// docs / rest api
REST API
Bearer-authenticated JSON API for scan automation, scan status, and findings. Passive scans are available through REST; active scans are available for paid plans only after the domain is verified and explicitly authorized in the dashboard.
Mirkaneessa eenyummaa
Request hundi header Authorization keessatti bearer token qabaachuu qaba. Tokens Account → API tokens irraa kennamu; plaintext yeroo uumamu si'a tokko qofa sitti mul'ata. Token revoke gochuun waamicha itti aanu irratti 401 deebisa.
curl -H "Authorization: Bearer fxv_..." \
https://fixvibe.app/api/v1/scansBifa token: fxv_ fi isa booda arfii base64url 43. Kuusaa keessatti SHA-256 hash ta'ee tura; plaintext server-side gonkumaa hin kuusamu.
Daangaa saffisaa
Request mirkanaa'e hundarratti windows lama: 10 req/sec burst fi 60 req/min steady; lamaan isaanii bearer hash irratti hidhata. Quota enforcement (cap scan ji'aa) isa irratti dabalama; Quota fi daangaa ilaali.
Pagination
List endpoints (/api/v1/scans, /api/v1/findings) cursor-based pagination fayyadamu; (created_at, id) irratti tartiiba gadi-bu'aa. Fuula itti aanu argachuuf ?cursor=<next_cursor> dabarsi. Cursor barreessuu waliin-yeroo jalatti sirrii tura (OFFSET skew hin jiru).
Bifa dogoggoraa
Dogoggorri hundi JSON object yoo xiqqaate furtuu error qabu dha.
{ "error": "invalid_token" } // 401
{ "error": "forbidden" } // 403
{ "error": "not_found" } // 404
{ "error": "quota_exceeded", "quota": {...} } // 429
{ "error": "rate_limited", "retry_after_seconds": 47 } // 429
{ "error": "invalid_input", "issues": [...] } // 400Endpoints
Scan jalqabi
/api/v1/scansEnqueues a passive scan by default. For verified domains with active authorization, paid plans can request active mode. Returns immediately with a queued scan id; poll GET /api/v1/scans/[scanId] until status === "completed".
curl -X POST https://fixvibe.app/api/v1/scans \
-H "Authorization: Bearer fxv_..." \
-H "content-type: application/json" \
-d '{"target":"https://staging.example.com"}'// deebii 200
{
"id": "8f1c4e2a-8c3a-4b6f-9c0d-9b1e8f3c2a4d",
"status": "queued",
"target": "https://staging.example.com",
"mode": "passive"
}Sakatta'iinsota kee tarreessi
/api/v1/scansScans org token waamuun walqabateef deebisa, kan haaraa dursee. ?cursor= fayyadamuun paginate godhi. Default limit 50, max 100.
curl -H "Authorization: Bearer fxv_..." \
"https://fixvibe.app/api/v1/scans?limit=25"// deebii 200
{
"scans": [
{
"id": "8f1c4e2a-...",
"target_url": "https://staging.example.com",
"target_hostname": "staging.example.com",
"mode": "passive",
"status": "completed",
"started_at": "2026-05-07T14:00:00Z",
"completed_at": "2026-05-07T14:00:23Z",
"findings_count": { "critical": 1, "high": 3, "medium": 7, "low": 2, "info": 4 },
"triggered_by": "api",
"created_at": "2026-05-07T14:00:00Z"
}
],
"next_cursor": "2026-05-07T14:00:00Z:8f1c4e2a-..."
}Scan tokko argadhu
/api/v1/scans/{scanId}Scan envelope + cuunfaa severity per-category default dhaan deebisa. Gabaasa guutuu argachuuf ?include_findings=true dabarsi (scan sagalee qabuuf guddaa dha; findings endpoint filters waliin filadhu).
curl -H "Authorization: Bearer fxv_..." \
https://fixvibe.app/api/v1/scans/8f1c4e2a-8c3a-4b6f-9c0d-9b1e8f3c2a4dArgannoowwan tarreessi
/api/v1/findingsTarree argannoowwan filter ta'u danda'u scan hunda org waama keessaa. Filters: severity=critical,high, check_id=secrets.patterns, since=2026-04-01T00:00:00Z. Cursor-paginated.
curl -H "Authorization: Bearer fxv_..." \
"https://fixvibe.app/api/v1/findings?severity=critical,high&limit=50"// deebii 200
{
"findings": [
{
"id": "...",
"scan_id": "...",
"check_id": "secrets.js-bundle-sweep",
"severity": "critical",
"title": "Supabase service role key exposed in JS bundle",
"description": "...",
"evidence": { ... },
"remediation": "...",
"cwe_id": "CWE-798",
"created_at": "2026-05-07T14:00:23Z"
}
],
"next_cursor": null
}OpenAPI spec
Spec mashinaan dubbifamu /docs/api/openapi irratti jira (text/yaml). Client typed argachuuf gara codegen jaallattu (openapi-typescript, openapi-python-client, ykn OpenAPI 3.1 toolchain kamiyyuu) keessa galchi.