POST /api/static/scan

Trigger a new security scan for a specific repository and branch.

Request

Headers:
  • x-api-key (required): Your Rafter security API key
  • Content-Type: application/json
Body: 
{
  "repository_name": "myorg/myrepo",
  "branch_name": "main"
}
Fields:
FieldTypeRequiredDescription
repository_namestringYesRepository name in format org/repo
branch_namestringYesBranch name to scan

Example Request

curl -X POST \
  -H "Content-Type: application/json" \
  -H "x-api-key: RFabc-your-api-key-here" \
  -d '{
    "repository_name": "myorg/myrepo",
    "branch_name": "main"
  }' \
  https://rafter.so/api/static/scan

Response

Success (200 OK): 
{
  "success": true,
  "scan_id": "b1b2c3d4-e5f6-7890-abcd-ef1234567890"
}
Error (400 Bad Request): 
{
  "error": "Missing required field: repository_name"
}
Error (401 Unauthorized): 
{
  "error": "Invalid or inactive API key."
}
Error (403 Forbidden): 
{
  "error": "Scan limit reached for this billing period."
}
Error (404 Not Found): 
{
  "error": "Repository not found or access denied."
}
Error (500 Internal Server Error): 
{
  "error": "An unexpected error occurred."
}

Response Fields

FieldTypeDescription
successbooleanWhether the scan was successfully triggered
scan_idstringUnique identifier for the scan request

Rate Limiting

The API implements rate limiting to ensure fair usage:
  • Rate Limit: 100 requests per minute per IP address
  • Quota: Based on your subscription plan

Examples

JavaScript

const response = await fetch('https://rafter.so/api/static/scan', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'x-api-key': 'RFabc-your-api-key-here'
  },
  body: JSON.stringify({
    repository_name: 'myorg/myrepo',
    branch_name: 'main'
  })
});

const data = await response.json();
console.log(`Scan ID: ${data.scan_id}`);

Python

import requests

response = requests.post(
    'https://rafter.so/api/static/scan',
    headers={
        'Content-Type': 'application/json',
        'x-api-key': 'RFabc-your-api-key-here'
    },
    json={
        'repository_name': 'myorg/myrepo',
        'branch_name': 'main'
    }
)

data = response.json()
print(f"Scan ID: {data['scan_id']}")

Next Steps

After triggering a scan, you can:
  1. Check scan status using the scan_id with the Get Results endpoint
  2. Wait for completion by polling the status endpoint
  3. Retrieve results once the scan is complete

Workflow Example

# 1. Trigger scan
SCAN_ID=$(curl -X POST \
  -H "Content-Type: application/json" \
  -H "x-api-key: RFabc-your-api-key-here" \
  -d '{"repository_name": "myorg/myrepo", "branch_name": "main"}' \
  https://rafter.so/api/static/scan | jq -r '.scan_id')

# 2. Wait for completion (polling)
while true; do
  STATUS=$(curl -H "x-api-key: RFabc-your-api-key-here" \
    "https://rafter.so/api/static/scan?scan_id=$SCAN_ID" | jq -r '.status')
  
  if [ "$STATUS" = "completed" ]; then
    break
  fi
  
  echo "Scan status: $STATUS"
  sleep 10
done

# 3. Get results
curl -H "x-api-key: RFabc-your-api-key-here" \
  "https://rafter.so/api/static/scan?scan_id=$SCAN_ID"