GuardAPI Logo
GuardAPI
API Reference v4.0.8

Developer Docs

Integrate Guard-Engine into your CI/CD. High-scale, deterministic API security.

3
Free Scans/Month
> 5MB
Max Spec Size
OWASP
Top 10 Coverage
Multi
Language Detection

High-Scale Discovery Engine

Zero-config API detection for massive specs

Guard-Engine v4.0.8 handles everything from small microservices to massive enterprise specs (>5MB) using our FastPath Regex parser.

Automatic Linguistic Context: We now detect your stack via x-codegen-language or HTTP headers (X-Powered-By) to provide language-specific remediations in Python, Node, Go, PHP, or Java.

Works
https://api.yourcompany.com
Also Works
https://api.yourcompany.com/openapi.json

AI-Native Workflow

Security that speaks AI

GuardAPI v4.0 generates AI-ready fix prompts for every vulnerability. One click copies a structured prompt you can paste directly into Cursor, Copilot, or any AI assistant.

1
Scan your API
2
Click "Copy AI Fix"
3
Paste in Cursor/IDE
Fixed!
Vibe Feature: AI Fix Prompts are available on Builder ($19/mo) and Business ($49/mo) tiers. Free users get 1 free fix prompt, then require an upgrade.

Free Tier

No login required

Monthly Quota 3 scans / month

Each IP address gets 3 free comprehensive scans per month. The quota resets on the 1st of each month. To unlock full vulnerability details and unlimited fix prompts, upgrade to Business ($49/mo) or Builder ($19).

Authentication

Session-based for guests

GuardAPI uses temporary session tokens for guest users. The web interface handles this automatically. For programmatic access, obtain a session first.

GET SESSION POST 
curl -X POST https://api.guard-api.com/auth/guest
RESPONSE
{"token": "guard_sess_abc123...", "quota": {"limit": 3, "used": 0, "remaining": 3}}

Use the token in subsequent requests via the X-GUARD-TOKEN header.

POST /audit

Start a security scan

REQUEST POST 
curl -X POST https://api.guard-api.com/audit \
  -H "Content-Type: application/json" \
  -H "X-GUARD-TOKEN: guard_sess_abc123..." \
  -d '{"target_url": "https://api.yourservice.com", "agreed_to_terms": true}'
RESPONSE 201 
{"id": "audit_7f3a9c2b...", "status": "processing"}

GET /audit/:id

Retrieve scan results

Retrieve results in real-time via Zero-Latency SSE Streaming.

REAL-TIME STREAM (SSE) GET 
curl https://api.guard-api.com/audit/:id?stream=true \
  -H "X-GUARD-TOKEN: guard_sess_abc123..."
Deterministic Precision: Every finding in the report now includes mandatory citations (exact path and parameter) to ensure zero-hallucination security analysis.

Subscriptions

Builder ($19) & Business ($49)

Subscriptions are managed via Stripe. Use the Pricing Page in the dashboard to upgrade your account and unlock Pro features.

CI/CD Pro

Automated Security Gate (Included in Business $49/mo)

1 GitHub Action Integration

The fastest way to use GuardAPI in your CI/CD is our official GitHub Action. It automatically blocks deployments if your API security grade falls below your threshold.

.github/workflows/security.yml
- uses: KevinFalck/guardapi-action@v1
  with:
    api-key: ${ secrets.GUARD_API_KEY }
    openapi-path: ./openapi.json
    min-grade: B

2 POST /ci/scan

Directly scan your OpenAPI spec via API Key.

X-API-KEY required POST 
curl -X POST https://api.guard-api.com/ci/scan \
  -H "X-API-KEY: guard_ci_..." \
  -d '{"openapi_spec": "...", "min_grade": "B"}'

Get your API Key

API Keys are delivered via email immediately after subscribing to GuardAPI Business.

Upgrade to Business →