Security Scanning API for Developers

Integrate enterprise-grade security scanning into your CI/CD pipeline. 20+ scanners, RESTful API, real-time webhooks.

# Get your API key from profile
API_KEY="your_api_key_here"

# Create a target
curl -X POST https://secably.com/api/v1/targets/ \
  -H "Authorization: Bearer $API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"name":"My Server","target_value":"example.com","target_type":"hostname"}'

# Start an Nmap scan
curl -X POST https://secably.com/api/v1/nmap/scan/ \
  -H "Authorization: Bearer $API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"target_id":123,"scan_config":{"scan_type":"full","port_range":"1-1000"}}'

# Response
{
  "scan_id": 5309,
  "status": "queued",
  "message": "Nmap scan started successfully"
}

# Check scan status
curl https://secably.com/api/v1/nmap/scan/5309/ \
  -H "Authorization: Bearer $API_KEY"

import requests

# Initialize the client
api_key = "YOUR_API_KEY"
headers = {
    "Authorization": f"Bearer {api_key}",
    "Content-Type": "application/json"
}

# Create a target
target_response = requests.post(
    "https://secably.com/api/v1/targets/",
    headers=headers,
    json={
        "name": "My Server",
        "target_value": "example.com",
        "target_type": "hostname"
    }
)
target_id = target_response.json()["id"]

# Start SSLyze SSL/TLS scan
scan_response = requests.post(
    "https://secably.com/api/v1/sslyze/scan/",
    headers=headers,
    json={
        "target_id": target_id,
        "scan_config": {
            "check_certificate": True,
            "check_tls_versions": True
        }
    }
)

scan_data = scan_response.json()
print(f"Scan ID: {scan_data['scan_id']}")
print(f"Status: {scan_data['status']}")

# Check scan status
status_response = requests.get(
    f"https://secably.com/api/v1/sslyze/scan/{scan_data['scan_id']}/",
    headers=headers
)
print(f"Security Score: {status_response.json()['security_score']}")

const axios = require('axios');

const API_KEY = 'YOUR_API_KEY';
const BASE_URL = 'https://secably.com/api/v1';

const headers = {
  'Authorization': `Bearer ${API_KEY}`,
  'Content-Type': 'application/json'
};

// Start a scan workflow
const runSecurityScan = async () => {
  try {
    // Create target
    const targetRes = await axios.post(
      `${BASE_URL}/targets/`,
      {
        name: 'My Server',
        target_value: 'example.com',
        target_type: 'hostname'
      },
      { headers }
    );

    const targetId = targetRes.data.id;
    console.log(`Target created: ${targetId}`);

    // Start OpenVAS scan
    const scanRes = await axios.post(
      `${BASE_URL}/openvas/scan/`,
      {
        target_id: targetId,
        scan_config: {
          scan_profile: 'full_and_fast'
        }
      },
      { headers }
    );

    console.log(`Scan started: ${scanRes.data.scan_id}`);
    console.log(`Status: ${scanRes.data.status}`);
  } catch (error) {
    console.error('Error:', error.response?.data || error.message);
  }
};

runSecurityScan();

package main

import (
    "bytes"
    "encoding/json"
    "fmt"
    "net/http"
)

func main() {
    // Prepare the request
    payload := map[string]interface{}{
        "target": "example.com",
        "scanner_type": "openvas",
        "scan_config": map[string]string{
            "scan_profile": "full_and_fast",
            "port_range": "default",
        },
    }

    jsonData, _ := json.Marshal(payload)

    req, _ := http.NewRequest("POST",
        "https://api.secably.com/v1/scans/create",
        bytes.NewBuffer(jsonData))

    req.Header.Set("Authorization", "Bearer YOUR_API_KEY")
    req.Header.Set("Content-Type", "application/json")

    // Send the request
    client := &http.Client{}
    resp, _ := client.Do(req)
    defer resp.Body.Close()

    // Parse response
    var result map[string]interface{}
    json.NewDecoder(resp.Body).Decode(&result)

    fmt.Printf("Scan ID: %v\n", result["scan_id"])
}

Get Started in 3 Steps

Integrate security scanning in minutes, not days

No credit card required • Start with FREE scans

Sign Up & Get API Key

Create your free account - no credit card required

Go to API Dashboard

Access your JWT tokens instantly

Copy your JWT access token

Use it in Authorization header for all API requests

# Example: Get your stats
curl -X GET https://secably.com/api/v1/stats/ \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN"

# Response:
{
  "targets_count": 5,
  "scans_count": 12,
  "vulnerabilities_found": 47,
  "api_requests_used": 23,
  "api_requests_limit": 100,
  "scan_credits_remaining": 10
}

Free tier includes: 100 API requests + unlimited FREE scans (Nmap quick & SSLyze)

Create Target & Scan

Add your target and start scanning with your preferred scanner

# Add target
curl -X POST https://secably.com/api/v1/targets/ \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "My Website",
    "target_value": "example.com",
    "target_type": "hostname"
  }'

# Start a FREE Nmap quick scan
curl -X POST https://secably.com/api/v1/nmap/scan/ \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "target_id": 1,
    "scan_config": {
      "scan_type": "tcp_syn",
      "port_range": "top_1000"
    }
  }'
# Returns: credits_used: 0 (FREE!)

💡 Tip: Nmap quick scans are 100% FREE and don't use credits!

Get Results

Check scan status and retrieve detailed security findings

# Check scan status
curl https://secably.com/api/v1/scans/12345/ \
  -H "Authorization: Bearer YOUR_TOKEN"

# Response includes:
{
  "id": 12345,
  "status": "completed",
  "scanner_type": "nmap",
  "credits_used": 0,
  "credits_remaining": 10,
  "findings": [
    {
      "port": 443,
      "service": "https",
      "state": "open"
    },
    {
      "port": 80,
      "service": "http",
      "state": "open"
    }
  ],
  "started_at": "2025-10-01T10:00:00Z",
  "completed_at": "2025-10-01T10:01:23Z"
}

Pro tip: Use webhooks for real-time notifications when scans complete

< 2 min

Average integration time

5+ scanners

Nmap, SSLyze, OpenVAS, ZAP, Nuclei

FREE

Quick scans • No credit card

Built for Developers

Everything you need to integrate security scanning

RESTful API

Clean, intuitive REST API with predictable resource-oriented URLs and standard HTTP codes

Real-time Webhooks

Get instant notifications when scans complete with configurable webhook endpoints

20+ Scanners

OpenVAS, Nmap, SSLyze, ZAP, Nuclei and more - all through a single API

Rate Limiting

Intelligent rate limiting and queueing to ensure consistent performance

Global Infrastructure

Distributed scanning nodes worldwide for optimal performance and reliability

SDKs & Libraries

Official SDKs for Python, Node.js, Go, Ruby, PHP, and more languages

Powerful API Endpoints

Complete control over your security scanning workflow

Scan Management

POST /v1/scans/create

GET /v1/scans/{id}

GET /v1/scans

DELETE /v1/scans/{id}/cancel

Target Management

POST /v1/targets

GET /v1/targets/{id}

PUT /v1/targets/{id}

DELETE /v1/targets/{id}

Asset Discovery

POST /v1/asm/domains/{id}/discovery

GET /v1/asm/domains/{id}/assets

POST /v1/asm/assets/{id}/scan

Reporting & Export

GET /v1/scans/{id}/export

GET /v1/scans/{id}/vulnerabilities

POST /v1/webhooks/configure

View Full API Documentation

Simple, Transparent Pricing

Pay only for what you use. Free scans included. 70-85% cheaper than competitors.

Nmap quick & SSLyze scans are 100% FREE

Free Developer

Start building

$0 /mo

100 API req/month
0 scan credits
5 targets
FREE scans unlimited

Start Free

Indie Maker

For side projects

$9 /mo

2,000 API req/mo
10 scan credits
20 targets
All scanners

POPULAR

Startup

Growing apps

$29 /mo

10,000 API req/mo
50 scan credits
100 targets
Priority support

Business

Production apps

$99 /mo

50,000 API req/mo
200 scan credits
500 targets
Webhooks & SLA

Enterprise

Custom needs

$299 /mo

Unlimited API
1,000 scan credits
Unlimited targets
24/7 support

Contact Sales