SecAbly API

Integrate powerful security scanning capabilities into your applications with our comprehensive REST API. Built for developers, designed for scale.

Quick Start Interactive Docs ReDoc
JWT Authentication Rate Limited RESTful
Table of Contents

🚀 Quick Start

Get started with the SecAbly API in minutes. Our REST API allows you to integrate security scanning into your applications and workflows.

Base URL
https://secably.com/api/v1/
Try It Now

Test our API with a simple request to get available plans:

🔐 Authentication

The SecAbly API uses JWT (JSON Web Tokens) for authentication. Include your access token in the Authorization header for all authenticated requests.

POST Register User
POST /auth/register/ Content-Type: application/json { "email": "user@example.com", "first_name": "John", "last_name": "Doe", "password": "secure_password123!", "password_confirm": "secure_password123!" }
POST Login
POST /auth/login/ Content-Type: application/json { "email": "user@example.com", "password": "secure_password123!" }
Response:
{ "access": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9...", "refresh": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9...", "user": { "user_email": "user@example.com", "subscription_type": "free", "sites_limit": 1, "scans_per_month": 1 } }
Using Your Token

Include the access token in all authenticated requests:

Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9...

📋 API Endpoints

Authentication

User registration, login, and token management.

  • POST /auth/register/
  • POST /auth/login/
  • POST /auth/refresh/
  • POST /auth/change-password/
User Management

Profile management and user statistics.

  • GET /profile/
  • PATCH /profile/
  • GET /stats/
  • GET /subscription/
Target Management

CRUD operations for scan targets (IPs, URLs, hostnames, ranges).

  • GET /targets/
  • POST /targets/
  • GET /targets/{id}/
  • POST /targets/{id}/scan/
Scan Results

Access and manage security scan results.

  • GET /scans/
  • POST /scans/create/
  • POST /scans/{id}/export/
  • POST /scans/{id}/cancel/
Security Scanners

Specialized scanner endpoints (Nmap, SSLyze, ZAP, OpenVAS).

  • POST /nmap/scan/
  • POST /sslyze/scan/
  • POST /openvas/scan/
  • GET /nmap/scan/{id}/

👤 User Management

GET Get User Profile
GET /profile/ Authorization: Bearer
Response: 200 OK
{ "user_email": "user@example.com", "user_first_name": "John", "user_last_name": "Doe", "subscription_type": "pro", "sites_limit": 10, "scans_per_month": 100, "monthly_usage": 15, "can_add_site": true, "sites_count": 5 }
GET Get User Statistics
GET /stats/ Authorization: Bearer
Response: 200 OK
{ "user": { "id": 123, "email": "user@example.com", "date_joined": "2024-01-01T00:00:00Z" }, "subscription": { "type": "pro", "status": "active" }, "usage": { "targets_count": 5, "targets_limit": 10, "monthly_scans_used": 15, "monthly_scans_limit": 100 }, "recent_activity": { "latest_scans": [...], "active_targets": 5 } }

🎯 Target Management

POST Add Target
POST /targets/ Authorization: Bearer Content-Type: application/json { "name": "Production Server", "target_value": "192.168.1.100", "description": "Main production server" }
Response: 201 Created
{ "id": 456, "url": "https://example.com", "name": "My Website", "scan_frequency": "manual", "active": true, "created_at": "2024-01-01T00:00:00Z", "latest_scan": null, "risk_level": null, "can_scan": true }
POST Start Target Scan
POST /targets/456/scan/ Authorization: Bearer
Response: 200 OK
{ "scan_id": 789, "status": "pending", "message": "Scan started successfully" }

🔍 Scan Results

GET Get Scan Details
GET /scans/789/ Authorization: Bearer
Response: 200 OK
{ "id": 789, "website_name": "My Website", "website_url": "https://example.com", "status": "completed", "risk_level": "medium", "vulnerabilities_found": 5, "security_score": 75, "vulnerabilities_by_risk": { "High": 1, "Medium": 2, "Low": 2, "Informational": 0 }, "vulnerabilities_list": [ { "name": "Missing Security Headers", "risk": "Medium", "description": "...", "solution": "..." } ] }

🔧 Security Scanners

POST Nmap Network Scan

Perform network port scanning and service detection.

POST /nmap/scan/ Authorization: Bearer <api_key> Content-Type: application/json { "target_id": 123, "scan_config": { "scan_type": "full", "port_range": "1-1000", "aggressive": false } }
Response: 201 Created
{ "scan_id": 5309, "status": "queued", "message": "Nmap scan started successfully", "scan_type": "nmap" }
Get Nmap Scan Results
GET /nmap/scan/5309/ Authorization: Bearer <api_key>
{ "id": 5309, "status": "completed", "target": "secably.com", "scan_type": "nmap", "started_at": "2025-10-01T10:15:00Z", "completed_at": "2025-10-01T10:15:04Z", "duration": 4.46, "security_score": 94, "vulnerabilities_found": 2, "scan_result": { "open_ports": [ { "port": 80, "protocol": "tcp", "service": "http", "state": "open" }, { "port": 443, "protocol": "tcp", "service": "https", "state": "open" } ], "host_info": { "status": "up", "latency": "0.025s" } } }
POST SSLyze TLS/SSL Scan

Analyze SSL/TLS configurations and certificate validity.

POST /sslyze/scan/ Authorization: Bearer <api_key> Content-Type: application/json { "target_id": 123, "scan_config": { "check_certificate": true, "check_tls_versions": true, "check_cipher_suites": true } }
Response: 201 Created
{ "scan_id": 5310, "status": "queued", "message": "SSLyze scan started successfully", "scan_type": "sslyze" }
Get SSLyze Scan Results
GET /sslyze/scan/5310/ Authorization: Bearer <api_key>
{ "id": 5310, "status": "completed", "target": "secably.com", "scan_type": "sslyze", "started_at": "2025-10-01T10:15:10Z", "completed_at": "2025-10-01T10:15:13Z", "duration": 3.62, "security_score": 100, "vulnerabilities_found": 0, "scan_result": { "certificate_info": { "valid": true, "issuer": "Let's Encrypt", "expires": "2025-12-31T23:59:59Z" }, "tls_versions": { "tls_1_2": true, "tls_1_3": true, "ssl_3_0": false }, "vulnerabilities": [] } }
POST OWASP ZAP Web Scan

Comprehensive web application security testing.

POST /scans/create/ Authorization: Bearer <api_key> Content-Type: application/json { "website_id": 456, "scanner_type": "zap", "scan_config": { "scan_mode": "baseline", "spider_enabled": true } }
Response: 201 Created
{ "scan_id": 5311, "status": "running", "message": "ZAP scan started successfully", "scan_type": "zap", "estimated_duration": "15-20 minutes" }
POST OpenVAS Vulnerability Scan

Enterprise-grade vulnerability assessment.

POST /openvas/scan/ Authorization: Bearer <api_key> Content-Type: application/json { "target_id": 123, "scan_config": { "scan_profile": "full_and_fast", "port_list": "all_tcp" } }
Response: 201 Created
{ "scan_id": 5312, "status": "queued", "message": "OpenVAS scan started successfully", "scan_type": "openvas" }
POST Export Scan Results

Export scan results in PDF, JSON, or CSV format.

POST /scans/5309/export/ Authorization: Bearer <api_key> Content-Type: application/json { "format": "pdf" }
Response: 200 OK

Returns PDF file as binary data with Content-Type: application/pdf

Supported formats:

  • pdf - Professional PDF report
  • json - Structured JSON data
  • csv - CSV spreadsheet

⚡ Rate Limits

The API implements rate limiting to ensure fair usage and system stability.

Rate Limit Tiers
  • Anonymous users: 100 requests per hour
  • Authenticated users: 1000 requests per hour
  • Scan operations: 10 scans per hour
  • Registration: 5 registrations per hour
  • Login attempts: 20 attempts per hour

Rate limit headers are included in all responses:

X-RateLimit-Limit: 1000 X-RateLimit-Remaining: 999 X-RateLimit-Reset: 1234567890

💳 Credits & Pricing

SecAbly uses a hybrid pricing model combining API request limits and scan credits for resource-intensive operations.

Free Scans: Nmap quick scans and SSLyze scans are completely FREE and only use your API request quota.
Pricing Plans
Plan Price/Month API Requests Scan Credits Targets
Free Developer $0 100/month 0 5
Indie Maker $9 2,000/month 10 20
Startup Popular $29 10,000/month 50 100
Business $99 50,000/month 200 500
Enterprise $299 Unlimited 1,000 Unlimited
Scan Credit Costs
Scanner Credits Duration Description
Nmap Quick FREE ~1 min Fast port scan (top 1000 ports)
Nmap Full 1 ~5 min Comprehensive scan (all 65535 ports)
SSLyze FREE ~1 min SSL/TLS security analysis
Nuclei Quick 2 ~3 min Fast template-based scanning
Nuclei Full 3 ~10 min Complete vulnerability templates
OWASP ZAP Baseline 5 ~20 min Basic web application security scan
OWASP ZAP Full 10 ~45 min Complete web app penetration test
OpenVAS Discovery 10 ~30 min Network discovery & basic vuln assessment
OpenVAS Full & Fast 15 ~60 min Comprehensive vulnerability scan
OpenVAS Deep 20 ~120 min Thorough deep vulnerability assessment
Response Format

All scan endpoints return credit usage information:

{ "scan_id": 12345, "scanner_type": "nmap", "status": "pending", "credits_used": 1, "credits_remaining": 49, "created_at": "2025-10-01T12:00:00Z" }
Error Handling

When you have insufficient credits, the API returns a 402 Payment Required status:

{ "error": "Insufficient scan credits", "required": 10, "available": 5, "monthly_credits": 5, "purchased_credits": 0, "scanner_type": "openvas", "scan_profile": "discovery", "upgrade_url": "/pricing/" }

💻 Code Examples

import requests # Login response = requests.post('https://secably.com/api/v1/auth/login/', json={ 'email': 'user@example.com', 'password': 'password123' }) token = response.json()['access'] # Add target headers = {'Authorization': f'Bearer {token}'} response = requests.post('https://secably.com/api/v1/targets/', headers=headers, json={ 'name': 'Production Server', 'target_value': '192.168.1.100', 'description': 'Main server' } ) target_id = response.json()['id'] # Start scan using enhanced API response = requests.post('https://secably.com/api/v1/scans/create/', headers=headers, json={ 'target_id': target_id, 'scanner_type': 'nmap', 'scan_config': {'scan_type': 'fast'} } ) scan_id = response.json()['scan_id'] # Check scan status response = requests.get(f'https://secably.com/api/v1/scans/{scan_id}/', headers=headers ) scan_result = response.json() print(f"Scan status: {scan_result['status']}")
const axios = require('axios'); const api = axios.create({ baseURL: 'https://secably.com/api/v1/', headers: { 'Content-Type': 'application/json' } }); // Login const loginResponse = await api.post('auth/login/', { email: 'user@example.com', password: 'password123' }); // Set authorization header api.defaults.headers.common['Authorization'] = `Bearer ${loginResponse.data.access}`; // Add website and start scan const websiteResponse = await api.post('websites/', { url: 'https://example.com', name: 'My Website' }); const scanResponse = await api.post(`websites/${websiteResponse.data.id}/scan/`); console.log('Scan started:', scanResponse.data.scan_id); // Check scan status const scanDetails = await api.get(`scans/${scanResponse.data.scan_id}/`); console.log('Scan status:', scanDetails.data.status);
# Use your API key (get it from your profile page) API_KEY="your_api_key_here" # Get user profile curl -X GET https://secably.com/api/v1/profile/ \ -H "Authorization: Bearer $API_KEY" # Get user statistics curl -X GET https://secably.com/api/v1/stats/ \ -H "Authorization: Bearer $API_KEY" # Create a target curl -X POST https://secably.com/api/v1/targets/ \ -H "Authorization: Bearer $API_KEY" \ -H "Content-Type: application/json" \ -d '{"name":"My Website","target_value":"example.com","target_type":"hostname","description":"Production website"}' # List your targets curl -X GET https://secably.com/api/v1/targets/ \ -H "Authorization: Bearer $API_KEY" # Start Nmap scan curl -X POST https://secably.com/api/v1/nmap/scan/ \ -H "Authorization: Bearer $API_KEY" \ -H "Content-Type: application/json" \ -d '{"target_id":1,"scan_config":{"scan_type":"full","port_range":"1-1000"}}' # Start SSLyze scan curl -X POST https://secably.com/api/v1/sslyze/scan/ \ -H "Authorization: Bearer $API_KEY" \ -H "Content-Type: application/json" \ -d '{"target_id":1,"scan_config":{"check_certificate":"true","check_tls_versions":"true"}}' # Check Nmap scan status curl -X GET https://secably.com/api/v1/nmap/scan/5309/ \ -H "Authorization: Bearer $API_KEY" # Check SSLyze scan status curl -X GET https://secably.com/api/v1/sslyze/scan/5310/ \ -H "Authorization: Bearer $API_KEY" # Export scan results as PDF curl -X POST https://secably.com/api/v1/scans/5309/export/ \ -H "Authorization: Bearer $API_KEY" \ -H "Content-Type: application/json" \ -d '{"format":"pdf"}' \ --output scan_report.pdf

📚 SDKs & Libraries

While we don't have official SDKs yet, our REST API works with any HTTP client library. Here are some recommended libraries for different languages:

Python

requests
httpx
aiohttp

JavaScript

axios
fetch API
got

Command Line

curl
HTTPie
wget

💬 Support

Documentation

Comprehensive API documentation with interactive examples.

View Interactive Docs
Contact Support

Need help? Our team is here to assist you.

Contact Us
99.9% Uptime

Reliable and always available

Fast Response

Sub-second API response times

Secure

Enterprise-grade security