Developer API
Scan any site programmatically.
Same engine as the web scanner — TLS, headers, DNS/email signals, cookies, exposure — callable from your terminal, CI, or app. JSON in, JSON out. Free plan: 10 scans a day, no card required.
One curl, full scorecard
curl -X POST https://api.scorifya.com/api/v1/scan \
-H "Authorization: Bearer $SCORIFYA_API_KEY" \
-H "Content-Type: application/json" \
-d '{"url":"https://example.com"}'Returns the full ScanResult object — score, per-category breakdown, findings with severity and fix steps, plus the technical fingerprint.
What you get
- Same 0–100 hardening score as scorifya.com, with the same weights and methodology — no second engine, no surprise drift.
- Structured findings you can act on in CI: severity, category, points deducted, real-world risk, and ordered fix steps.
- No SDK lock-in. One POST endpoint, one JSON shape. Use any HTTP client.
Code samples
JavaScript (fetch)
const res = await fetch("https://api.scorifya.com/api/v1/scan", {
method: "POST",
headers: {
Authorization: `Bearer ${process.env.SCORIFYA_API_KEY}`,
"Content-Type": "application/json",
},
body: JSON.stringify({ url: "https://example.com", minScore: 80 }),
});
const result = await res.json();
console.log(result.score, result.label);Python (requests)
import os, requests
r = requests.post(
"https://api.scorifya.com/api/v1/scan",
headers={"Authorization": f"Bearer {os.environ['SCORIFYA_API_KEY']}"},
json={"url": "https://example.com", "minScore": 80},
timeout=120,
)
r.raise_for_status()
data = r.json()
print(data["score"], data["label"])Pricing
Free: 10 scans per day. Pro: 100 scans per day. Need more or want a contract? See pricing or contact us.
Ready to integrate?
Sign up free, create your first key, and run a scan in under a minute.
Common questions
How do I get an API key?
Sign up at /sign-up, then create one from Account → API keys. The plaintext key is shown once at creation; we store only a hashed copy. Each key starts with scrf_live_.
What's the rate limit?
Per-account daily quota: 10 scans/day on Free, 100/day on Pro. The response includes Retry-After when you hit the cap. Need higher volume? Talk to sales.
What does the response look like?
A JSON ScanResult with the overall score (0–100), a label (Excellent / Solid / Needs work / At risk / Broken), an array of categories, and a findings array. Optional minScore in the request gates the response — when the score falls below it, you get a 422 with ciFailed: true so a CI pipeline can fail fast.
Where can I get support?
Email us via /contact. Hours are Monday–Thursday, 8 AM–4 PM Pacific; we reply by the next business day.
What does Scorifya not do?
Scorifya runs a public, passive hardening scorecard — TLS posture, headers, DNS/email signals, cookie hygiene, exposure hints. It is not a penetration test, not a vulnerability scanner, and not a compliance certificate. Read the full methodology.