The Indie Security API enables programmatic access to security assessments, findings, and reports.
Base URL
https://api.indiesecurity.com/v1
Authentication
All API requests require a Bearer token in the Authorization header:
curl -X GET 'https://api.indiesecurity.com/v1/targets' \
-H 'Authorization: Bearer is_live_xxxxxxxxxxxxx'
Keep your API keys secure. Never commit them to version control.
Getting Your API Key
- Navigate to Dashboard → Settings → API Keys
- Click Generate New Key
- Copy and store the key securely
API keys are scoped to your organization. All users share the same key.
Rate Limits
| Tier | Requests/Minute | Concurrent Scans |
|---|
| Free | 60 | 1 |
| Pro | 300 | 5 |
| Enterprise | Unlimited | Unlimited |
X-RateLimit-Limit: 300
X-RateLimit-Remaining: 299
X-RateLimit-Reset: 1640995200
{
"success": true,
"data": {
// Response data
},
"meta": {
"request_id": "req_abc123",
"timestamp": "2024-01-15T10:30:00Z"
}
}
{
"success": false,
"error": {
"code": "VALIDATION_ERROR",
"message": "Invalid target_id format",
"details": {
"field": "target_id",
"expected": "UUID v4"
}
},
"meta": {
"request_id": "req_abc123"
}
}
Error Codes
| Code | HTTP Status | Description |
|---|
UNAUTHORIZED | 401 | Invalid or missing API key |
FORBIDDEN | 403 | Insufficient permissions |
NOT_FOUND | 404 | Resource not found |
VALIDATION_ERROR | 422 | Invalid request parameters |
RATE_LIMITED | 429 | Too many requests |
SERVER_ERROR | 500 | Internal server error |
SDKs
Quick Examples
from indiesecurity import Client
client = Client(api_key="is_live_xxx")
# List targets
targets = client.targets.list()
# Start assessment
assessment = client.assessments.create(
target_id="target_123",
mode="quick"
)
# Get findings
findings = client.findings.list(target_id="target_123")
Next Steps
