{"name":"Website Security Scan API","version":"2.0","auth":"Pass API key via X-API-Key header (or Authorization: Bearer <key>). Query-based keys are not supported.","plans":{"free":"3 passive scans/day","single":"$19 one-time full scan","starter":"$29/mo — 10 full scans, API access, 3 monitors","pro":"$79/mo — 50 full scans, 10 monitors, API access","agency":"$149/mo — 200 full scans, white-label, 25 monitors, webhooks"},"endpoints":{"GET /api/check":{"params":{"url":"URL to audit (required)","min":"Minimum score threshold (default: 70)"},"response":{"pass":"boolean","score":"number","grade":"string","threshold":"number","url":"string","plan":"string"},"headers":{"X-Audit-Score":"Numeric score","X-Audit-Grade":"Letter grade"},"example":"curl -s \"https://scan.leddconsulting.com/api/check?url=https://example.com&min=70\" | jq .pass"},"POST /verify":{"body":{"domain":"required"},"description":"Get verification token for domain ownership"},"GET /verify/check":{"params":{"domain":"required","token":"required"},"description":"Verify domain ownership via DNS TXT or file"},"POST /rescan":{"body":{"url":"required","previousJobId":"optional"},"auth":"If previousJobId is provided, include report token via X-Report-Token (or admin key)","description":"Re-scan and get before/after delta comparison"},"GET /rescan/:previousId":{"auth":"Report token required via X-Report-Token (or existing report session cookie, or admin key)","description":"HTML page for re-scan with pre-filled URL"},"GET /history/:domain":{"description":"Full scan history for a domain"},"GET /history/:domain/trend":{"description":"Trend analysis (improving/declining/stable)"},"POST /monitor":{"auth":"X-API-Key (starter+)","body":{"domain":"required","interval":"hours (6-168, default 24)","webhookUrl":"optional"},"description":"Add domain to scheduled monitoring"},"PUT /monitor/:domain":{"auth":"X-API-Key","body":{"interval":"hours (6-168)","webhookUrl":"URL or null"},"description":"Update monitor settings"},"DELETE /monitor/:domain":{"auth":"X-API-Key","description":"Remove domain monitoring"},"GET /monitors":{"auth":"X-API-Key or admin key","description":"List your monitors (or all with admin key)"},"GET /audit/:jobId":{"auth":"Report token required via X-Report-Token or report session cookie (or admin key)","description":"Poll audit status/result payload"},"GET /report?jobId=...":{"auth":"First-open token via URL fragment (#token=...) or X-Report-Token; subsequent access can use report session cookie","description":"Interactive HTML report page"},"GET /audit/:jobId/pdf":{"auth":"Report token required via X-Report-Token or report session cookie (or admin key). Optional X-Brand-Key header for white-label (Agency plan)","description":"Download PDF report"},"PUT /branding":{"auth":"X-API-Key (Agency plan)","body":{"companyName":"string","logoUrl":"string","primaryColor":"#hex","contactEmail":"string"}},"DELETE /data?email=X":{"auth":"X-Admin-Key required","description":"GDPR data deletion (admin only)"},"GET /compare?url1=X&url2=Y":{"description":"Side-by-side comparison of two sites"},"GET /subdomains/:domain":{"description":"Discover subdomains via Certificate Transparency"},"PUT /webhook":{"auth":"X-API-Key (any paid plan)","body":{"webhookUrl":"URL to receive notifications (Slack, Discord, or generic JSON)","rotateSecret":"optional boolean"},"description":"Set webhook URL. Deliveries are signed with HMAC-SHA256 (X-Audit-Signature) and retried with dead-letter handling."},"GET /dashboard":{"auth":"X-API-Key","description":"Domain portfolio dashboard with scores, usage, and monitor status"},"GET /usage":{"auth":"X-API-Key","description":"API usage dashboard — scans, checks, monitors with limits and reset times"},"POST /schedule":{"auth":"X-API-Key (paid plan)","body":{"url":"required","interval":"hours (24-168, default 168)"},"description":"Schedule recurring re-scans (reports are sent only to the subscription owner email)"},"DELETE /schedule":{"auth":"X-API-Key","body":{"url":"required"},"description":"Cancel scheduled re-scan"},"GET /schedules":{"auth":"X-API-Key","description":"List your scheduled re-scans"},"GET /audit/:jobId/executive-pdf":{"auth":"Report token required via X-Report-Token or report session cookie (or admin key)","description":"Download 1-page executive summary PDF (plain English, no technical jargon)"},"GET /badge/:domain/verified":{"description":"Enhanced trust badge SVG with verification date"},"GET /cicd":{"description":"CI/CD integration quickstart with GitHub Actions, GitLab CI, and shell templates"},"GET /sample":{"description":"View sample full audit report with realistic demo data"}}}