RFT Security API Documentation

Complete reference for the RFT Security API. Scan any website for SSL, security headers, and vulnerabilities.

Authentication

All API requests require an API key. Include it in the request headers:

X-API-Key: your_api_key
# OR
Authorization: Bearer your_api_key

Get your API key at /pricing.

Scan a Website

POST /api/scan

Run a complete security scan on any URL.

Request

{
  "url": "https://example.com"
}

Response

{
  "success": true,
  "url": "https://example.com",
  "scanned_at": "2024-01-15T12:00:00Z",
  "score": 85,
  "grade": "A",
  "ssl": {
    "valid": true,
    "protocol": "TLS"
  },
  "headers": {
    "Strict-Transport-Security": {
      "present": true,
      "value": "max-age=31536000",
      "description": "HSTS prevents downgrade attacks",
      "weight": 15
    },
    "Content-Security-Policy": {
      "present": true,
      "value": "default-src 'self'",
      "description": "CSP prevents XSS attacks",
      "weight": 20
    }
  },
  "performance": {
    "response_time_ms": 245,
    "status_code": 200,
    "rating": "excellent"
  },
  "vulnerabilities": [
    {
      "severity": "medium",
      "title": "Missing Permissions-Policy",
      "description": "Controls browser features",
      "recommendation": "Add the Permissions-Policy header"
    }
  ],
  "usage": {
    "scans_used": 15,
    "scans_limit": 500,
    "scans_remaining": 485
  }
}

Demo Scan (No Auth)

POST /api/demo

Try the API without an API key. Limited to 3 requests per hour per IP.

curl -X POST https://api.rftmedia.com/api/demo \
  -H "Content-Type: application/json" \
  -d '{"url": "https://example.com"}'

Check API Key Usage

GET /api/key

Check your current usage and quota.

{
  "plan": "developer",
  "scans_used": 150,
  "scans_limit": 500,
  "scans_remaining": 350,
  "created_at": "2024-01-01T00:00:00Z",
  "expires_at": "2024-02-01T00:00:00Z"
}

Error Codes

Status	Error	Description
401	API key required	No API key provided
401	Invalid API key	API key not found
401	API key expired	Key needs renewal
429	Quota exceeded	Monthly scans used up
429	Rate limit exceeded	Demo rate limit hit
400	Invalid URL	URL couldn't be parsed

Code Examples

Python

import requests

response = requests.post(
    'https://api.rftmedia.com/api/scan',
    headers={'X-API-Key': 'your_api_key'},
    json={'url': 'https://example.com'}
)
print(response.json())

JavaScript

const response = await fetch('https://api.rftmedia.com/api/scan', {
  method: 'POST',
  headers: {
    'X-API-Key': 'your_api_key',
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({ url: 'https://example.com' })
});
const data = await response.json();
console.log(data);

GitHub Actions

- name: Security Scan
  run: |
    curl -X POST https://api.rftmedia.com/api/scan \
      -H "X-API-Key: ${{ secrets.RFT_API_KEY }}" \
      -H "Content-Type: application/json" \
      -d '{"url": "https://my-site.com"}'