API Documentation
CyberSec-CLI API Documentation
Version: 1.0.0 • Base URL: http://localhost:8000/api/v1 • Authentication: API Key (Bearer Token)
Authentication
All API requests require authentication using an API key passed in the Authorization header.
Getting an API Key
POST /api/v1/auth/register
Content-Type: application/json
{
"email": "user@example.com",
"password": "securepassword123"
}Response:
{
"success": true,
"data": {
"user_id": "usr_abc123",
"api_key": "sk_live_abc123xyz789",
"expires_at": "2025-12-31T23:59:59Z"
}
}Using API Keys
GET /api/v1/scans
Authorization: Bearer sk_live_abc123xyz789Rate Limiting
Free Tier: 10 scans/day • 100 API requests/hour • 2 concurrent scans
Pro Tier: Unlimited scans • 1000 API requests/hour • 10 concurrent scans
Enterprise Tier: Unlimited everything • Custom rate limits
Rate Limit Headers
X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 998
X-RateLimit-Reset: 1640995200When rate limited:
{
"error": {
"code": "RATE_LIMIT_EXCEEDED",
"message": "Rate limit exceeded. Retry after 3600 seconds.",
"retry_after": 3600
}
}Response Format
Success Response
{
"success": true,
"data": {
// Response data here
},
"metadata": {
"timestamp": "2024-02-06T12:00:00Z",
"request_id": "req_abc123"
}
}Error Response
{
"success": false,
"error": {
"code": "INVALID_TARGET",
"message": "Target hostname is invalid",
"details": {
"field": "target",
"value": "invalid..host"
}
},
"metadata": {
"timestamp": "2024-02-06T12:00:00Z",
"request_id": "req_abc123"
}
}Error Codes
INVALID_API_KEY401 • API key is missing or invalid
RATE_LIMIT_EXCEEDED429 • Rate limit exceeded
INVALID_TARGET400 • Target hostname/IP is invalid
SCAN_NOT_FOUND404 • Scan ID not found
CONCURRENT_LIMIT_EXCEEDED429 • Too many concurrent scans
INTERNAL_ERROR500 • Server internal error
SCAN_TIMEOUT504 • Scan operation timed out
INSUFFICIENT_PERMISSIONS403 • Insufficient permissions
Endpoints
Scan Operations
Create New Scan
POST /api/v1/scans
Authorization: Bearer {api_key}
Content-Type: application/json
{
"target": "example.com",
"scan_type": "tcp",
"ports": "1-1000",
"options": {
"os_detection": true,
"service_detection": true,
"ssl_check": true,
"fast_mode": false
}
}Response:
{
"success": true,
"data": {
"scan_id": "scan_abc123",
"status": "queued",
"target": "example.com",
"created_at": "2024-02-06T12:00:00Z",
"estimated_duration": 120,
"websocket_url": "ws://localhost:8000/ws/scans/scan_abc123",
"sse_url": "http://localhost:8000/api/v1/scans/scan_abc123/stream"
}
}Get Scan Status
GET /api/v1/scans/{scan_id}
Authorization: Bearer {api_key}Response:
{
"success": true,
"data": {
"scan_id": "scan_abc123",
"status": "running",
"target": "example.com",
"scan_type": "tcp",
"progress": 45,
"started_at": "2024-02-06T12:00:00Z",
"estimated_completion": "2024-02-06T12:02:00Z",
"results": {
"open_ports": 12,
"closed_ports": 433,
"filtered_ports": 10
}
}
}Get Scan Results
GET /api/v1/scans/{scan_id}/results
Authorization: Bearer {api_key}Response:
{
"success": true,
"data": {
"scan_id": "scan_abc123",
"target": "example.com",
"scan_type": "tcp",
"started_at": "2024-02-06T12:00:00Z",
"completed_at": "2024-02-06T12:02:15Z",
"duration": 135,
"summary": {
"total_ports_scanned": 1000,
"open_ports": 12,
"closed_ports": 978,
"filtered_ports": 10
}
}
}List All Scans
GET /api/v1/scans
Authorization: Bearer {api_key}Cancel Scan
DELETE /api/v1/scans/{scan_id}
Authorization: Bearer {api_key}Results Management
Export Scan Results
GET /api/v1/scans/{scan_id}/export
Authorization: Bearer {api_key}Delete Scan Results
DELETE /api/v1/scans/{scan_id}/results
Authorization: Bearer {api_key}AI Assistant
Ask Security Question
POST /api/v1/ai/ask
Authorization: Bearer {api_key}
Content-Type: application/json
{
"question": "What does an open SSH port on 22 mean for security?",
"context": {
"scan_id": "scan_abc123"
}
}Explain Security Concept
POST /api/v1/ai/explain
Authorization: Bearer {api_key}
Content-Type: application/json
{
"concept": "port scanning",
"level": "beginner"
}Generate Security Report
POST /api/v1/ai/report
Authorization: Bearer {api_key}
Content-Type: application/json
{
"scan_id": "scan_abc123",
"report_type": "executive",
"include_sections": ["summary", "vulnerabilities", "recommendations"]
}System & Health
Health Check
GET /api/v1/healthGet System Statistics
GET /api/v1/stats
Authorization: Bearer {api_key}Get User Profile
GET /api/v1/user/profile
Authorization: Bearer {api_key}WebSocket API
Real-time bidirectional communication for live scan updates.
const ws = new WebSocket('ws://localhost:8000/ws/scans/scan_abc123?api_key=sk_live_abc123xyz789');
ws.onopen = () => {
console.log('Connected to scan stream');
};
ws.onmessage = (event) => {
const data = JSON.parse(event.data);
console.log('Scan update:', data);
};
ws.onerror = (error) => {
console.error('WebSocket error:', error);
};
ws.onclose = () => {
console.log('Disconnected from scan stream');
};Server-Sent Events (SSE)
One-way real-time updates, simpler than WebSockets.
const eventSource = new EventSource('http://localhost:8000/api/v1/scans/scan_abc123/stream?api_key=sk_live_abc123xyz789');
eventSource.addEventListener('progress', (event) => {
const data = JSON.parse(event.data);
console.log('Progress:', data.progress);
});
eventSource.addEventListener('port_found', (event) => {
const data = JSON.parse(event.data);
console.log('Port found:', data.port);
});
eventSource.addEventListener('complete', (event) => {
const data = JSON.parse(event.data);
console.log('Scan complete');
eventSource.close();
});
eventSource.onerror = (error) => {
console.error('SSE error:', error);
eventSource.close();
};Code Examples
Python Example
import requests
import json
API_KEY = "sk_live_abc123xyz789"
BASE_URL = "http://localhost:8000/api/v1"
headers = {
"Authorization": f"Bearer {API_KEY}",
"Content-Type": "application/json"
}
response = requests.post(
f"{BASE_URL}/scans",
headers=headers,
json={
"target": "example.com",
"scan_type": "tcp",
"ports": "1-1000",
"options": {
"service_detection": True,
"ssl_check": True
}
}
)
scan_data = response.json()
scan_id = scan_data["data"]["scan_id"]
print(f"Scan started: {scan_id}")JavaScript / Node.js Example
const axios = require('axios');
const API_KEY = 'sk_live_abc123xyz789';
const BASE_URL = 'http://localhost:8000/api/v1';
const headers = {
'Authorization': `Bearer ${API_KEY}`,
'Content-Type': 'application/json'
};
async function scanTarget(target) {
const scanResponse = await axios.post(`${BASE_URL}/scans`, {
target,
scan_type: 'tcp',
ports: '1-1000',
options: {
service_detection: true,
ssl_check: true
}
}, { headers });
const scanId = scanResponse.data.data.scan_id;
console.log(`Scan started: ${scanId}`);
}cURL Examples
curl -X POST http://localhost:8000/api/v1/scans \
-H "Authorization: Bearer sk_live_abc123xyz789" \
-H "Content-Type: application/json" \
-d '{
"target": "example.com",
"scan_type": "tcp",
"ports": "1-1000"
}'Best Practices
1. Always Handle Errors
try:
response = requests.post(url, headers=headers, json=data)
response.raise_for_status()
except requests.exceptions.HTTPError as e:
print(f"HTTP Error: {e.response.status_code}")
print(f"Details: {e.response.json()}")2. Use Streaming for Long-Running Scans
Use WebSocket or SSE instead of polling for better performance and real-time updates.
3. Implement Exponential Backoff
import time
retries = 0
max_retries = 5
backoff = 1
while retries < max_retries:
try:
response = requests.get(url, headers=headers)
break
except Exception as e:
retries += 1
time.sleep(backoff)
backoff *= 24. Cache Results When Possible
response = requests.get(
f"{BASE_URL}/scans?target=example.com&status=completed&sort=created_at&order=desc&per_page=1",
headers=headers
)5. Secure Your API Keys
- Never commit API keys to version control
- Use environment variables or secure vaults
- Rotate keys regularly
- Use different keys for development/production
Changelog
v1.0.0 (2024-02-06)
- Initial API release
- REST API endpoints for scan operations
- WebSocket and SSE support
- AI assistant endpoints
- Export functionality
Support
Documentation:
https://docs.cybersec-cli.comAPI Status:
https://status.cybersec-cli.comGitHub:
https://github.com/Yash7256/CyberSec-CLIEmail:
support@cybersec-cli.com© 2024 CyberSec-CLI | API Documentation v1.0.0