Base URL: https://api.cybersecurity-japan.com
Machine-readable: openapi.json · Postman collection
Run a security hygiene snapshot on a public URL.
POST /v1/snapshot
Content-Type: application/json
{ "url": "https://example.com" }Price: 0.05 USDC on Base (or Base Sepolia for testing).
Protocol: x402. See pricing page for flow details.
{
"requested_url": "https://example.com",
"normalized_url": "https://example.com/",
"final_url": "https://example.com/",
"fetched_at": "2025-01-01T00:00:00.000Z",
"reachable": true,
"final_status_code": 200,
"redirect_count": 0,
"https_ok": true,
"hsts_present": false,
"csp_present": false,
"x_frame_options_present": false,
"x_content_type_options_present": false,
"referrer_policy_present": false,
"permissions_policy_present": false,
"security_txt_present": false,
"robots_txt_present": true,
"sitemap_xml_present": false,
"notes": ["HSTS header missing.", "Content-Security-Policy header missing."],
"checks": {
"https": true, "hsts": false, "csp": false,
"x_frame_options": false, "x_content_type_options": false,
"referrer_policy": false, "permissions_policy": false,
"security_txt": false, "robots_txt": true, "sitemap_xml": false
}
}Returned when no valid payment proof is present. Use an x402 client to handle automatically.
| HTTP | error_type | Meaning |
|---|---|---|
| 400 | invalid_url | URL failed SSRF validation or is malformed |
| 400 | ssrf | URL points to a blocked target |
| 400 | timeout | Target URL timed out |
| 400 | unreachable | Target URL could not be reached |
Returns a pre-baked canned snapshot of example.com. No live fetch. No payment.
{ "status": "ok", "version": "1.0.0" }