// docs / rest api
REST API
Bearer-authenticated JSON API for scan automation, scan status, and findings. Passive scans are available through REST; active scans are available for paid plans only after the domain is verified and explicitly authorized in the dashboard.
Fanamarinana
Ny request rehetra dia tsy maintsy mitondra Bearer token ao amin’ny header Authorization. Avy amin’ny Kaonty → API tokens no avoaka ny tokens; aseho aminao indray mandeha monja ny plaintext rehefa foronina. Raha foanana token iray dia miverina 401 ny antso manaraka.
curl -H "Authorization: Bearer fxv_..." \
https://fixvibe.app/api/v1/scansEndriky ny token: fxv_ arahin’ny litera base64url 43. Tehirizina amin’ny fitsaharana ho hash SHA-256; tsy tehirizina amin’ny server mihitsy ny plaintext.
Fetran’ny tahan’ny request
Varavarankely roa amin’ny request voamarina rehetra: burst 10 req/sec sy steady 60 req/min, samy mifamatotra amin’ny Bearer hash. Manampy eo amboniny ny fampiharana quota (fetran’ny scan isam-bolana); jereo Quota sy fetra.
Paginasiôna
Ny endpoints lisitra (/api/v1/scans, /api/v1/findings) dia mampiasa cursor-based pagination mifototra amin’ny (created_at, id) amin’ny filaharana midina. Alefaso ?cursor=<next_cursor> haka ny pejy manaraka. Mijanona marina ny cursor na misy writes concurrent aza (tsy misy OFFSET skew).
Endriky ny error
Ny error rehetra dia JSON object manana farafahakeliny key error.
{ "error": "invalid_token" } // 401
{ "error": "forbidden" } // 403
{ "error": "not_found" } // 404
{ "error": "quota_exceeded", "quota": {...} } // 429
{ "error": "rate_limited", "retry_after_seconds": 47 } // 429
{ "error": "invalid_input", "issues": [...] } // 400Toerana antso
Manomboka scan
/api/v1/scansEnqueues a passive scan by default. For verified domains with active authorization, paid plans can request active mode. Returns immediately with a queued scan id; poll GET /api/v1/scans/[scanId] until status === "completed".
curl -X POST https://fixvibe.app/api/v1/scans \
-H "Authorization: Bearer fxv_..." \
-H "content-type: application/json" \
-d '{"target":"https://staging.example.com"}'// valiny 200
{
"id": "8f1c4e2a-8c3a-4b6f-9c0d-9b1e8f3c2a4d",
"status": "queued",
"target": "https://staging.example.com",
"mode": "passive"
}Tanisao ny scans-nao
/api/v1/scansMamerina scans ho an’ny org mifamatotra amin’ilay token miantso, ny vaovao indrindra aloha. Ataovy pagination amin’ny ?cursor=. Fetra default 50, ambony indrindra 100.
curl -H "Authorization: Bearer fxv_..." \
"https://fixvibe.app/api/v1/scans?limit=25"// valiny 200
{
"scans": [
{
"id": "8f1c4e2a-...",
"target_url": "https://staging.example.com",
"target_hostname": "staging.example.com",
"mode": "passive",
"status": "completed",
"started_at": "2026-05-07T14:00:00Z",
"completed_at": "2026-05-07T14:00:23Z",
"findings_count": { "critical": 1, "high": 3, "medium": 7, "low": 2, "info": 4 },
"triggered_by": "api",
"created_at": "2026-05-07T14:00:00Z"
}
],
"next_cursor": "2026-05-07T14:00:00Z:8f1c4e2a-..."
}Makà scan
/api/v1/scans/{scanId}Mamerina scan envelope + famintinana severity isaky ny category amin’ny default. Alefaso ?include_findings=true hahazoana tatitra feno (lehibe amin’ny scan be tabataba; aleo endpoint findings misy filters).
curl -H "Authorization: Bearer fxv_..." \
https://fixvibe.app/api/v1/scans/8f1c4e2a-8c3a-4b6f-9c0d-9b1e8f3c2a4dTanisao findings
/api/v1/findingsLisitra findings azo sivana manerana ny scan rehetra ao amin’ny org an’ilay miantso. Filters: severity=critical,high, check_id=secrets.patterns, since=2026-04-01T00:00:00Z. Cursor-paginated.
curl -H "Authorization: Bearer fxv_..." \
"https://fixvibe.app/api/v1/findings?severity=critical,high&limit=50"// valiny 200
{
"findings": [
{
"id": "...",
"scan_id": "...",
"check_id": "secrets.js-bundle-sweep",
"severity": "critical",
"title": "Supabase service role key exposed in JS bundle",
"description": "...",
"evidence": { ... },
"remediation": "...",
"cwe_id": "CWE-798",
"created_at": "2026-05-07T14:00:23Z"
}
],
"next_cursor": null
}Spec OpenAPI
Spec azo vakin’ny milina ao amin’ny /docs/api/openapi (text/yaml). Ampidiro ao amin’ny codegen tianao (openapi-typescript, openapi-python-client, na OpenAPI 3.1 toolchain rehetra) hahazoana clients typed.