剣 KENSAI
REST API v1

KENSAI Security API

Automate your security testing. Integrate vulnerability scanning, CVE intelligence, and compliance checks directly into your pipeline.

Quick Start

Up and running in minutes

Start scanning with a single API call. Get your API key from the dashboard and make your first request.

curl -X POST https://api.kensai.app/v1/scan \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "target": "https://example.com",
    "type": "full",
    "options": {
      "crawl_depth": 3,
      "include_subdomains": true
    }
  }'

Base URL: https://api.kensai.app/v1 — All endpoints use HTTPS. HTTP requests are rejected.

Endpoints

Core API endpoints

Everything you need to scan, analyze, and report — organized into clean, RESTful endpoints.

Start Scan

POST/v1/scan

Initiate a new security scan against a target URL. Supports full, quick, and passive scan modes with configurable depth and scope.

Get Results

GET/v1/scan/{id}/results

Retrieve detailed scan results including vulnerability findings, severity scores, and remediation recommendations.

Vulnerabilities

GET/v1/vulnerabilities

Query our database of 333K+ CVEs. Filter by severity, CVSS score, affected technology, or date range.

Compliance

GET/v1/compliance/{framework}

Generate compliance reports for NIS2, ISO 27001, SOC 2, and GDPR. Map scan findings to specific compliance controls.

Authentication

API key authentication

Authenticate every request with a Bearer token. Generate and manage your API keys from the dashboard.

# Include your API key in the Authorization header
curl https://api.kensai.app/v1/scan \
  -H "Authorization: Bearer ks_live_abc123..."

Secure by default

All keys are encrypted at rest. Revoke instantly from your dashboard.

Scoped permissions

Create read-only or full-access keys. Restrict by IP or endpoint.

Multiple keys

Separate keys for dev, staging, and production environments.

Rate Limits

Fair usage limits

Rate limits are applied per API key. Upgrade your plan for higher limits and priority processing.

Plan
Requests
Scans
Burst
Free
100 / day
5 / month
10 / min
Pro
10,000 / day
100 / month
60 / min
Enterprise
Unlimited
Unlimited
Custom

Rate limit headers (X-RateLimit-Remaining) are included in every response. HTTP 429 is returned when limits are exceeded.

Ready to automate your security?

Get started with the free tier — no credit card required. Scale up as your security needs grow.

Get API Access