GuardAPI Logo
GuardAPI
GuardAPI Logo GuardAPI
System Status
Operational
API Reference v3.0

Developer Docs

Integrate Guard-Engine into your CI/CD. Zero-friction API security scanning.

5
Free Scans/Month
~15s
Avg. Scan Time
OWASP
Top 10 Coverage
PDF
Report Export

Discovery Engine

Zero-config API detection

Guard-Engine v3.0 automatically discovers your OpenAPI/Swagger specification. Just provide the base URL — we probe 60+ spec paths across all major frameworks: /openapi.json, /swagger.json, /v3/api-docs (Spring), /api/schema/ (Django), /swagger/doc.json (Go), and more.

Works
https://api.yourcompany.com
Also Works
https://api.yourcompany.com/openapi.json

AI-Native Workflow

Security that speaks AI

GuardAPI v4.0 generates AI-ready fix prompts for every vulnerability. One click copies a structured prompt you can paste directly into Cursor, Copilot, or any AI assistant.

1
Scan your API
2
Click "Copy AI Fix"
3
Paste in Cursor/IDE
Fixed!
Vibe Feature: AI Fix Prompts are available on Monitoring ($9/mo) and Pro ($29/mo) tiers. Free users see the vulnerability but not the copy button.

Free Tier

No login required

Daily Quota 5 scans / month

Each IP address gets 5 free comprehensive scans per month. The quota resets on the 1st of each month. To unlock full vulnerability details and fix code, upgrade to Pro ($29/mo) or Monitor ($9).

Authentication

Session-based for guests

GuardAPI uses temporary session tokens for guest users. The web interface handles this automatically. For programmatic access, obtain a session first.

GET SESSION POST 
curl -X POST https://api.guard-api.com/auth/guest
RESPONSE
{"token": "guard_sess_abc123...", "quota": {"limit": 5, "used": 0, "remaining": 5}}

Use the token in subsequent requests via the X-GUARD-TOKEN header.

POST /audit

Start a security scan

REQUEST POST 
curl -X POST https://api.guard-api.com/audit \
  -H "Content-Type: application/json" \
  -H "X-GUARD-TOKEN: guard_sess_abc123..." \
  -d '{"target_url": "https://api.yourservice.com", "agreed_to_terms": true}'
RESPONSE 201 
{"id": "audit_7f3a9c2b...", "status": "processing"}

GET /audit/:id

Retrieve scan results

Retrieve results in real-time via Zero-Latency SSE Streaming.

REAL-TIME STREAM (SSE) GET 
curl https://api.guard-api.com/audit/:id?stream=true \
  -H "X-GUARD-TOKEN: guard_sess_abc123..."
Pro 2026 Optimization: The SSE stream yields progress and status_message events in real-time. The final report is delivered via a result event the instant it's available.

Subscriptions

Monitor ($9) & Pro ($29)

Subscriptions are managed via Stripe. Use the Pricing Page in the dashboard to upgrade your account and unlock Pro features.

CI/CD Pro

Automated Security Gate (Included in Pro $29/mo)

1 GitHub Action Integration

The fastest way to use GuardAPI in your CI/CD is our official GitHub Action. It automatically blocks deployments if your API security grade falls below your threshold.

.github/workflows/security.yml
- uses: KevinFalck/guardapi-action@v1
  with:
    api-key: ${ secrets.GUARD_API_KEY }
    openapi-path: ./openapi.json
    min-grade: B

2 POST /ci/scan

Directly scan your OpenAPI spec via API Key.

X-API-KEY required POST 
curl -X POST https://api.guard-api.com/ci/scan \
  -H "X-API-KEY: guard_ci_..." \
  -d '{"openapi_spec": "...", "min_grade": "B"}'

Get your API Key

API Keys are delivered via email immediately after subscribing to GuardAPI Pro.

Upgrade to Pro →