Skip to main content
[ DOCS · API REFERENCE ]

API Reference

BASE URL · https://api.shieldpi.io

Authentication

All endpoints require a Bearer token. Obtain one by logging in:

POST /api/auth/login
Content-Type: application/json

{
  "email": "you@example.com",
  "password": "your-password"
}

# Response
{
  "access_token": "eyJhbG...",
  "token_type": "bearer"
}

Include the token in subsequent requests:

Authorization: Bearer eyJhbG...

Targets

List Targets

GET /api/targets

# Response
{
  "targets": [
    {
      "id": "uuid",
      "name": "My Chatbot",
      "url": "https://chat.example.com",
      "scan_mode": "browser",
      "created_at": "2026-04-01T12:00:00Z"
    }
  ]
}

Create Target

POST /api/targets
Content-Type: application/json

{
  "name": "Production API",
  "url": "https://api.example.com/v1/chat",
  "scan_mode": "api",
  "api_format": "openai",
  "api_key": "sk-..."
}

Scans

Create Scan

POST /api/scans
Content-Type: application/json

{
  "target_id": "uuid"
}

# Response (201 Created)
{
  "id": "scan-uuid",
  "status": "pending",
  "created_at": "2026-04-16T10:00:00Z"
}

Get Scan Status

GET /api/scans/{scan_id}/status

# Response
{
  "status": "running",
  "progress": 45,
  "phase": "amplify",
  "findings_so_far": 12
}

Get Scan Detail

GET /api/scans/{scan_id}

# Returns full scan with vulnerabilities list

Security Score

GET /api/scans/{scan_id}/score

# Response
{
  "overall_score": 85,
  "grade": "B+",
  "category_scores": { ... },
  "critical_count": 0,
  "high_count": 3
}

Compliance Evidence

GET /api/scans/{scan_id}/compliance-evidence

# Returns OWASP, NIST AI RMF, and SOC2 CC7 mappings

Reports

Download a scan report in multiple formats:

GET /api/scans/{scan_id}/report?format=pdf
GET /api/scans/{scan_id}/report?format=json
GET /api/scans/{scan_id}/report?format=csv
GET /api/scans/{scan_id}/report?format=markdown
GET /api/scans/{scan_id}/report?format=html

Format availability depends on your plan. Free: JSON only. Pro+: all formats.

CI/CD Integration

Trigger scans from your pipeline using the CI endpoint:

POST /api/ci/scan
X-API-Key: your-api-key
Content-Type: application/json

{
  "target_id": "uuid",
  "fail_threshold": 70
}

# Response
{
  "scan_id": "uuid",
  "status": "pending"
}

The fail_threshold field (0–100) causes the CI endpoint to return a non-200 status if the security score falls below the threshold.

Rate Limits

  • 120 requests per minute per IP
  • Scan creation is limited by your plan quota
  • Report downloads: 30 per hour