API

Scans

Start a scan against a target id and poll for status and findings.

List scans

GET https://api.slatesecurity.ai/api/v1/scans
Authorization: Bearer ba_...

# Optional: scans for one target
GET https://api.slatesecurity.ai/api/v1/scans?targetId=uuid-of-target

Returns scans newest first. Each row includes target URL and findings count.

{
  "scans": [
    {
      "id": "uuid",
      "target_id": "uuid",
      "target_url": "https://example.com",
      "status": "complete",
      "created_at": "2026-01-01T00:00:00.000Z",
      "started_at": "2026-01-01T00:01:00.000Z",
      "completed_at": "2026-01-01T00:10:00.000Z",
      "failure_reason": null,
      "findings_count": 4
    }
  ]
}

Start scan

POST https://api.slatesecurity.ai/api/v1/scans
Content-Type: application/json
Authorization: Bearer ba_...

{
  "targetId": "uuid-of-target"
}

Requires at least one scan credit. One credit is deducted when the scan job starts successfully.

Start scan responses

  • 201 Created { "scan": { "id", "status" } } (status begins as pending)
  • 402 — insufficient credits
  • 404 — target not found
  • 500 — failed to start scan job

Get scan

GET https://api.slatesecurity.ai/api/v1/scans/{scanId}
Authorization: Bearer ba_...

Returns scan fields plus findings with IDs and remediation steps:

  • Scan fields — status, started_at, completed_at, progress
  • findings — array of id, severity, name, url, template_id, description, remediation_steps

For the full AI-ready fix prompt and scanner evidence, use GET /api/v1/findings/:id.

Example

# Start
curl -sS -X POST https://api.slatesecurity.ai/api/v1/scans \
  -H "Authorization: Bearer $SLATE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"targetId":"YOUR_TARGET_ID"}'

# Poll
curl -sS https://api.slatesecurity.ai/api/v1/scans/SCAN_ID \
  -H "Authorization: Bearer $SLATE_API_KEY"