Authentication
All API requests require an API-KEY header. Generate keys from Settings → API Keys in your dashboard. Each key is shown once on creation — store it securely. Multiple keys can be created and revoked independently.
POST /api/scan
API-KEY: your_api_key
Content-Type: multipart/form-data
file=@document.pdfRate limits
The API is rate-limited to 60 requests per minute per API key. Batch endpoints accept up to 500 items per request, so a single call can process hundreds of URLs or emails within the rate limit.
Endpoints
| Method | Endpoint | Description |
|---|---|---|
| POST | /api/scan | Scan a file (PDF or Office document) |
| POST | /api/scan/url | Scan a single URL for threats |
| POST | /api/scan/email | Scan a single email address |
| POST | /api/submit-phishing-link | Submit a suspected phishing URL for review |
| GET | /api/monitors | List your Brand Monitor entries |
| POST | /api/monitors | Create a Brand Monitor |
| DELETE | /api/monitors/{id} | Delete a Brand Monitor |
| PATCH | /api/monitors/{id}/toggle | Pause or resume a Brand Monitor |
Credit usage
Credits are consumed per item scanned and shared across your workspace:
| Scan type | Credits |
|---|---|
| 1 credit | |
| URL | 5 credits |
| File / document | 20 credits |
Requests fail gracefully with an informative error if your credit balance is insufficient.
Batch scanning (web interface)
The web interface supports batches of up to 500 URLs or email addresses at a time via CSV or Excel upload. The API scans one item per request — use webhooks to handle results asynchronously at scale.
OpenAPI documentation
Full API reference is available in OpenAPI format. View the OpenAPI docs →