// docs / rest api
REST API
Bearer-authenticated JSON API for scan automation, scan status, and findings. Passive scans are available through REST; active scans are available for paid plans only after the domain is verified and explicitly authorized in the dashboard.
Authentication
દરેક request માં Authorization header માં bearer token હોવું જોઈએ. Tokens Account → API tokens માંથી issued થાય છે; plaintext creation વખતે તમને માત્ર એક જ વાર બતાય છે. Token revoke કરવાથી next call 401 return કરે છે.
curl -H "Authorization: Bearer fxv_..." \
https://fixvibe.app/api/v1/scansToken format: fxv_ પછી 43 base64url characters. At rest SHA-256 hash તરીકે stored; plaintext server-side ક્યારેય persist થતું નથી.
Rate limits
દરેક authenticated request પર બે windows: 10 req/sec burst અને 60 req/min steady, બંને bearer hash પર keyed. Quota enforcement (per-month scan caps) ઉપર layer થાય છે; Quotas & limits જુઓ.
Pagination
List endpoints (/api/v1/scans, /api/v1/findings) descending order માં (created_at, id) પર keyed cursor-based pagination વાપરે છે. Next page fetch કરવા ?cursor=<next_cursor> pass કરો. Concurrent writes હેઠળ પણ cursor correct રહે છે (OFFSET skew નથી).
Error સ્વરૂપો
દરેક error ઓછામાં ઓછા error key ધરાવતું JSON object છે.
{ "error": "invalid_token" } // 401
{ "error": "forbidden" } // 403
{ "error": "not_found" } // 404
{ "error": "quota_exceeded", "quota": {...} } // 429
{ "error": "rate_limited", "retry_after_seconds": 47 } // 429
{ "error": "invalid_input", "issues": [...] } // 400Endpoints
Scan start કરો
/api/v1/scansEnqueues a passive scan by default. For verified domains with active authorization, paid plans can request active mode. Returns immediately with a queued scan id; poll GET /api/v1/scans/[scanId] until status === "completed".
curl -X POST https://fixvibe.app/api/v1/scans \
-H "Authorization: Bearer fxv_..." \
-H "content-type: application/json" \
-d '{"target":"https://staging.example.com"}'// 200 response
{
"id": "8f1c4e2a-8c3a-4b6f-9c0d-9b1e8f3c2a4d",
"status": "queued",
"target": "https://staging.example.com",
"mode": "passive"
}તમારા scans list કરો
/api/v1/scansCalling token સાથે tied org માટે scans return કરે છે, newest first. ?cursor= વડે paginate કરો. Default limit 50, max 100.
curl -H "Authorization: Bearer fxv_..." \
"https://fixvibe.app/api/v1/scans?limit=25"// 200 response
{
"scans": [
{
"id": "8f1c4e2a-...",
"target_url": "https://staging.example.com",
"target_hostname": "staging.example.com",
"mode": "passive",
"status": "completed",
"started_at": "2026-05-07T14:00:00Z",
"completed_at": "2026-05-07T14:00:23Z",
"findings_count": { "critical": 1, "high": 3, "medium": 7, "low": 2, "info": 4 },
"triggered_by": "api",
"created_at": "2026-05-07T14:00:00Z"
}
],
"next_cursor": "2026-05-07T14:00:00Z:8f1c4e2a-..."
}Scan મેળવો
/api/v1/scans/{scanId}Default રૂપે scan envelope + per-category severity summary return કરે છે. Full report મેળવવા ?include_findings=true pass કરો (noisy scans માટે large; filters સાથે findings endpoint prefer કરો).
curl -H "Authorization: Bearer fxv_..." \
https://fixvibe.app/api/v1/scans/8f1c4e2a-8c3a-4b6f-9c0d-9b1e8f3c2a4dFindings list કરો
/api/v1/findingsCaller org ના દરેક scan ઉપર filterable findings list. Filters: severity=critical,high, check_id=secrets.patterns, since=2026-04-01T00:00:00Z. Cursor-paginated.
curl -H "Authorization: Bearer fxv_..." \
"https://fixvibe.app/api/v1/findings?severity=critical,high&limit=50"// 200 response
{
"findings": [
{
"id": "...",
"scan_id": "...",
"check_id": "secrets.js-bundle-sweep",
"severity": "critical",
"title": "Supabase service role key exposed in JS bundle",
"description": "...",
"evidence": { ... },
"remediation": "...",
"cwe_id": "CWE-798",
"created_at": "2026-05-07T14:00:23Z"
}
],
"next_cursor": null
}OpenAPI spec
/docs/api/openapi પર machine-readable spec (text/yaml). Typed clients માટે તમારા મનપસંદ codegen (openapi-typescript, openapi-python-client, અથવા કોઈપણ OpenAPI 3.1 toolchain) માં drop કરો.