API documentation
Reference
Complete API reference for Rafter’s public scanning API
Welcome to the Rafter API
The Rafter API provides programmatic access to our security scanning capabilities. Use this API to integrate security scanning into your applications, automation workflows, and CI/CD pipelines.Base URL
API Endpoints
| Method | Endpoint | Description |
|---|---|---|
| GET | /api/static/usage | Check your API quota and remaining scans |
| POST | /api/static/scan | Trigger a new security scan for a repository |
| GET | /api/static/scan | Check scan status and retrieve results |
Authentication
All API requests require authentication using an API key. Include your API key in thex-api-key header with every request.
Your API key starts with
RF and should be kept secure. Never commit it to version control. Use environment variables or secure secret management systems.Rate Limiting
The API implements rate limiting to ensure fair usage:- Rate Limit: 100 requests per minute per IP address
- Quota: Based on your subscription plan
Response Formats
The API supports multiple response formats:JSON (Default)
All endpoints return JSON responses by default:Markdown (format=md)
Some endpoints support Markdown format for human-readable reports:Error Handling
The API uses standard HTTP status codes:| Status Code | Description |
|---|---|
| 200 | Success |
| 400 | Bad Request - Missing required fields |
| 401 | Unauthorized - Invalid API key |
| 403 | Forbidden - Quota exceeded |
| 404 | Not Found - Resource not found |
| 429 | Too Many Requests - Rate limit exceeded |
| 500 | Internal Server Error - Server error |
Getting Started
Check Usage
Check your API quota and remaining scans.
Trigger Scan
Start a new security scan for your repository.
Get Results
Retrieve scan results and vulnerability reports.
CLI
While you can use the API directly with HTTP requests, we also provide powerful CLI tools.Support
- Documentation: This API reference
- Support: Visit our support page