SecAbly API

Integrate powerful security scanning capabilities into your applications with our comprehensive REST API. Built for developers, designed for scale.

Quick Start Interactive Docs ReDoc
JWT Authentication Rate Limited RESTful
Table of Contents

🚀 Quick Start

Get started with the SecAbly API in minutes. Our REST API allows you to integrate security scanning into your applications and workflows.

Base URL
https://secably.com/api/v1/
Try It Now

Test our API with a simple request to get available plans:

🔐 Authentication

The SecAbly API uses JWT (JSON Web Tokens) for authentication. Include your access token in the Authorization header for all authenticated requests.

POST Register User
POST /auth/register/ Content-Type: application/json { "email": "user@example.com", "first_name": "John", "last_name": "Doe", "password": "secure_password123!", "password_confirm": "secure_password123!" }
POST Login
POST /auth/login/ Content-Type: application/json { "email": "user@example.com", "password": "secure_password123!" }
Response:
{ "access": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9...", "refresh": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9...", "user": { "user_email": "user@example.com", "subscription_type": "free", "sites_limit": 1, "scans_per_month": 1 } }
Using Your Token

Include the access token in all authenticated requests:

Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9...

📋 API Endpoints

Authentication

User registration, login, and token management.

  • POST /auth/register/
  • POST /auth/login/
  • POST /auth/refresh/
  • POST /auth/change-password/
User Management

Profile management and user statistics.

  • GET /profile/
  • PATCH /profile/
  • GET /stats/
  • GET /subscription/
Target Management

CRUD operations for scan targets (IPs, URLs, hostnames, ranges).

  • GET /targets/
  • POST /targets/
  • GET /targets/{id}/
  • POST /targets/{id}/scan/
Scan Results

Access and manage security scan results.

  • GET /scans/
  • GET /scans/{id}/
  • POST /scans/{id}/cancel/
  • GET /plans/

👤 User Management

GET Get User Profile
GET /profile/ Authorization: Bearer
Response: 200 OK
{ "user_email": "user@example.com", "user_first_name": "John", "user_last_name": "Doe", "subscription_type": "pro", "sites_limit": 10, "scans_per_month": 100, "monthly_usage": 15, "can_add_site": true, "sites_count": 5 }
GET Get User Statistics
GET /stats/ Authorization: Bearer
Response: 200 OK
{ "user": { "id": 123, "email": "user@example.com", "date_joined": "2024-01-01T00:00:00Z" }, "subscription": { "type": "pro", "status": "active" }, "usage": { "targets_count": 5, "targets_limit": 10, "monthly_scans_used": 15, "monthly_scans_limit": 100 }, "recent_activity": { "latest_scans": [...], "active_targets": 5 } }

🎯 Target Management

POST Add Target
POST /targets/ Authorization: Bearer Content-Type: application/json { "name": "Production Server", "target_value": "192.168.1.100", "description": "Main production server" }
Response: 201 Created
{ "id": 456, "url": "https://example.com", "name": "My Website", "scan_frequency": "manual", "active": true, "created_at": "2024-01-01T00:00:00Z", "latest_scan": null, "risk_level": null, "can_scan": true }
POST Start Target Scan
POST /targets/456/scan/ Authorization: Bearer
Response: 200 OK
{ "scan_id": 789, "status": "pending", "message": "Scan started successfully" }

🔍 Scan Results

GET Get Scan Details
GET /scans/789/ Authorization: Bearer
Response: 200 OK
{ "id": 789, "website_name": "My Website", "website_url": "https://example.com", "status": "completed", "risk_level": "medium", "vulnerabilities_found": 5, "security_score": 75, "vulnerabilities_by_risk": { "High": 1, "Medium": 2, "Low": 2, "Informational": 0 }, "vulnerabilities_list": [ { "name": "Missing Security Headers", "risk": "Medium", "description": "...", "solution": "..." } ] }

⚡ Rate Limits

The API implements rate limiting to ensure fair usage and system stability.

Rate Limit Tiers
  • Anonymous users: 100 requests per hour
  • Authenticated users: 1000 requests per hour
  • Scan operations: 10 scans per hour
  • Registration: 5 registrations per hour
  • Login attempts: 20 attempts per hour

Rate limit headers are included in all responses:

X-RateLimit-Limit: 1000 X-RateLimit-Remaining: 999 X-RateLimit-Reset: 1234567890

💻 Code Examples

import requests # Login response = requests.post('https://secably.com/api/v1/auth/login/', json={ 'email': 'user@example.com', 'password': 'password123' }) token = response.json()['access'] # Add target headers = {'Authorization': f'Bearer {token}'} response = requests.post('https://secably.com/api/v1/targets/', headers=headers, json={ 'name': 'Production Server', 'target_value': '192.168.1.100', 'description': 'Main server' } ) target_id = response.json()['id'] # Start scan using enhanced API response = requests.post('https://secably.com/api/v1/scans/create/', headers=headers, json={ 'target_id': target_id, 'scanner_type': 'nmap', 'scan_config': {'scan_type': 'fast'} } ) scan_id = response.json()['scan_id'] # Check scan status response = requests.get(f'https://secably.com/api/v1/scans/{scan_id}/', headers=headers ) scan_result = response.json() print(f"Scan status: {scan_result['status']}")
const axios = require('axios'); const api = axios.create({ baseURL: 'https://secably.com/api/v1/', headers: { 'Content-Type': 'application/json' } }); // Login const loginResponse = await api.post('auth/login/', { email: 'user@example.com', password: 'password123' }); // Set authorization header api.defaults.headers.common['Authorization'] = `Bearer ${loginResponse.data.access}`; // Add website and start scan const websiteResponse = await api.post('websites/', { url: 'https://example.com', name: 'My Website' }); const scanResponse = await api.post(`websites/${websiteResponse.data.id}/scan/`); console.log('Scan started:', scanResponse.data.scan_id); // Check scan status const scanDetails = await api.get(`scans/${scanResponse.data.scan_id}/`); console.log('Scan status:', scanDetails.data.status);
# Login curl -X POST https://secably.com/api/v1/auth/login/ \ -H "Content-Type: application/json" \ -d '{"email":"user@example.com","password":"password123"}' # Save the token from the response and use it in subsequent requests TOKEN="your_access_token_here" # Add target curl -X POST https://secably.com/api/v1/targets/ \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d '{"name":"Production Server","target_value":"192.168.1.100","description":"Main server"}' # Start scan (replace 1 with actual target ID) curl -X POST https://secably.com/api/v1/scans/create/ \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d '{"target_id":1,"scanner_type":"nmap","scan_config":{"scan_type":"fast"}}' # Check scan status (replace 1 with actual scan ID) curl -X GET https://secably.com/api/v1/scans/1/ \ -H "Authorization: Bearer $TOKEN"

📚 SDKs & Libraries

While we don't have official SDKs yet, our REST API works with any HTTP client library. Here are some recommended libraries for different languages:

Python

requests
httpx
aiohttp

JavaScript

axios
fetch API
got

Command Line

curl
HTTPie
wget

💬 Support

Documentation

Comprehensive API documentation with interactive examples.

View Interactive Docs
Contact Support

Need help? Our team is here to assist you.

Contact Us
99.9% Uptime

Reliable and always available

Fast Response

Sub-second API response times

Secure

Enterprise-grade security