API Reference
The SecurityLayer REST API lets you manage targets, trigger scans, and retrieve vulnerability data programmatically. Available on Premium plans and above.
Authentication
All API requests require an API key passed in the X-API-Key header.
curl -H "X-API-Key: sl_your_api_key_here" \
https://www.securitylayer.app/api/v1/targets
https://www.securitylayer.app/api/v1/targets
Generate API keys from Settings → API Keys in the portal. Keys begin with sl_ and are shown once on creation.
Endpoints
| Method | Endpoint | Description |
|---|---|---|
GET |
/api/v1/targets | List all targets in the workspace |
POST |
/api/v1/targets | Create a new target |
GET |
/api/v1/targets/{id} | Get target details |
PUT |
/api/v1/targets/{id} | Update a target |
DELETE |
/api/v1/targets/{id} | Delete a target |
POST |
/api/v1/scans | Trigger a new scan |
GET |
/api/v1/scans/{id} | Get scan status and results |
GET |
/api/v1/vulnerabilities | List vulnerabilities (filterable by status, severity) |
GET |
/api/v1/vulnerabilities/{id} | Get vulnerability details |
POST |
/api/v1/vulnerabilities/{id}/accept | Accept a vulnerability |
POST |
/api/v1/vulnerabilities/{id}/resolve | Mark a vulnerability as resolved |
Webhooks
Configure webhooks to receive real-time notifications when events occur. Each webhook payload is signed with HMAC-SHA256 using your webhook secret.
Verify the signature by computing HMAC-SHA256(body, secret) and comparing it with the X-SecurityLayer-Signature header.
Available events:
scan.completed— a scan has finishedscan.failed— a scan has failedvulnerability.new— a new vulnerability was detectedvulnerability.resolved— a vulnerability was marked resolvedtarget.created— a new target was added