Website Security Scanning as an API

Integrate comprehensive security analysis into your applications, dashboards, and workflows. A single API call returns security scores, header analysis, TLS details, and actionable recommendations in structured JSON.

Get Your API KeyView API Docs
RESTStandard JSON API
< 5sAverage Response Time
50+Security Checks Per Scan

One call, complete security analysis

Send a URL, get back a full security assessment. The API evaluates HTTP security headers, TLS configuration, DNS records, and cookie security in a single request. The JSON response is structured and consistent, making it easy to parse and integrate into any application.

$ curl -X POST \

-H "X-API-Key: sss_your_key" \

https://api.sitesecurityscore.com/v1/scan \

-d ''{"url": "https://example.com"}''

{

"score": 87,

"grade": "B+",

"domains": {

"headers": { "score": 82, "grade": "B" },

"tls": { "score": 95, "grade": "A" },

"dns": { "score": 78, "grade": "C+" },

"cookies": { "score": 90, "grade": "A-" }

}

}

Flexible plans for every scale

Start with 50 free API calls per month. Scale to 1,000 calls on Pro or 6,000 on Business as your needs grow. All plans include the same comprehensive scan, with higher tiers offering faster rate limits and more API keys for team access.

API Plans

Free

50

calls/month

10 req/min

Popular

Pro

1,000

calls/month

30 req/min

Business

6,000

calls/month

60 req/min

Built for developers

Standard REST conventions, predictable JSON responses, and clear error codes. Generate up to 5 API keys per account, each with independent usage tracking. API keys use a simple header based authentication with no OAuth complexity.

Developer Features

RESTful JSON endpoints
API key authentication (X-API-Key header)
Consistent error responses
Up to 5 API keys per account
Rate limit headers in every response

How it works

01

Get your API key

Sign up and generate an API key from your dashboard. Your first 50 calls each month are free.

02

Send a scan request

POST a URL to the scan endpoint. The API returns a complete security assessment in JSON.

03

Integrate the results

Parse the response to power dashboards, alerts, reports, or CI/CD gates in your applications.

Frequently asked questions

How do I authenticate with the API?

Include your API key in the X-API-Key header with every request. You can generate API keys from your account dashboard. Each key is a unique string starting with sss_ followed by 40 characters. Keys can be revoked and regenerated at any time.

What does the API response include?

The API returns a JSON object with the overall security score (0 to 100), letter grade (A+ to F), and detailed breakdowns for each security domain: HTTP headers, TLS configuration, DNS security, and cookie attributes. Each domain includes its own score, grade, and list of individual findings with recommendations.

What are the rate limits and pricing tiers?

Free accounts get 50 API calls per month at 10 requests per minute. Pro ($9/month) includes 1,000 calls at 30 requests per minute. Business ($29/month) includes 6,000 calls at 60 requests per minute. All plans return the same comprehensive scan results. Rate limit status is included in response headers.

Can I use the API in production applications?

Yes. The API is designed for production use with consistent response formats, standard HTTP status codes, and predictable rate limiting. Common integrations include CI/CD pipelines, security dashboards, vendor assessment workflows, and automated compliance monitoring.

Related use cases

CI/CD Security TestingAgency Client ReportingWebsite Security Audit

Start building with the API

Generate your API key and make your first scan request in minutes. 50 free calls every month, no credit card required.

Get Your API Key