API Documentation
Programmatic access to SentrAI's security scanning engine. Run scans, retrieve results, and integrate into your workflows.
Authentication
All API requests require a Bearer token in the Authorization header. Generate your API key from Dashboard → Settings.
API keys are hashed before storage. Save your key when generated — it cannot be retrieved later.
Rate Limits
100 requests per hour per API key. Rate limit headers are included in every response.
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 97
X-RateLimit-Reset: 1716076800
POST/api/v1/scan
Run a passive security scan on a domain. Returns risk score, findings, and positive indicators.
Request
Response (200 OK)
Error Responses
401 Invalid or missing API key
403 Plan does not include API access
400 Invalid domain format
429 Rate limit exceeded
502 Scan failed (domain unreachable)
Key Management
GET/api/v1/key
Check if you have an active API key. Requires Clerk session auth.
POST/api/v1/key
Generate a new API key. Returns the plaintext key once — save it immediately.
What's Scanned
Each scan checks these areas (passive, non-intrusive):
Support
Questions about the API? Email hello@sentrai.co.uk or book a call.