auth credentials to grant the deep scan access to the website. For security reasons the password is masked.

  • Session Cookie: Session cookie to grant the deep scan access to the website.

URI Parameters
HideShow
scan_profile_token
string (required) Example: 5605b488634efe810dff4276e28ca7f9

The scan profile token.


PUT /rest/v2/profiles/5605b488634efe810dff4276e28ca7f9/settings/
Requestsexample 1
Headers
Content-Type: application/json
X-Detectify-Key: YourAPIKey
X-Detectify-Signature: YourMessageSignature
X-Detectify-Timestamp: YourTimestamp
Body
{
  "report_lifespan_days": 365,
  "crawl_subdomains": true,
  "blacklisted_subdomains": [
    "shop"
  ],
  "whitelisted_paths": [
    "/secret/path/to/page.php"
  ],
  "blacklisted_paths": [
    "/secret/path/to/page.php"
  ],
  "scan_common_ports": true,
  "whitelisted_ports": [
    80
  ],
  "blacklisted_ports": [
    8080
  ],
  "custom_headers": [
    {
      "name": "special_header",
      "value": "special_value"
    }
  ],
  "custom_cookies": [
    {
      "name": "special_cookie",
      "value": "special_value",
      "secure": true,
      "httponly": false
    }
  ],
  "requests_per_second": 30,
  "basic_auth": {
    "username": "admin",
    "password": "#####"
  },
  "session_cookie": {
    "name": "session_cookie",
    "value": "session_token",
    "secure": true,
    "httponly": true
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "report_lifespan_days": {
      "type": "number",
      "description": "Indicates how many days should we keep the report"
    },
    "crawl_subdomains": {
      "type": "boolean",
      "description": "indicates whether to follow any links we find during crawling to discover subdomains"
    },
    "blacklisted_subdomains": {
      "type": "array",
      "items": {
        "type": "string"
      },
      "description": "The array of subdomains that the scan should avoid"
    },
    "whitelisted_paths": {
      "type": "array",
      "items": {
        "type": "string"
      },
      "description": "The array of paths the scan should include"
    },
    "blacklisted_paths": {
      "type": "array",
      "items": {
        "type": "string"
      },
      "description": "The array of paths the scan should avoid"
    },
    "scan_common_ports": {
      "type": "boolean",
      "description": "indicates whether to scan common HTTP ports"
    },
    "whitelisted_ports": {
      "type": "array",
      "items": {
        "type": "number"
      },
      "description": "The array of ports the scan should include"
    },
    "blacklisted_ports": {
      "type": "array",
      "items": {
        "type": "number"
      },
      "description": "The array of ports the scan should avoid"
    },
    "custom_headers": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "name": {
            "type": "string",
            "description": "the header name"
          },
          "value": {
            "type": "string",
            "description": "the header value"
          }
        }
      },
      "description": "The array of custom headers the deep scan should send with every request"
    },
    "custom_cookies": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "name": {
            "type": "string",
            "description": "the cookie name"
          },
          "value": {
            "type": "string",
            "description": "the cookie value"
          },
          "secure": {
            "type": "boolean",
            "description": "indicates whether the cookie should be secure"
          },
          "httponly": {
            "type": "boolean",
            "description": "indicates whether the cookie should be HttpOnly"
          }
        }
      },
      "description": "The array of custom cookies the deep scan should send with every request"
    },
    "requests_per_second": {
      "type": "number",
      "description": "sets the maximum number of HTTP requests for every second during the scan"
    },
    "basic_auth": {
      "type": "object",
      "properties": {
        "username": {
          "type": "string",
          "description": "the username"
        },
        "password": {
          "type": "string",
          "description": "the password"
        }
      },
      "description": "basic auth credentials to grant the deep scan access to the website"
    },
    "session_cookie": {
      "type": "object",
      "properties": {
        "name": {
          "type": "string",
          "description": "the cookie name"
        },
        "value": {
          "type": "string",
          "description": "the cookie value"
        },
        "secure": {
          "type": "boolean",
          "description": "indicates whether the cookie should be secure"
        },
        "httponly": {
          "type": "boolean",
          "description": "indicates whether the cookie should be HttpOnly"
        }
      },
      "description": "session cookie to grant the deep scan access to the website"
    }
  }
}
Responses200400401403404502503504

OK - Returned scan profile settings.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "report_lifespan_days": 365,
  "crawl_subdomains": true,
  "blacklisted_subdomains": [
    "shop"
  ],
  "whitelisted_paths": [
    "/secret/path/to/page.php"
  ],
  "blacklisted_paths": [
    "/secret/path/to/page.php"
  ],
  "scan_common_ports": true,
  "whitelisted_ports": [
    80
  ],
  "blacklisted_ports": [
    8080
  ],
  "custom_headers": [
    {
      "name": "special_header",
      "value": "special_value"
    }
  ],
  "custom_cookies": [
    {
      "name": "special_cookie",
      "value": "special_value",
      "secure": true,
      "httponly": false
    }
  ],
  "requests_per_second": 30,
  "basic_auth": {
    "username": "admin",
    "password": "#####"
  },
  "session_cookie": {
    "name": "session_cookie",
    "value": "session_token",
    "secure": true,
    "httponly": true
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "report_lifespan_days": {
      "type": "number",
      "description": "Indicates how many days should we keep the report"
    },
    "crawl_subdomains": {
      "type": "boolean",
      "description": "indicates whether to follow any links we find during crawling to discover subdomains"
    },
    "blacklisted_subdomains": {
      "type": "array",
      "items": {
        "type": "string"
      },
      "description": "The array of subdomains that the scan should avoid"
    },
    "whitelisted_paths": {
      "type": "array",
      "items": {
        "type": "string"
      },
      "description": "The array of paths the scan should include"
    },
    "blacklisted_paths": {
      "type": "array",
      "items": {
        "type": "string"
      },
      "description": "The array of paths the scan should avoid"
    },
    "scan_common_ports": {
      "type": "boolean",
      "description": "indicates whether to scan common HTTP ports"
    },
    "whitelisted_ports": {
      "type": "array",
      "items": {
        "type": "number"
      },
      "description": "The array of ports the scan should include"
    },
    "blacklisted_ports": {
      "type": "array",
      "items": {
        "type": "number"
      },
      "description": "The array of ports the scan should avoid"
    },
    "custom_headers": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "name": {
            "type": "string",
            "description": "the header name"
          },
          "value": {
            "type": "string",
            "description": "the header value"
          }
        }
      },
      "description": "The array of custom headers the deep scan should send with every request"
    },
    "custom_cookies": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "name": {
            "type": "string",
            "description": "the cookie name"
          },
          "value": {
            "type": "string",
            "description": "the cookie value"
          },
          "secure": {
            "type": "boolean",
            "description": "indicates whether the cookie should be secure"
          },
          "httponly": {
            "type": "boolean",
            "description": "indicates whether the cookie should be HttpOnly"
          }
        }
      },
      "description": "The array of custom cookies the deep scan should send with every request"
    },
    "requests_per_second": {
      "type": "number",
      "description": "sets the maximum number of HTTP requests for every second during the scan"
    },
    "basic_auth": {
      "type": "object",
      "properties": {
        "username": {
          "type": "string",
          "description": "the username"
        },
        "password": {
          "type": "string",
          "description": "the password"
        }
      },
      "description": "basic auth credentials to grant the deep scan access to the website"
    },
    "session_cookie": {
      "type": "object",
      "properties": {
        "name": {
          "type": "string",
          "description": "the cookie name"
        },
        "value": {
          "type": "string",
          "description": "the cookie value"
        },
        "secure": {
          "type": "boolean",
          "description": "indicates whether the cookie should be secure"
        },
        "httponly": {
          "type": "boolean",
          "description": "indicates whether the cookie should be HttpOnly"
        }
      },
      "description": "session cookie to grant the deep scan access to the website"
    }
  }
}

Bad Request - The scan profile token or the request body is malformed.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Unauthorized - The API key or the message signature is invalid.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Forbidden - The API key cannot access this endpoint.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Not Found - The scan profile does not exist.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Bad Gateway - The REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Temporary outage within the Detectify infrastructure, possibly due to an upgrade of a Detectify component. Please try again later.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Gateway Timeout - Indicates that the request could not be processed in time, possibly due to overload. Please try again later.

Update scan profile settings
PUT/rest/v2/profiles/{scan_profile_token}/settings/

Only available for Enterprise plan.

Updates settings for the scan profile specified by the scan profile token and returns the updated settings. The scan profile token can be retrieved using Get scan profiles.

You can update each value individually by specifying the setting in the request body. The update does not affect settings that are not present in the request body. The maximum allowed request body size is 30 KB. The following information can be updated:

  • Report lifetime: Indicates how many days should we keep the report. The value must be between 7 and 10000 days. Send 0 to reset the value to the global report lifetime.

  • Crawl subdomains: Indicates whether to follow any links we find during crawling to discover subdomains.

  • Blacklisted subdomains: The array of subdomains that the scan should avoid. The list should only contain the subdomain part, e.g., blog instead of blog.example.com. To remove all blacklisted domains send an empty array.

  • Whitelisted paths: The array of paths the scan should include. The list should only the relative path of the URL, e.g., /secret/path/of/page.php instead of https://www.example.com/secret/path/of/page.php. To remove all whitelisted paths send an empty array.

  • Blacklisted paths: The array of paths the scan should avoid. The list should only the relative path of the URL, e.g., /secret/path/of/page.php instead of https://www.example.com/secret/path/of/page.php. To remove all blacklisted paths send an empty array.

  • Scan common ports: Indicates whether to scan common HTTP ports such as 80, 443, 3000.

  • Whitelisted ports: The array of ports the scan should include. To remove all whitelisted ports send an empty array.

  • Blacklisted ports: The array of ports the scan should avoid. To remove all blacklisted ports send an empty array.

  • Custom headers: The array of custom headers the deep scan should send with every request. Headers must have specified name and value. To remove all custom headers send an empty array.

  • Custom cookies: The array of custom cookies the deep scan should send with every request. Cookies must have specified name and value with optional secure and HttpOnly flags. To remove all custom cookies send an empty array.

  • Requests per second: Sets the maximum number of HTTP requests for every second during the scan. The value must be between 5 and 1000. Send 0 for unlimited number of requests per second.

  • Basic Auth: Basic auth credentials (username/password) to grant the deep scan access to the website. To remove basic auth credentials send empty username and password.

  • Session Cookie: Session cookie to grant the deep scan access to the website. The cookie must have specified name and value with optional secure and HttpOnly flags. To remove session cookie send empty name and value.

Examples:

  • Add or update whitelisted/blacklisted paths:

    {
        "whitelisted_paths": [ "/scan/path1", "/scan/path2" ],
        "blacklisted_paths": [ "/dont/scan/" ],
    }
  • Add or update basic auth:

    {
        "basic_auth": { "username": "admin", "password": "admin" }
    }
  • Disable crawl subdomains and reset requests per second to unlimited:

    {
        "crawl_subdomains": false,
        "requests_per_second": 0,
    }
  • Add or update custom headers, remove all blacklisted paths and basic auth:

    {
        "custom_headers": [{
            "name": "special_header",
            "value": "special_value"
        }],
        "blacklisted_paths": [],
        "basic_auth": { "username": "", "password": "" }
    }
URI Parameters
HideShow
scan_profile_token
string (required) Example: 5605b488634efe810dff4276e28ca7f9

The scan profile token.


Deep scan

Deep scan functionality includes executing scans, retrieving scan status and managing scan schedules. You can manage scans through scan profiles, which contains the settings for the scan. You can only execute scans on verified assets, and only one scan per scan profile can run at a time.

For optimization purposes, starting/stopping queries only requests the specified operation to be executed, and therefore scans might be delayed by a few minutes.

Execute scans

POST /rest/v2/scans/5605b488634efe810dff4276e28ca7f9/
Requestsexample 1
Headers
X-Detectify-Key: YourAPIKey
X-Detectify-Signature: YourMessageSignature
X-Detectify-Timestamp: YourTimestamp
Responses202400401403404409423502503504

Accepted - Scan start request accepted.

Bad Request - The scan profile token is malformed.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Unauthorized - The API key or the message signature is invalid.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Forbidden - The API key cannot access this endpoint.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Not Found - The scan profile does not exist.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Conflict - A scan is already running on the specified profile.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Locked - The scan profile is deactivated.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Bad Gateway - The REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Temporary outage within the Detectify infrastructure, possibly due to an upgrade of a Detectify component. Please try again later.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Gateway Timeout - Indicates that the request could not be processed in time, possibly due to overload. Please try again later.

Start scan
POST/rest/v2/scans/{scan_profile_token}/

Requests to start a new deep scan for the scan profile identified by the scan profile token. The scan profile token can be retrieved using Get scan profiles.

The request sets the scan to starting phase, and the infrastructure starts the scan within a few minutes. You can only execute scans on verified assets, and only one scan per scan profile can run at a time. To validate whether the scan started, use Get scan status.

URI Parameters
HideShow
scan_profile_token
string (required) Example: 5605b488634efe810dff4276e28ca7f9

The scan profile token.


DELETE /rest/v2/scans/5605b488634efe810dff4276e28ca7f9/
Requestsexample 1
Headers
X-Detectify-Key: YourAPIKey
X-Detectify-Signature: YourMessageSignature
X-Detectify-Timestamp: YourTimestamp
Responses202400401403404502503504

Accepted - Scan stop request accepted.

Bad Request - The scan profile token is malformed.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Unauthorized - The API key or the message signature is invalid.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Forbidden - The API key cannot access this endpoint.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Not Found - The scan profile does not exist.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Bad Gateway - The REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Temporary outage within the Detectify infrastructure, possibly due to an upgrade of a Detectify component. Please try again later.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Gateway Timeout - The request could not be processed in time possibility due to overload. Please try again later.

Stop scan
DELETE/rest/v2/scans/{scan_profile_token}/

Requests stopping the deep scan currently running on the scan profile identified by the scan profile token. The scan profile token can be retrieved using Get scan profiles.

The request sets the scan to stopping phase, and is stopped by the infrastructure within a few minutes. To validate whether the scan stopped, use Get scan status.

URI Parameters
HideShow
scan_profile_token
string (required) Example: 5605b488634efe810dff4276e28ca7f9

The scan profile token.


GET /rest/v2/scans/5605b488634efe810dff4276e28ca7f9/
Requestsexample 1
Headers
X-Detectify-Key: YourAPIKey
X-Detectify-Signature: YourMessageSignature
X-Detectify-Timestamp: YourTimestamp
Responses200400401404502503504

OK - Returned scan status.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "scan_profile_token": "5605b488634efe810dff4276e28ca7f9",
  "created": "2018-01-10T08:34:15Z",
  "started": "2018-01-16T16:01:38Z",
  "phase": "starting",
  "state": "starting"
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "scan_profile_token": {
      "type": "string",
      "description": "the token of the scan profile"
    },
    "created": {
      "type": "string",
      "description": "the timestamp the scan was created"
    },
    "started": {
      "type": "string",
      "description": "the timestamp the scan started"
    },
    "phase": {
      "type": "string",
      "enum": [
        "starting",
        "information_gathering",
        "crawling",
        "information_analysis",
        "fingerprinting",
        "exploitation",
        "finalization",
        "stopping"
      ],
      "description": "the scanning phase"
    },
    "state": {
      "type": "string",
      "enum": [
        "starting",
        "running",
        "stopping",
        "stopped",
        "unable_to_resolve",
        "unable_to_complete"
      ],
      "description": "the scanning state"
    }
  }
}

Bad Request - The scan profile token is malformed.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Unauthorized - The API key or the message signature is invalid.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Not Found - The scan profile does not exist.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Bad Gateway - The REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Temporary outage within the Detectify infrastructure, possibly due to an upgrade of a Detectify component. Please try again later.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Gateway Timeout - Indicates that the request could not be processed in time, possibly due to overload. Please try again later.

Get scan status
GET/rest/v2/scans/{scan_profile_token}/

Retrieves the status of the deep scan currently running on the scan profile identified by the scan profile token. The status contains basic information, such as scanning phase and general status on whether the scan is running. The scan profile token can be retrieved using Get scan profiles.

If there is no scan running on the profile and

  • the last scan succeeded or no scans were executed previously, stopped status is returned (without times and phase).

  • the last scan was unable to start, unable_to_resolve status is returned (without times and phase). This indicates that we could not resolve the asset from our environment. This indicates that there is no report available for the scan. For more details, see the knowledge base.

  • the last scan was unable to complete, unable_to_complete status is returned (without times and phase). This indicates a technical issue occurring during the scan. A partial report is available for the scan, but it may not contain all vulnerabilities.

Timestamps are in ISO 8601 format, UTC.

URI Parameters
HideShow
scan_profile_token
string (required) Example: 5605b488634efe810dff4276e28ca7f9

The scan profile token.


Schedule scans

POST /rest/v2/scanschedules/5605b488634efe810dff4276e28ca7f9/
Requestsexample 1
Headers
Content-Type: application/json
X-Detectify-Key: YourAPIKey
X-Detectify-Signature: YourMessageSignature
X-Detectify-Timestamp: YourTimestamp
Body
{
  "frequency": "once",
  "start": "2018-01-10T08:34:15Z"
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "frequency": {
      "type": "string",
      "enum": [
        "once",
        "daily",
        "weekly",
        "biweekly",
        "monthly"
      ],
      "description": "the scanning frequency"
    },
    "start": {
      "type": "string",
      "description": "the starting timestamp of the schedule"
    }
  },
  "required": [
    "frequency"
  ]
}
Responses200400401403404423502503504

OK - Scan schedule set.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "scan_profile_token": "5605b488634efe810dff4276e28ca7f9",
  "frequency": "once",
  "first_scan": "2018-01-10T08:34:15Z",
  "next_scan": "2018-01-11T08:34:15Z"
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "scan_profile_token": {
      "type": "string",
      "description": "the token of the scan profile"
    },
    "frequency": {
      "type": "string",
      "enum": [
        "once",
        "daily",
        "weekly",
        "biweekly",
        "monthly",
        "never"
      ],
      "description": "the scanning frequency"
    },
    "first_scan": {
      "type": "string",
      "description": "the timestamp of the first scan"
    },
    "next_scan": {
      "type": "string",
      "description": "the timestamp of the next scan"
    }
  }
}

Bad Request - The scan profile token or the request body is malformed.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Unauthorized - The API key or the message signature is invalid.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Forbidden - The API key cannot access this endpoint.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Not Found - The scan profile does not exist.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Locked - The asset is not verified.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Bad Gateway - The REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Temporary outage within the Detectify infrastructure, possibly due to an upgrade of a Detectify component. Please try again later.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Gateway Timeout - Indicates that the request could not be processed in time, possibly due to overload. Please try again later.

Set scan schedule
POST/rest/v2/scanschedules/{scan_profile_token}/

Only available for Enterprise plan.

Sets a scan schedule for the scan profile identified by the scan profile token and returns information on the schedule, such as the timestamp for the first and next scans. The scan profile token can be retrieved using Get scan profiles.

For scheduling, the frequency must be set, which can be once for a single scan or daily, weekly, biweekly or monthly for recurring scans. Optionally, a starting timestamp for the schedule can be specified. Starting timestamp must be specified in ISO 8601 format (encoded when containing UTC offset) or Unix time.

If no starting timestamp is specified, the current timestamp is taken, which results in an instant scan start. If schedule already existed for the specified scan profile, it is overwritten. Timestamps are in ISO 8601 format, UTC.

URI Parameters
HideShow
scan_profile_token
string (required) Example: 5605b488634efe810dff4276e28ca7f9

The scan profile token.


GET /rest/v2/scanschedules/5605b488634efe810dff4276e28ca7f9/
Requestsexample 1
Headers
X-Detectify-Key: YourAPIKey
X-Detectify-Signature: YourMessageSignature
X-Detectify-Timestamp: YourTimestamp
Responses200400401403404502503504

OK - Returned scan schedule.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "scan_profile_token": "5605b488634efe810dff4276e28ca7f9",
  "frequency": "once",
  "first_scan": "2018-01-10T08:34:15Z",
  "next_scan": "2018-01-11T08:34:15Z"
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "scan_profile_token": {
      "type": "string",
      "description": "the token of the scan profile"
    },
    "frequency": {
      "type": "string",
      "enum": [
        "once",
        "daily",
        "weekly",
        "biweekly",
        "monthly",
        "never"
      ],
      "description": "the scanning frequency"
    },
    "first_scan": {
      "type": "string",
      "description": "the timestamp of the first scan"
    },
    "next_scan": {
      "type": "string",
      "description": "the timestamp of the next scan"
    }
  }
}

Bad Request - The scan profile token is malformed.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Unauthorized - The API key or the message signature is invalid.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Forbidden - The API key cannot access this endpoint.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Not Found - The scan profile does not exist.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Bad Gateway - The REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Temporary outage within the Detectify infrastructure, possibly due to an upgrade of a Detectify component. Please try again later.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Gateway Timeout - Indicates that the request could not be processed in time, possibly due to overload. Please try again later.

Get scan schedule
GET/rest/v2/scanschedules/{scan_profile_token}/

Only available for Enterprise plan.

Retrieves scan schedule information on the scan profile identified by the scan profile token, such as frequency and timestamps for the first and next scans. If there is no scan scheduled for the specified profile, schedule information with never frequency is returned without timestamps. The scan profile token can be retrieved using Get scan profiles.

Timestamps are in ISO 8601 format, UTC.

URI Parameters
HideShow
scan_profile_token
string (required) Example: 5605b488634efe810dff4276e28ca7f9

The scan profile token.


DELETE /rest/v2/scanschedules/5605b488634efe810dff4276e28ca7f9/
Requestsexample 1
Headers
X-Detectify-Key: YourAPIKey
X-Detectify-Signature: YourMessageSignature
X-Detectify-Timestamp: YourTimestamp
Responses200400401403502503504

OK - Removed scan schedule.

Bad Request - The scan profile token is malformed.

Headers
Content-Type: application/json
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Unauthorized - The API key or the message signature is invalid.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Forbidden - The API key cannot access this endpoint.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Bad Gateway - The REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Temporary outage within the Detectify infrastructure, possibly due to an upgrade of a Detectify component. Please try again later.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Gateway Timeout - The request could not be processed in time possibility due to overload. Please try again later.

Remove scan schedule
DELETE/rest/v2/scanschedules/{scan_profile_token}/

Only available for Enterprise plan.

Removes scan schedule on the scan profile identified by the scan profile token. The scan profile token can be retrieved using Get scan profiles.

URI Parameters
HideShow
scan_profile_token
string (required) Example: 5605b488634efe810dff4276e28ca7f9

The scan profile token.


Deep scan reports

Reports present the result of a deep scan and are created at the instance a scan starts. Therefore, the latest report for a scan profile may be partial and can receive updates until the scan has finished.

Reports are identified by the report token.

Reports are presented at four levels:

  • basic report information contains only the report token and creation time;

  • report summary contains generic information, such as the report URL, overall CVSS score, scan start/stop times and the number of findings at different threat levels;

  • detailed report summary contains the report summary and the UUIDs for findings, which can be used to retrieve finding information;

  • full report contains the report summary and information on findings.

For convenience, queries for reports containing findings have additional filtering options. However, filters do not affect the information in the report summary.

Get reports for scan profile

GET /rest/v2/reports/5605b488634efe810dff4276e28ca7f9/?from=1516114800&to=1516119398
Requestsexample 1
Headers
X-Detectify-Key: YourAPIKey
X-Detectify-Signature: YourMessageSignature
X-Detectify-Timestamp: YourTimestamp
Responses200400401403404502503504

OK - Returned reports.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
[
  {
    "token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
    "created": "2018-01-09T06:07:12Z"
  }
]
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "array",
  "items": {
    "type": "object",
    "properties": {
      "token": {
        "type": "string",
        "description": "the report token"
      },
      "created": {
        "type": "string",
        "description": "the time the report was created"
      }
    }
  }
}

Bad Request - One or more parameters are malformed.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Unauthorized - The API key or the message signature is invalid.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Forbidden - The API key cannot access this endpoint.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Not Found - The scan profile does not exist.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Bad Gateway - The REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Temporary outage within the Detectify infrastructure, possibly due to an upgrade of a Detectify component. Please try again later.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Gateway Timeout - Indicates that the request could not be processed in time, possibly due to overload. Please try again later.

Get reports for scan profile
GET/rest/v2/reports/{scan_profile_token}/{?from,to}

Returns report tokens and creation times for the scan profile identified by the scan profile token. The scan profile token can be retrieved using Get scan profiles.

You can filter the results for a time interval using the from and to parameters, which must be specified in ISO 8601 format (encoded when containing UTC offset) or Unix time. If there are no reports available for the specified parameters, the response contains an empty array.

Timestamps are in ISO 8601 format, UTC.

URI Parameters
HideShow
scan_profile_token
string (required) Example: 5605b488634efe810dff4276e28ca7f9

The scan profile token.

from
string (optional) Example: 1516114800

Filters the reports created before the specified timestamp.

to
string (optional) Example: 1516119398

Filters the reports created after the specified timestamp.


Get single report

GET /rest/v2/reports/5605b488634efe810dff4276e28ca7f9/60a0fae258d2c952765e81054929c8e6a6fdbdf77/
Requestsexample 1
Headers
X-Detectify-Key: YourAPIKey
X-Detectify-Signature: YourMessageSignature
X-Detectify-Timestamp: YourTimestamp
Responses200400401403404502503504

OK - Returned report.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
  "scan_profile_token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
  "scan_profile_name": "example profile",
  "created": "2018-01-09T06:07:12Z",
  "started": "2018-01-09T06:07:32Z",
  "stopped": "2018-01-09T17:13:52Z",
  "url": "https://detectify.com/report/5605b488634efe810dff4276e28ca7f9/60a0fae258d2c952765e81054929c8e6a6fdbdf77/",
  "cvss": 9.3,
  "high_level_findings": 4,
  "medium_level_findings": 7,
  "low_level_findings": 11,
  "information_findings": 18
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "token": {
      "type": "string",
      "description": "the report token"
    },
    "scan_profile_token": {
      "type": "string",
      "description": "the scan profile token"
    },
    "scan_profile_name": {
      "type": "string",
      "description": "the name of the scan profile"
    },
    "created": {
      "type": "string",
      "description": "the time the report was created"
    },
    "started": {
      "type": "string",
      "description": "the time the scan started"
    },
    "stopped": {
      "type": "string",
      "description": "the time the scan stopped"
    },
    "url": {
      "type": "string",
      "description": "the direct URL of the report"
    },
    "cvss": {
      "type": "number",
      "description": "the overall CVSS score of the report"
    },
    "high_level_findings": {
      "type": "number",
      "description": "the number of high level vulnerabilities"
    },
    "medium_level_findings": {
      "type": "number",
      "description": "the number of medium level vulnerabilities"
    },
    "low_level_findings": {
      "type": "number",
      "description": "the number of low level vulnerabilities"
    },
    "information_findings": {
      "type": "number",
      "description": "the number of information findings"
    }
  }
}

Bad Request - One or more parameters are malformed.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Unauthorized - The API key or the message signature is invalid.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Forbidden - The API key cannot access this endpoint.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Not Found - The report does not exist.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Bad Gateway - The REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Temporary outage within the Detectify infrastructure, possibly due to an upgrade of a Detectify component. Please try again later.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Gateway Timeout - Indicates that the request could not be processed in time, possibly due to overload. Please try again later.

Get single report
GET/rest/v2/reports/{scan_profile_token}/{report_token}/

Returns the report summary for the report identified by the scan profile token and report token.

Timestamps are in ISO 8601 format, UTC.

URI Parameters
HideShow
scan_profile_token
string (required) Example: 5605b488634efe810dff4276e28ca7f9

The scan profile token.

report_token
string (required) Example: 60a0fae258d2c952765e81054929c8e6a6fdbdf77

The report token.


Get latest report

GET /rest/v2/reports/5605b488634efe810dff4276e28ca7f9/latest/
Requestsexample 1
Headers
X-Detectify-Key: YourAPIKey
X-Detectify-Signature: YourMessageSignature
X-Detectify-Timestamp: YourTimestamp
Responses200400401403404502503504

OK - Returned report.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
  "scan_profile_token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
  "scan_profile_name": "example profile",
  "created": "2018-01-09T06:07:12Z",
  "started": "2018-01-09T06:07:32Z",
  "stopped": "2018-01-09T17:13:52Z",
  "url": "https://detectify.com/report/5605b488634efe810dff4276e28ca7f9/60a0fae258d2c952765e81054929c8e6a6fdbdf77/",
  "cvss": 9.3,
  "high_level_findings": 4,
  "medium_level_findings": 7,
  "low_level_findings": 11,
  "information_findings": 18
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "token": {
      "type": "string",
      "description": "the report token"
    },
    "scan_profile_token": {
      "type": "string",
      "description": "the scan profile token"
    },
    "scan_profile_name": {
      "type": "string",
      "description": "the name of the scan profile"
    },
    "created": {
      "type": "string",
      "description": "the time the report was created"
    },
    "started": {
      "type": "string",
      "description": "the time the scan started"
    },
    "stopped": {
      "type": "string",
      "description": "the time the scan stopped"
    },
    "url": {
      "type": "string",
      "description": "the direct URL of the report"
    },
    "cvss": {
      "type": "number",
      "description": "the overall CVSS score of the report"
    },
    "high_level_findings": {
      "type": "number",
      "description": "the number of high level vulnerabilities"
    },
    "medium_level_findings": {
      "type": "number",
      "description": "the number of medium level vulnerabilities"
    },
    "low_level_findings": {
      "type": "number",
      "description": "the number of low level vulnerabilities"
    },
    "information_findings": {
      "type": "number",
      "description": "the number of information findings"
    }
  }
}

Bad Request - The scan profile token is malformed.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Unauthorized - The API key or the message signature is invalid.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Forbidden - The API key cannot access this endpoint.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Not Found - The report does not exist.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Bad Gateway - The REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Temporary outage within the Detectify infrastructure, possibly due to an upgrade of a Detectify component. Please try again later.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Gateway Timeout - Indicates that the request could not be processed in time, possibly due to overload. Please try again later.

Get latest report
GET/rest/v2/reports/{scan_profile_token}/latest/

Returns the report summary for the latest report for the scan profile identified by the scan profile token. The scan profile token can be retrieved using Get scan profiles.

If there is no scan running for the profile, the response contains the report for the last scan; otherwise, the (partial) report for the ongoing scan.

Timestamps are in ISO 8601 format, UTC.

URI Parameters
HideShow
scan_profile_token
string (required) Example: 5605b488634efe810dff4276e28ca7f9

The scan profile token.


Get single detailed report

GET /rest/v2/detailedreports/5605b488634efe810dff4276e28ca7f9/60a0fae258d2c952765e81054929c8e6a6fdbdf77/?severity=&from=1516114800&to=1516119398
Requestsexample 1
Headers
X-Detectify-Key: YourAPIKey
X-Detectify-Signature: YourMessageSignature
X-Detectify-Timestamp: YourTimestamp
Responses200400401403404502503504

OK - Returned report.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
  "scan_profile_token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
  "scan_profile_name": "example profile",
  "created": "2018-01-09T06:07:12Z",
  "started": "2018-01-09T06:07:32Z",
  "stopped": "2018-01-09T17:13:52Z",
  "url": "https://detectify.com/report/5605b488634efe810dff4276e28ca7f9/60a0fae258d2c952765e81054929c8e6a6fdbdf77/",
  "cvss": 9.3,
  "high_level_findings": 4,
  "medium_level_findings": 7,
  "low_level_findings": 11,
  "information_findings": 18,
  "findings": [
    "941c4794-379b-4efd-bccf-21c4f0c034b1"
  ]
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "token": {
      "type": "string",
      "description": "the report token"
    },
    "scan_profile_token": {
      "type": "string",
      "description": "the scan profile token"
    },
    "scan_profile_name": {
      "type": "string",
      "description": "the name of the scan profile"
    },
    "created": {
      "type": "string",
      "description": "the time the report was created"
    },
    "started": {
      "type": "string",
      "description": "the time the scan started"
    },
    "stopped": {
      "type": "string",
      "description": "the time the scan stopped"
    },
    "url": {
      "type": "string",
      "description": "the direct URL of the report"
    },
    "cvss": {
      "type": "number",
      "description": "the overall CVSS score of the report"
    },
    "high_level_findings": {
      "type": "number",
      "description": "the number of high level vulnerabilities"
    },
    "medium_level_findings": {
      "type": "number",
      "description": "the number of medium level vulnerabilities"
    },
    "low_level_findings": {
      "type": "number",
      "description": "the number of low level vulnerabilities"
    },
    "information_findings": {
      "type": "number",
      "description": "the number of information findings"
    },
    "findings": {
      "type": "array",
      "items": {
        "type": "string"
      },
      "description": "the finding UUIDs"
    }
  }
}

Bad Request - One or more parameters are malformed.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Unauthorized - The API key or the message signature is invalid.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Forbidden - The API key cannot access this endpoint.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Not Found - The report does not exist.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Bad Gateway - The REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Temporary outage within the Detectify infrastructure, possibly due to an upgrade of a Detectify component. Please try again later.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Gateway Timeout - Indicates that the request could not be processed in time, possibly due to overload. Please try again later.

Get single detailed report
GET/rest/v2/detailedreports/{scan_profile_token}/{report_token}/{?severity,from,to}

Only available for Enterprise plan.

Returns the detailed report summary of the latest report for the scan profile identified by the scan profile token and report token.

The detailed report includes the collection of finding UUIDs above the report summary to identify findings within the report. The findings within the report can be filtered based on severity and time interval using the from and to parameters. Time interval values must be specified in ISO 8601 format (encoded when containing UTC offset) or Unix time.

Timestamps are in ISO 8601 format, UTC.

URI Parameters
HideShow
scan_profile_token
string (required) Example: 5605b488634efe810dff4276e28ca7f9

The scan profile token.

report_token
string (required) Example: 60a0fae258d2c952765e81054929c8e6a6fdbdf77

The report token.

severity
string (optional) 

Filters the findings based on the finding severity.

Choices: high medium low information

from
string (optional) Example: 1516114800

Filters the last updated findings before the specified timestamp.

to
string (optional) Example: 1516119398

Filters the last updated findings after the specified timestamp.


Get latest detailed report

GET /rest/v2/detailedreports/5605b488634efe810dff4276e28ca7f9/latest/?severity=&from=1516114800&to=1516119398
Requestsexample 1
Headers
X-Detectify-Key: YourAPIKey
X-Detectify-Signature: YourMessageSignature
X-Detectify-Timestamp: YourTimestamp
Responses200400401403404502503504

OK - Returned report.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
  "scan_profile_token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
  "scan_profile_name": "example profile",
  "created": "2018-01-09T06:07:12Z",
  "started": "2018-01-09T06:07:32Z",
  "stopped": "2018-01-09T17:13:52Z",
  "url": "https://detectify.com/report/5605b488634efe810dff4276e28ca7f9/60a0fae258d2c952765e81054929c8e6a6fdbdf77/",
  "cvss": 9.3,
  "high_level_findings": 4,
  "medium_level_findings": 7,
  "low_level_findings": 11,
  "information_findings": 18,
  "findings": [
    "941c4794-379b-4efd-bccf-21c4f0c034b1"
  ]
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "token": {
      "type": "string",
      "description": "the report token"
    },
    "scan_profile_token": {
      "type": "string",
      "description": "the scan profile token"
    },
    "scan_profile_name": {
      "type": "string",
      "description": "the name of the scan profile"
    },
    "created": {
      "type": "string",
      "description": "the time the report was created"
    },
    "started": {
      "type": "string",
      "description": "the time the scan started"
    },
    "stopped": {
      "type": "string",
      "description": "the time the scan stopped"
    },
    "url": {
      "type": "string",
      "description": "the direct URL of the report"
    },
    "cvss": {
      "type": "number",
      "description": "the overall CVSS score of the report"
    },
    "high_level_findings": {
      "type": "number",
      "description": "the number of high level vulnerabilities"
    },
    "medium_level_findings": {
      "type": "number",
      "description": "the number of medium level vulnerabilities"
    },
    "low_level_findings": {
      "type": "number",
      "description": "the number of low level vulnerabilities"
    },
    "information_findings": {
      "type": "number",
      "description": "the number of information findings"
    },
    "findings": {
      "type": "array",
      "items": {
        "type": "string"
      },
      "description": "the finding UUIDs"
    }
  }
}

Bad Request - One or more parameters are malformed.

Headers
Content-Type: application/json
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Unauthorized - The API key or the message signature is invalid.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Forbidden - The API key cannot access this endpoint.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Not Found - The report does not exist.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Bad Gateway - The REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Temporary outage within the Detectify infrastructure, possibly due to an upgrade of a Detectify component. Please try again later.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Gateway Timeout - Indicates that the request could not be processed in time, possibly due to overload. Please try again later.

Get latest detailed report
GET/rest/v2/detailedreports/{scan_profile_token}/latest/{?severity,from,to}

Only available for Enterprise plan.

Returns the detailed report summary for the latest report for the scan profile identified by the scan profile token. The scan profile token can be retrieved using Get scan profiles.

If there is no scan running for the profile, the response contains the report for the last scan; otherwise, the (partial) report for the ongoing scan. The detailed report includes the collection of finding UUIDs above the report summary to identify findings within the report. The findings within the report can be filtered based on severity and time interval using the from and to parameters. Time interval values must be specified in ISO 8601 format (encoded when containing UTC offset) or Unix time.

Timestamps are in ISO 8601 format, UTC.

URI Parameters
HideShow
scan_profile_token
string (required) Example: 5605b488634efe810dff4276e28ca7f9

The scan profile token.

severity
string (optional) 

Filters the findings based on the finding severity.

Choices: high medium low information

from
string (optional) Example: 1516114800

Filters the last updated findings before the specified timestamp.

to
string (optional) Example: 1516119398

Filters the last updated findings after the specified timestamp.


Get single full report

GET /rest/v2/fullreports/5605b488634efe810dff4276e28ca7f9/60a0fae258d2c952765e81054929c8e6a6fdbdf77/?severity=&from=1516114800&to=1516119398
Requestsexample 1
Headers
X-Detectify-Key: YourAPIKey
X-Detectify-Signature: YourMessageSignature
X-Detectify-Timestamp: YourTimestamp
Responses200400401403404502503504

OK - Returned report.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
  "scan_profile_token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
  "scan_profile_name": "example profile",
  "created": "2018-01-09T06:07:12Z",
  "started": "2018-01-09T06:07:32Z",
  "stopped": "2018-01-09T17:13:52Z",
  "url": "https://detectify.com/report/5605b488634efe810dff4276e28ca7f9/60a0fae258d2c952765e81054929c8e6a6fdbdf77/",
  "cvss": 9.3,
  "high_level_findings": 4,
  "medium_level_findings": 7,
  "low_level_findings": 11,
  "information_findings": 18,
  "findings": [
    {
      "uuid": "941c4794-379b-4efd-bccf-21c4f0c034b1",
      "report_token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
      "scan_profile_token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
      "signature": "52eadaa2-fb97-11e7-8c3f-9a214cf093ae",
      "url": "https://detectify.com/report/5605b488634efe810dff4276e28ca7f9/60a0fae258d2c952765e81054929c8e6a6fdbdf77/941c4794-379b-4efd-bccf-21c4f0c034b1/",
      "found_at": "http://www.example.com/index.html",
      "timestamp": "2018-01-09T06:18:32Z",
      "title": "Cross Site Scripting (XSS)",
      "definition": {
        "uuid": "7fe484a3-0072-43a4-9051-17b02e47e9c8",
        "description": "An attacker can inject JavaScript into the victim's browsers, which will execute under the vulnerable domain.",
        "risk": "An attacker can use this to steal cookies, phishing, tabnabbing etc.",
        "references": [
          {
            "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
            "link": "http://support.detectify.com/customer/en/portal/articles/1711512-cross-site-scripting",
            "name": "REMEDIATION - Detectify Support Center - Cross Site Scripting",
            "source": "Detectify"
          }
        ]
      },
      "score": [
        {
          "version": "2.0",
          "score": "6.4",
          "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"
        }
      ],
      "owasp": [
        {
          "year": "2017",
          "classification": "A7"
        }
      ],
      "cwe": 12,
      "details": [
        {
          "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
          "type": "Geography",
          "name": "default, service_provider_host, service_provider_name, service_provider_mail, domain_statistics_seed, domain_statistics_dns, domain_statistics_vhost, domain_statistics_crawler, boolean_based_sql_injection",
          "value": "59.3293° N, 18.0686° E, Sweden (SE), Stockholms län, Stockholm 117 33"
        }
      ],
      "tags": [
        {
          "type": "Tag New",
          "value": "new"
        }
      ],
      "target": {
        "uuid": "c063bd03-f4eb-4e66-bb22-425f2f90b1d2",
        "type": "Cookie",
        "name": "SessionId",
        "value": "7jq7ffrpe251o7rh5sapo079p2",
        "domain": "example.com",
        "path": "/",
        "secure": true,
        "httponly": "false",
        "expires": "2018-01-09T09:12:50Z",
        "address": "1.1.1.1",
        "port": 80,
        "url": "http://www.example.com/index.html",
        "request_method": "GET",
        "request_version": "1.1",
        "request_headers": [
          {
            "name": "special_header",
            "value": "special_value"
          }
        ],
        "request_body": "...",
        "request_body_base64": false,
        "response_status_code": 200,
        "response_reason_phrase": "OK",
        "response_version": "1.1",
        "response_headers": [
          {
            "name": "special_header",
            "value": "special_value"
          }
        ],
        "response_body": "...",
        "response_body_base64": false,
        "response_encoding": "utf-8"
      },
      "vulnerable_resources": {
        "vulnerable_headers": [
          {
            "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
            "name": "Strict-Transport-Security",
            "direction": "Request"
          }
        ],
        "expected_headers": [
          {
            "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
            "name": "Strict-Transport-Security",
            "direction": "Request",
            "value": "max-age=60000"
          }
        ],
        "vulnerable_cookies": [
          {
            "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
            "name": "SessionId"
          }
        ],
        "vulnerable_variables": [
          {
            "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
            "name": "username",
            "method": "GET"
          }
        ]
      },
      "command_lines": [
        {
          "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
          "unix": "traceroute -m 40 -w 0.5 213.80.101.97",
          "windows": "tracert -h 40 -w 500 213.80.101.97"
        }
      ],
      "highlights": [
        {
          "uuid": "c063bd03-f4eb-4e66-bb22-425f2f90b1d2",
          "field": "url",
          "offset": 7,
          "length": 15
        }
      ]
    }
  ]
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "token": {
      "type": "string",
      "description": "the report token"
    },
    "scan_profile_token": {
      "type": "string",
      "description": "the scan profile token"
    },
    "scan_profile_name": {
      "type": "string",
      "description": "the name of the scan profile"
    },
    "created": {
      "type": "string",
      "description": "the time the report was created"
    },
    "started": {
      "type": "string",
      "description": "the time the scan started"
    },
    "stopped": {
      "type": "string",
      "description": "the time the scan stopped"
    },
    "url": {
      "type": "string",
      "description": "the direct URL of the report"
    },
    "cvss": {
      "type": "number",
      "description": "the overall CVSS score of the report"
    },
    "high_level_findings": {
      "type": "number",
      "description": "the number of high level vulnerabilities"
    },
    "medium_level_findings": {
      "type": "number",
      "description": "the number of medium level vulnerabilities"
    },
    "low_level_findings": {
      "type": "number",
      "description": "the number of low level vulnerabilities"
    },
    "information_findings": {
      "type": "number",
      "description": "the number of information findings"
    },
    "findings": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "uuid": {
            "type": "string",
            "description": "the finding UUID"
          },
          "report_token": {
            "type": "string",
            "description": "the report token"
          },
          "scan_profile_token": {
            "type": "string",
            "description": "the scan profile token"
          },
          "signature": {
            "type": "string",
            "description": "the finding signature"
          },
          "url": {
            "type": "string",
            "description": "the direct URL of the finding"
          },
          "found_at": {
            "type": "string",
            "description": "the URL where the vulnerability was found"
          },
          "timestamp": {
            "type": "string",
            "description": "the time when the vulnerability was found"
          },
          "title": {
            "type": "string",
            "description": "the title of the finding"
          },
          "definition": {
            "type": "object",
            "properties": {
              "uuid": {
                "type": "string",
                "description": "the unique identifier of the node"
              },
              "description": {
                "type": "string",
                "description": "the generic description of the finding"
              },
              "risk": {
                "type": "string",
                "description": "the possible effect of the vulnerability"
              },
              "references": {
                "type": "array",
                "items": {
                  "type": "object",
                  "properties": {
                    "uuid": {
                      "type": "string",
                      "description": "the unique identifier of the node"
                    },
                    "link": {
                      "type": "string",
                      "description": "the URL of the reference"
                    },
                    "name": {
                      "type": "string",
                      "description": "the name of the reference"
                    },
                    "source": {
                      "type": "string",
                      "description": "the name of the reference source"
                    }
                  }
                },
                "description": "a collection of references for further reading"
              }
            },
            "description": "generic information about the vulnerability"
          },
          "score": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "version": {
                  "type": "string",
                  "description": "the CVSS version"
                },
                "score": {
                  "type": "string",
                  "description": "the CVSS score"
                },
                "vector": {
                  "type": "string",
                  "description": "the CVSS vector"
                }
              }
            },
            "description": "the CVSS scores of the finding"
          },
          "owasp": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "year": {
                  "type": "string",
                  "description": "the year of the OWASP classification"
                },
                "classification": {
                  "type": "string",
                  "description": "the OWASP classification"
                }
              }
            },
            "description": "the OWASP classification of the finding"
          },
          "cwe": {
            "type": "number",
            "description": "the CWE (Common Weakness Enumeration) identifier of the finding"
          },
          "details": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "uuid": {
                  "type": "string",
                  "description": "the unique identifier of the node"
                },
                "type": {
                  "type": "string",
                  "enum": [
                    "Geography",
                    "Graph",
                    "HTML",
                    "Image",
                    "Markdown",
                    "Text",
                    "Video"
                  ],
                  "description": "the type of the detail"
                },
                "name": {
                  "type": "string",
                  "description": "the name of the detail"
                },
                "value": {
                  "type": "string",
                  "description": "the value of the detail"
                }
              }
            },
            "description": "detailed information on the finding"
          },
          "tags": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "type": {
                  "type": "string",
                  "description": "the type of the tag"
                },
                "value": {
                  "type": "string",
                  "description": "the value of the tag"
                }
              }
            },
            "description": "finding tags"
          },
          "target": {
            "type": "object",
            "properties": {
              "uuid": {
                "type": "string",
                "description": "the unique identifier of the node"
              },
              "type": {
                "type": "string",
                "enum": [
                  "Cookie",
                  "Domain",
                  "HTTP",
                  "IP",
                  "URL"
                ],
                "description": "the type of the target"
              },
              "name": {
                "type": "string",
                "description": "the cookie name (Cookie)"
              },
              "value": {
                "type": "string",
                "description": "the cookie value (Cookie)"
              },
              "domain": {
                "type": "string",
                "description": "the cookie domain (Cookie)"
              },
              "path": {
                "type": "string",
                "description": "the cookie path (Cookie)"
              },
              "secure": {
                "type": "boolean",
                "description": "indicates whether the cookie is HTTPS only (Cookie)"
              },
              "httponly": {
                "type": "string",
                "description": "indicates whether the cookie is server side only (Cookie)"
              },
              "expires": {
                "type": "string",
                "description": "the timestamp when the cookie expires (Cookie)"
              },
              "address": {
                "type": "string",
                "description": "the domain name or IP address (Domain, IP)"
              },
              "port": {
                "type": "number",
                "description": "the port (IP)"
              },
              "url": {
                "type": "string",
                "description": "the target URL (HTTP, URL)"
              },
              "request_method": {
                "type": "string",
                "description": "the request method (HTTP)"
              },
              "request_version": {
                "type": "string",
                "description": "the request version (HTTP)"
              },
              "request_headers": {
                "type": "array",
                "description": "the array of request headers (HTTP)"
              },
              "request_body": {
                "type": "string",
                "description": "the request body (HTTP)"
              },
              "request_body_base64": {
                "type": "boolean",
                "description": "indicates whether the request body is BASE64 encoded (HTTP)"
              },
              "response_status_code": {
                "type": "number",
                "description": "the response status code (HTTP)"
              },
              "response_reason_phrase": {
                "type": "string",
                "description": "the response reason phrase (HTTP)"
              },
              "response_version": {
                "type": "string",
                "description": "the response version (HTTP)"
              },
              "response_headers": {
                "type": "array",
                "description": "the array of response headers (HTTP)"
              },
              "response_body": {
                "type": "string",
                "description": "the response body (HTTP)"
              },
              "response_body_base64": {
                "type": "boolean",
                "description": "indicates whether the response body is BASE64 encoded (HTTP)"
              },
              "response_encoding": {
                "type": "string",
                "description": "the response encoding"
              }
            },
            "description": "the target of the finding"
          },
          "vulnerable_resources": {
            "type": "object",
            "properties": {
              "vulnerable_headers": {
                "type": "array",
                "items": {
                  "type": "object",
                  "properties": {
                    "uuid": {
                      "type": "string",
                      "description": "the unique identifier of the node"
                    },
                    "name": {
                      "type": "string",
                      "description": "the header name"
                    },
                    "direction": {
                      "type": "string",
                      "enum": [
                        "Request",
                        "Response",
                        "Request/Response"
                      ],
                      "description": "the direction of the header"
                    }
                  }
                },
                "description": "the array of vulnerable headers"
              },
              "expected_headers": {
                "type": "array",
                "items": {
                  "type": "object",
                  "properties": {
                    "uuid": {
                      "type": "string",
                      "description": "the unique identifier of the node"
                    },
                    "name": {
                      "type": "string",
                      "description": "the header name"
                    },
                    "direction": {
                      "type": "string",
                      "enum": [
                        "Request",
                        "Response",
                        "Request/Response"
                      ],
                      "description": "the direction of the header"
                    },
                    "value": {
                      "type": "string",
                      "description": "the expected value"
                    }
                  }
                },
                "description": "the array of expected headers"
              },
              "vulnerable_cookies": {
                "type": "array",
                "items": {
                  "type": "object",
                  "properties": {
                    "uuid": {
                      "type": "string",
                      "description": "the unique identifier of the node"
                    },
                    "name": {
                      "type": "string",
                      "description": "the cookie name"
                    }
                  }
                },
                "description": "the array of vulnerable cookies"
              },
              "vulnerable_variables": {
                "type": "array",
                "items": {
                  "type": "object",
                  "properties": {
                    "uuid": {
                      "type": "string",
                      "description": "the unique identifier of the node"
                    },
                    "name": {
                      "type": "string",
                      "description": "the variable name"
                    },
                    "method": {
                      "type": "string",
                      "description": "the HTTP method"
                    }
                  }
                },
                "description": "the array of vulnerable variables"
              }
            },
            "description": "resources on the vulnerability"
          },
          "command_lines": {
            "type": "array",
            "description": "the command lines to reproduce the finding"
          },
          "highlights": {
            "type": "array",
            "description": "the highlights within the finding"
          }
        }
      },
      "description": "the findings"
    }
  }
}

Bad Request - One or more parameters are malformed.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Unauthorized - The API key or the message signature is invalid.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Forbidden - The API key cannot access this endpoint.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Not Found - The report does not exist.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Bad Gateway - The REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Temporary outage within the Detectify infrastructure, possibly due to an upgrade of a Detectify component. Please try again later.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Gateway Timeout - Indicates that the request could not be processed in time, possibly due to overload. Please try again later.

Get single full report
GET/rest/v2/fullreports/{scan_profile_token}/{report_token}/{?severity,from,to}

Only available for Enterprise plan.

Returns the full report for the scan profile identified by the scan profile token and report token.

The findings within the report can be filtered based on severity and time interval using the from and to parameters. Time interval values must be specified in ISO 8601 format (encoded when containing UTC offset) or Unix time. The call returns a maximum of two thousand findings. Please use filtering if the report contains more.

Timestamps are in ISO 8601 format, UTC.

URI Parameters
HideShow
scan_profile_token
string (required) Example: 5605b488634efe810dff4276e28ca7f9

The scan profile token.

report_token
string (required) Example: 60a0fae258d2c952765e81054929c8e6a6fdbdf77

The report token.

severity
string (optional) 

Filters the findings based on the finding severity.

Choices: high medium low information

from
string (optional) Example: 1516114800

Filters the last updated findings before the specified timestamp.

to
string (optional) Example: 1516119398

Filters the last updated findings after the specified timestamp.


Get latest full report

GET /rest/v2/fullreports/5605b488634efe810dff4276e28ca7f9/latest/?severity=&from=1516114800&to=1516119398
Requestsexample 1
Headers
X-Detectify-Key: YourAPIKey
X-Detectify-Signature: YourMessageSignature
X-Detectify-Timestamp: YourTimestamp
Responses200400401403404502503504

OK - Returned report.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
  "scan_profile_token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
  "scan_profile_name": "example profile",
  "created": "2018-01-09T06:07:12Z",
  "started": "2018-01-09T06:07:32Z",
  "stopped": "2018-01-09T17:13:52Z",
  "url": "https://detectify.com/report/5605b488634efe810dff4276e28ca7f9/60a0fae258d2c952765e81054929c8e6a6fdbdf77/",
  "cvss": 9.3,
  "high_level_findings": 4,
  "medium_level_findings": 7,
  "low_level_findings": 11,
  "information_findings": 18,
  "findings": [
    {
      "uuid": "941c4794-379b-4efd-bccf-21c4f0c034b1",
      "report_token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
      "scan_profile_token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
      "signature": "52eadaa2-fb97-11e7-8c3f-9a214cf093ae",
      "url": "https://detectify.com/report/5605b488634efe810dff4276e28ca7f9/60a0fae258d2c952765e81054929c8e6a6fdbdf77/941c4794-379b-4efd-bccf-21c4f0c034b1/",
      "found_at": "http://www.example.com/index.html",
      "timestamp": "2018-01-09T06:18:32Z",
      "title": "Cross Site Scripting (XSS)",
      "definition": {
        "uuid": "7fe484a3-0072-43a4-9051-17b02e47e9c8",
        "description": "An attacker can inject JavaScript into the victim's browsers, which will execute under the vulnerable domain.",
        "risk": "An attacker can use this to steal cookies, phishing, tabnabbing etc.",
        "references": [
          {
            "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
            "link": "http://support.detectify.com/customer/en/portal/articles/1711512-cross-site-scripting",
            "name": "REMEDIATION - Detectify Support Center - Cross Site Scripting",
            "source": "Detectify"
          }
        ]
      },
      "score": [
        {
          "version": "2.0",
          "score": "6.4",
          "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"
        }
      ],
      "owasp": [
        {
          "year": "2017",
          "classification": "A7"
        }
      ],
      "cwe": 12,
      "details": [
        {
          "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
          "type": "Geography",
          "name": "default, service_provider_host, service_provider_name, service_provider_mail, domain_statistics_seed, domain_statistics_dns, domain_statistics_vhost, domain_statistics_crawler, boolean_based_sql_injection",
          "value": "59.3293° N, 18.0686° E, Sweden (SE), Stockholms län, Stockholm 117 33"
        }
      ],
      "tags": [
        {
          "type": "Tag New",
          "value": "new"
        }
      ],
      "target": {
        "uuid": "c063bd03-f4eb-4e66-bb22-425f2f90b1d2",
        "type": "Cookie",
        "name": "SessionId",
        "value": "7jq7ffrpe251o7rh5sapo079p2",
        "domain": "example.com",
        "path": "/",
        "secure": true,
        "httponly": "false",
        "expires": "2018-01-09T09:12:50Z",
        "address": "1.1.1.1",
        "port": 80,
        "url": "http://www.example.com/index.html",
        "request_method": "GET",
        "request_version": "1.1",
        "request_headers": [
          {
            "name": "special_header",
            "value": "special_value"
          }
        ],
        "request_body": "...",
        "request_body_base64": false,
        "response_status_code": 200,
        "response_reason_phrase": "OK",
        "response_version": "1.1",
        "response_headers": [
          {
            "name": "special_header",
            "value": "special_value"
          }
        ],
        "response_body": "...",
        "response_body_base64": false,
        "response_encoding": "utf-8"
      },
      "vulnerable_resources": {
        "vulnerable_headers": [
          {
            "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
            "name": "Strict-Transport-Security",
            "direction": "Request"
          }
        ],
        "expected_headers": [
          {
            "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
            "name": "Strict-Transport-Security",
            "direction": "Request",
            "value": "max-age=60000"
          }
        ],
        "vulnerable_cookies": [
          {
            "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
            "name": "SessionId"
          }
        ],
        "vulnerable_variables": [
          {
            "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
            "name": "username",
            "method": "GET"
          }
        ]
      },
      "command_lines": [
        {
          "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
          "unix": "traceroute -m 40 -w 0.5 213.80.101.97",
          "windows": "tracert -h 40 -w 500 213.80.101.97"
        }
      ],
      "highlights": [
        {
          "uuid": "c063bd03-f4eb-4e66-bb22-425f2f90b1d2",
          "field": "url",
          "offset": 7,
          "length": 15
        }
      ]
    }
  ]
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "token": {
      "type": "string",
      "description": "the report token"
    },
    "scan_profile_token": {
      "type": "string",
      "description": "the scan profile token"
    },
    "scan_profile_name": {
      "type": "string",
      "description": "the name of the scan profile"
    },
    "created": {
      "type": "string",
      "description": "the time the report was created"
    },
    "started": {
      "type": "string",
      "description": "the time the scan started"
    },
    "stopped": {
      "type": "string",
      "description": "the time the scan stopped"
    },
    "url": {
      "type": "string",
      "description": "the direct URL of the report"
    },
    "cvss": {
      "type": "number",
      "description": "the overall CVSS score of the report"
    },
    "high_level_findings": {
      "type": "number",
      "description": "the number of high level vulnerabilities"
    },
    "medium_level_findings": {
      "type": "number",
      "description": "the number of medium level vulnerabilities"
    },
    "low_level_findings": {
      "type": "number",
      "description": "the number of low level vulnerabilities"
    },
    "information_findings": {
      "type": "number",
      "description": "the number of information findings"
    },
    "findings": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "uuid": {
            "type": "string",
            "description": "the finding UUID"
          },
          "report_token": {
            "type": "string",
            "description": "the report token"
          },
          "scan_profile_token": {
            "type": "string",
            "description": "the scan profile token"
          },
          "signature": {
            "type": "string",
            "description": "the finding signature"
          },
          "url": {
            "type": "string",
            "description": "the direct URL of the finding"
          },
          "found_at": {
            "type": "string",
            "description": "the URL where the vulnerability was found"
          },
          "timestamp": {
            "type": "string",
            "description": "the time when the vulnerability was found"
          },
          "title": {
            "type": "string",
            "description": "the title of the finding"
          },
          "definition": {
            "type": "object",
            "properties": {
              "uuid": {
                "type": "string",
                "description": "the unique identifier of the node"
              },
              "description": {
                "type": "string",
                "description": "the generic description of the finding"
              },
              "risk": {
                "type": "string",
                "description": "the possible effect of the vulnerability"
              },
              "references": {
                "type": "array",
                "items": {
                  "type": "object",
                  "properties": {
                    "uuid": {
                      "type": "string",
                      "description": "the unique identifier of the node"
                    },
                    "link": {
                      "type": "string",
                      "description": "the URL of the reference"
                    },
                    "name": {
                      "type": "string",
                      "description": "the name of the reference"
                    },
                    "source": {
                      "type": "string",
                      "description": "the name of the reference source"
                    }
                  }
                },
                "description": "a collection of references for further reading"
              }
            },
            "description": "generic information about the vulnerability"
          },
          "score": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "version": {
                  "type": "string",
                  "description": "the CVSS version"
                },
                "score": {
                  "type": "string",
                  "description": "the CVSS score"
                },
                "vector": {
                  "type": "string",
                  "description": "the CVSS vector"
                }
              }
            },
            "description": "the CVSS scores of the finding"
          },
          "owasp": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "year": {
                  "type": "string",
                  "description": "the year of the OWASP classification"
                },
                "classification": {
                  "type": "string",
                  "description": "the OWASP classification"
                }
              }
            },
            "description": "the OWASP classification of the finding"
          },
          "cwe": {
            "type": "number",
            "description": "the CWE (Common Weakness Enumeration) identifier of the finding"
          },
          "details": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "uuid": {
                  "type": "string",
                  "description": "the unique identifier of the node"
                },
                "type": {
                  "type": "string",
                  "enum": [
                    "Geography",
                    "Graph",
                    "HTML",
                    "Image",
                    "Markdown",
                    "Text",
                    "Video"
                  ],
                  "description": "the type of the detail"
                },
                "name": {
                  "type": "string",
                  "description": "the name of the detail"
                },
                "value": {
                  "type": "string",
                  "description": "the value of the detail"
                }
              }
            },
            "description": "detailed information on the finding"
          },
          "tags": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "type": {
                  "type": "string",
                  "description": "the type of the tag"
                },
                "value": {
                  "type": "string",
                  "description": "the value of the tag"
                }
              }
            },
            "description": "finding tags"
          },
          "target": {
            "type": "object",
            "properties": {
              "uuid": {
                "type": "string",
                "description": "the unique identifier of the node"
              },
              "type": {
                "type": "string",
                "enum": [
                  "Cookie",
                  "Domain",
                  "HTTP",
                  "IP",
                  "URL"
                ],
                "description": "the type of the target"
              },
              "name": {
                "type": "string",
                "description": "the cookie name (Cookie)"
              },
              "value": {
                "type": "string",
                "description": "the cookie value (Cookie)"
              },
              "domain": {
                "type": "string",
                "description": "the cookie domain (Cookie)"
              },
              "path": {
                "type": "string",
                "description": "the cookie path (Cookie)"
              },
              "secure": {
                "type": "boolean",
                "description": "indicates whether the cookie is HTTPS only (Cookie)"
              },
              "httponly": {
                "type": "string",
                "description": "indicates whether the cookie is server side only (Cookie)"
              },
              "expires": {
                "type": "string",
                "description": "the timestamp when the cookie expires (Cookie)"
              },
              "address": {
                "type": "string",
                "description": "the domain name or IP address (Domain, IP)"
              },
              "port": {
                "type": "number",
                "description": "the port (IP)"
              },
              "url": {
                "type": "string",
                "description": "the target URL (HTTP, URL)"
              },
              "request_method": {
                "type": "string",
                "description": "the request method (HTTP)"
              },
              "request_version": {
                "type": "string",
                "description": "the request version (HTTP)"
              },
              "request_headers": {
                "type": "array",
                "description": "the array of request headers (HTTP)"
              },
              "request_body": {
                "type": "string",
                "description": "the request body (HTTP)"
              },
              "request_body_base64": {
                "type": "boolean",
                "description": "indicates whether the request body is BASE64 encoded (HTTP)"
              },
              "response_status_code": {
                "type": "number",
                "description": "the response status code (HTTP)"
              },
              "response_reason_phrase": {
                "type": "string",
                "description": "the response reason phrase (HTTP)"
              },
              "response_version": {
                "type": "string",
                "description": "the response version (HTTP)"
              },
              "response_headers": {
                "type": "array",
                "description": "the array of response headers (HTTP)"
              },
              "response_body": {
                "type": "string",
                "description": "the response body (HTTP)"
              },
              "response_body_base64": {
                "type": "boolean",
                "description": "indicates whether the response body is BASE64 encoded (HTTP)"
              },
              "response_encoding": {
                "type": "string",
                "description": "the response encoding"
              }
            },
            "description": "the target of the finding"
          },
          "vulnerable_resources": {
            "type": "object",
            "properties": {
              "vulnerable_headers": {
                "type": "array",
                "items": {
                  "type": "object",
                  "properties": {
                    "uuid": {
                      "type": "string",
                      "description": "the unique identifier of the node"
                    },
                    "name": {
                      "type": "string",
                      "description": "the header name"
                    },
                    "direction": {
                      "type": "string",
                      "enum": [
                        "Request",
                        "Response",
                        "Request/Response"
                      ],
                      "description": "the direction of the header"
                    }
                  }
                },
                "description": "the array of vulnerable headers"
              },
              "expected_headers": {
                "type": "array",
                "items": {
                  "type": "object",
                  "properties": {
                    "uuid": {
                      "type": "string",
                      "description": "the unique identifier of the node"
                    },
                    "name": {
                      "type": "string",
                      "description": "the header name"
                    },
                    "direction": {
                      "type": "string",
                      "enum": [
                        "Request",
                        "Response",
                        "Request/Response"
                      ],
                      "description": "the direction of the header"
                    },
                    "value": {
                      "type": "string",
                      "description": "the expected value"
                    }
                  }
                },
                "description": "the array of expected headers"
              },
              "vulnerable_cookies": {
                "type": "array",
                "items": {
                  "type": "object",
                  "properties": {
                    "uuid": {
                      "type": "string",
                      "description": "the unique identifier of the node"
                    },
                    "name": {
                      "type": "string",
                      "description": "the cookie name"
                    }
                  }
                },
                "description": "the array of vulnerable cookies"
              },
              "vulnerable_variables": {
                "type": "array",
                "items": {
                  "type": "object",
                  "properties": {
                    "uuid": {
                      "type": "string",
                      "description": "the unique identifier of the node"
                    },
                    "name": {
                      "type": "string",
                      "description": "the variable name"
                    },
                    "method": {
                      "type": "string",
                      "description": "the HTTP method"
                    }
                  }
                },
                "description": "the array of vulnerable variables"
              }
            },
            "description": "resources on the vulnerability"
          },
          "command_lines": {
            "type": "array",
            "description": "the command lines to reproduce the finding"
          },
          "highlights": {
            "type": "array",
            "description": "the highlights within the finding"
          }
        }
      },
      "description": "the findings"
    }
  }
}

Bad Request - One or more parameters are malformed.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Unauthorized - The API key or the message signature is invalid.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Forbidden - The API key cannot access this endpoint.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Not Found - The report does not exist.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Bad Gateway - The REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Temporary outage within the Detectify infrastructure, possibly due to an upgrade of a Detectify component. Please try again later.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "error": {
    "code": 1000,
    "message": "Error message",
    "parameters": [
      "error parameter"
    ],
    "more_info": "https://developer.detectity.com/#error-1000"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "error": {
      "type": "object",
      "properties": {
        "code": {
          "type": "number",
          "description": "the error code"
        },
        "message": {
          "type": "string",
          "description": "the message highlighting the cause of the error"
        },
        "parameters": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "the parameters associated with the cause"
        },
        "more_info": {
          "type": "string",
          "description": "the URL for the error documentation"
        }
      },
      "description": "the description of the error"
    }
  }
}

Gateway Timeout - Indicates that the request could not be processed in time, possibly due to overload. Please try again later.

Get latest full report
GET/rest/v2/fullreports/{scan_profile_token}/latest/{?severity,from,to}

Only available for Enterprise plan.

Returns the latest report for the scan profile identified by the scan profile token. The scan profile token can be retrieved using Get scan profiles.

If there is no scan running for the profile, the response contains the report for the last scan; otherwise, the (partial) report for the ongoing scan. The findings within the report can be filtered based on severity and time interval using the from and to parameters. Time interval values must be specified in ISO 8601 format (encoded when containing UTC offset) or Unix time. The call returns a maximum of two thousand findings. Please use filtering if the report contains more.

Timestamps are in ISO 8601 format, UTC.

URI Parameters
HideShow
scan_profile_token
string (required) Example: 5605b488634efe810dff4276e28ca7f9

The scan profile token.

severity