Scanverra

API Reference

Scanverra REST API - available on Pro, Team & Enterprise plans

Integrate Scanverra's audit, security, browser, and repo scanning tools into your CI/CD pipelines, dashboards, and internal tooling. All endpoints accept JSON and return JSON. Results are identical to what you see in the UI.

Base URL

https://www.scanverra.com

Don't have an API key? Generate one in your API Keys settings →

Authentication

Pass your API key on every request using one of the two supported methods.

X-API-Key (recommended)

Survives HTTP redirects. Always use this header.

X-API-Key: sk_live_...

Authorization: Bearer

May be stripped on www-redirect. Use --location-trusted with curl.

Authorization: Bearer sk_live_...

Redirect note: scanverra.com redirects to www.scanverra.com with HTTP 308. Some clients (including curl by default) strip the Authorization header when following cross-domain redirects. Always use the X-API-Key header, or target www.scanverra.com directly.

Endpoints

All endpoints accept POST with a JSON body and Content-Type: application/json.

POST/api/auditsynchronous

Website Audit - Performance scores, SEO issues, and AI recommendations

Request body

{
  "url": "https://example.com"
}

Response

{
  "reportId": "clxyz...",
  "scores": {
    "performance": 91,
    "seo": 87,
    "accessibility": 100,
    "bestPractices": 95
  },
  "issues": [...],
  "fixes": [...],
  "aiSummary": "..."
}

Example

curl -X POST https://www.scanverra.com/api/audit \
  -H "X-API-Key: sk_live_..." \
  -H "Content-Type: application/json" \
  -d '{"url":"https://example.com"}'
POST/api/security-scansynchronous

Security Scan - headers, SSL, risk score, exposed files

Request body

{
  "url": "https://example.com"
}

Response

{
  "scanId": "clxyz...",
  "riskScore": 72,
  "findings": [...],
  "headers": {...},
  "sslInfo": {...},
  "suggestions": [...],
  "aiSummary": "..."
}

Example

curl -X POST https://www.scanverra.com/api/security-scan \
  -H "X-API-Key: sk_live_..." \
  -H "Content-Type: application/json" \
  -d '{"url":"https://example.com"}'
POST/api/browser-testsynchronous

Browser Test - JS errors, broken links, form issues, screenshots

Request body

{
  "url": "https://example.com"
}

Response

{
  "testId": "clxyz...",
  "pagesVisited": 3,
  "jsErrors": [...],
  "brokenLinks": [...],
  "formIssues": [...],
  "suggestions": [...],
  "aiSummary": "..."
}

Example

curl -X POST https://www.scanverra.com/api/browser-test \
  -H "X-API-Key: sk_live_..." \
  -H "Content-Type: application/json" \
  -d '{"url":"https://example.com"}'
POST/api/repo/scanasync

Repo Scanner - code quality, security issues, AI fixes (GitHub)

Repo scans run asynchronously and return only a scanId immediately. View results at https://www.scanverra.com/repo?scan={scanId} or poll the dashboard. Your GitHub account must be connected in Scanverra settings.

Request body

{
  "owner": "your-org",
  "repo": "your-repo",
  "branch": "main"
}

Response (immediate)

{
  "scanId": "clxyz..."
}

Example

curl -X POST https://www.scanverra.com/api/repo/scan \
  -H "X-API-Key: sk_live_..." \
  -H "Content-Type: application/json" \
  -d '{"owner":"acme","repo":"website","branch":"main"}'

Error Codes

All error responses include an error string in the JSON body.

StatusMeaning
400Bad request - missing or invalid input
401Unauthorized - missing or invalid API key
402Payment required - quota exceeded
500Server error - scan failed internally

Limits & Behavior

API keys per account

10 max

Scan history retention

Unlimited for API key users

Quota checks

Bypassed for API key (enterprise) users

Usage tracking

Per-key call counter in your API Keys settings

Ready to integrate?

Generate an API key and run your first programmatic scan in under 2 minutes.

API KeysContact support