Free & open API

API Documentation

Integrate WebCheckApp security scans into your own tools, dashboards, or CI/CD pipelines.

Scan endpoint

GET /api/v1/scan?url=example.com

Runs a full security scan and returns JSON results. Results are cached for 1 hour — repeat calls within that window return instantly.

Rate limit: 5 requests per minute per IP.

Parameters

Parameter	Type	Required	Description
`url`	string	Yes	The domain or URL to scan. e.g. `example.com` or `https://example.com`

Example request

curl "https://webcheckapp.com/api/v1/scan?url=example.com"

Example response

{
  "url": "https://example.com",
  "host": "example.com",
  "score": 74,
  "grade": "B-",
  "scanned_at": "2025-03-27T14:22:01+00:00",
  "cached": false,
  "report_url": "https://webcheckapp.com/scan/abc123",
  "categories": {
    "ssl": {
      "category": "SSL & HTTPS",
      "score": 95,
      "checks": [
        {
          "id": "ssl_available",
          "label": "HTTPS / SSL enabled",
          "status": "pass",
          "description": "The website is accessible over HTTPS.",
          "recommendation": null
        },
        ...
      ]
    },
    "headers": { ... },
    "dns": { ... },
    "performance": { ... },
    "content": { ... },
    "technology": { ... },
    "malware": { ... },
    "exposed_files": { ... },
    "ports": { ... },
    "privacy": { ... },
    "trust": { ... }
  }
}

Response status codes

Code	Meaning
200	Scan completed successfully
422	Invalid or missing URL parameter
429	Rate limit exceeded (5 req/min)
500	Host unreachable or scan failed

Ready to try it?

The API is free with no authentication required. Just start making requests.

Try a live request