API Reference

The MCP Security Score API allows you to programmatically scan repositories and integrate security scanning into your CI/CD pipelines.

Overview

Base URL: https://mcpscanner.com/api/v1

Authentication: API key (Bearer token)

Rate Limits: Based on your subscription tier

Quick Start

# Create a scan
curl -X POST https://mcpscanner.com/api/v1/scan \
  -H "Authorization: Bearer mcp_sk_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{"url": "https://github.com/owner/repo"}'
 
# Get scan results
curl https://mcpscanner.com/api/v1/scan/scan_xxx \
  -H "Authorization: Bearer mcp_sk_your_api_key_here"

Available Endpoints

| Method | Endpoint | Description | |--------|----------|-------------| | POST | /api/v1/scan | Create a new scan | | GET | /api/v1/scan/:id | Get scan status and results | | GET | /api/v1/scans | List your scans |

API Access Requirements

API access requires a Pro subscription or higher:

| Tier | API Access | Rate Limit | |------|------------|------------| | Free | No | - | | Pro | Yes | 100 requests/day | | Team | Yes | 500 requests/day | | Enterprise | Yes | 10,000 requests/day |

Getting Your API Key

1. Go to Dashboard → Settings
2. Scroll to API Keys section
3. Click Create New Key
4. Copy and save your key (shown only once)

See Authentication for more details.

Response Format

All responses are JSON with consistent structure:

Success Response

{
  "id": "scan_xxx",
  "status": "complete",
  "url": "https://github.com/owner/repo",
  "score": 85,
  "grade": "B",
  // ... additional fields
}

Error Response

{
  "error": {
    "code": "INVALID_URL",
    "message": "Invalid GitHub URL provided",
    "details": "URL must be a valid GitHub repository URL"
  }
}

Common Error Codes

| Code | HTTP Status | Description | |------|-------------|-------------| | UNAUTHORIZED | 401 | Missing or invalid API key | | RATE_LIMIT_EXCEEDED | 429 | Rate limit exceeded | | INVALID_URL | 400 | Invalid repository URL | | REPO_NOT_FOUND | 404 | Repository not found | | PRIVATE_REPO | 403 | Private repository (not supported) | | INTERNAL_ERROR | 500 | Server error |

Rate Limiting

Rate limit information is included in response headers:

X-RateLimit-Limit: 100
X-RateLimit-Remaining: 99
X-RateLimit-Reset: 2024-01-02T00:00:00Z

See Rate Limits for handling strategies.

Next Steps

• Authentication - Setting up API keys
• Endpoints Reference - Detailed endpoint documentation
• Code Examples - Implementation examples
• Rate Limits - Handling rate limits