Skip to main content
POST
/
api
/
v1
/
scan
/
{target}
Initiate Scan
curl --request POST \
  --url https://vulnix0.com/api/v1/scan/{target} \
  --header 'Content-Type: application/json' \
  --header 'api-key: <api-key>' \
  --data '
{
  "web": true,
  "fuzzing": true,
  "follow_links": true,
  "exclude_paths": [
    "<string>"
  ],
  "cookies": "<string>",
  "proxy_usage": "<string>",
  "Authorization": "<string>",
  "openapi_spec": "<string>",
  "openai_spec": "<string>",
  "custom_headers": [
    {
      "name": "<string>",
      "value": "<string>"
    }
  ]
}
'
{
  "message": "Scan initiated for target: grok.com (scanning on domain: grok.com)",
  "reqid": "95e201b5-93bf-4218-8b96-6fb23b8874d3"
}

Authorizations

api-key
string
header
required

A unique API Key.

Headers

X-Org-Id
string

Organization ID to associate the scan with

Path Parameters

target
string
required

Target to scan (domain, IP, or URL)

Query Parameters

org_id
string

Organization ID to associate the scan with

Body

application/json

Optional advanced configuration for the scan

Advanced configuration options for initiating a scan. Useful for authenticated testing, api scanning, and fine-tuning crawler limits.

web
boolean

Enable web application scanning mode

fuzzing
boolean

Enable fuzzing for deeper discovery

follow_links
boolean

Follow links during crawling

exclude_paths
string[]

Paths to exclude from scanning (e.g., ['/logout', '/delete'])

cookies
string

Custom cookies to include in requests

proxy_usage
string

Proxy URL to route scan traffic through

Authorization
string

Authorization header value (e.g., Bearer token)

openapi_spec
string

Raw JSON or YAML OpenAPI 2.x/3.x specification for API DAST scanning

openai_spec
string

Alias for openapi_spec (handles common typos)

custom_headers
object[]

Custom HTTP headers to include in requests

Response

Scan successfully initiated

reqid
string<uuid>

Unique ID for this scan request

message
string
Example:

"Scan initiated for target: example.com"