Skip to content

TridentScan — Free Website Security Scanner & Attack Surface Intelligence

🔱 TridentScan API

Integrate security scanning into your CI/CD pipeline. Get grades, scores, and actionable findings via a simple REST API.

Quick Start

1. Get an API Key

Generate a key from your dashboard or via the API:

curl -X POST https://tridentscan.com/api/keys \
  -H "Authorization: Bearer YOUR_SUPABASE_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"name": "CI Pipeline"}'

2. Scan a Domain

curl "https://tridentscan.com/api/v1/scan?domain=example.com&key=trident_sk_YOUR_KEY"

Authentication

All scan requests require an API key passed as the key query parameter.

Key format: trident_sk_<base64url-random>

Free Plan

5 scans/day

Paid Plan

100 scans/day

Endpoints

GET/api/v1/scan

Run a security scan on a domain. Returns grade, score, and detailed findings.

Parameters

domainrequiredTarget domain to scan (e.g., example.com)
keyrequiredYour API key (trident_sk_...)

Response

{
  "domain": "example.com",
  "grade": "B",
  "score": 78,
  "categories": {
    "headers": { "findings": 2, "severity": ["medium", "low"] },
    "ssl": { "findings": 0, "severity": [] },
    "cors": { "findings": 1, "severity": ["medium"] }
  },
  "findings": [
    {
      "module": "headers",
      "severity": "medium",
      "title": "Missing Content-Security-Policy",
      "description": "No CSP header detected...",
      "fix": "Add Content-Security-Policy header..."
    }
  ],
  "timestamp": "2025-01-15T12:00:00.000Z",
  "durationMs": 2340,
  "rateLimit": {
    "limit": 100,
    "remaining": 94,
    "plan": "paid"
  }
}

Key Management

POST
/api/keys

Generate a new API key. Requires Bearer token auth. Max 5 keys per user.

GET
/api/keys

List your active API keys (prefix only). Requires Bearer token auth.

DELETE
/api/keys

Revoke a key by prefix. Body: {"prefix": "trident_sk_abc..."}

Integration Examples

GitHub Actions

name: Security Scan
on: [push, pull_request]

jobs:
  trident-scan:
    runs-on: ubuntu-latest
    steps:
      - name: TridentScan Security Check
        run: |
          RESULT=$(curl -s "https://tridentscan.com/api/v1/scan?domain=${{ vars.DOMAIN }}&key=${{ secrets.TRIDENT_API_KEY }}")
          SCORE=$(echo "$RESULT" | jq '.score')
          GRADE=$(echo "$RESULT" | jq -r '.grade')
          echo "Security Grade: $GRADE ($SCORE/100)"
          if [ "$SCORE" -lt 50 ]; then
            echo "❌ Security score below threshold"
            echo "$RESULT" | jq '.findings[] | "\(.severity): \(.title)"'
            exit 1
          fi
          echo "✅ Security check passed"

curl

curl "https://tridentscan.com/api/v1/scan?domain=example.com&key=trident_sk_YOUR_KEY"

Node.js

const res = await fetch(
  'https://tridentscan.com/api/v1/scan?domain=example.com&key=trident_sk_YOUR_KEY'
);
const data = await res.json();

if (data.score < 50) {
  console.error(`Security score too low: ${data.grade} (${data.score}/100)`);
  process.exit(1);
}
console.log(`✅ Security grade: ${data.grade}`);

Python

import requests, sys

r = requests.get("https://tridentscan.com/api/v1/scan", params={
    "domain": "example.com",
    "key": "trident_sk_YOUR_KEY"
})
data = r.json()

if data["score"] < 50:
    print(f"❌ Security: {data['grade']} ({data['score']}/100)")
    sys.exit(1)
print(f"✅ Security: {data['grade']}")

Error Codes

400Missing domain parameter
401Invalid or missing API key
429Rate limit exceeded — upgrade your plan or wait for daily reset
500Scan failed — target may be unreachable

Ready to integrate?

Get your API key and start scanning in under a minute.

Get API Key →