HTTP API Requirements

This section outlines the minimum requirements for using our HTTP API.

HTTPS Requirements

All API endpoints require HTTPS for secure communication. Supported TLS versions include TLS 1.3 and TLS 1.2. Requests over HTTP will be rejected.


Example: Valid HTTPS request

curl -X GET "https://api.securityscorecard.io/companies/google.com" -H "Authorization: Token YOUR_ACCESS_TOKEN"

Invalid request (HTTP not allowed)

curl -X GET "http://api.securityscorecard.io/companies/google.com" -H "Authorization: Token YOUR_ACCESS_TOKEN"

JSON Format

Request and response bodies must use JSON (Content-Type: application/json), unless otherwise specified in the API reference. Some endpoints may return other formats, such as CSV or PDF, when explicitly stated.


Example: Sending a JSON request

curl -X POST "https://api.securityscorecard.io/portfolios" \
  -H "Content-Type: application/json" \
  -H "Authorization: Token YOUR_ACCESS_TOKEN" \
  -d '{ "name": "test", "description": "test", "privacy": "private", "team_id": "test"}'

Example: JSON response

{
  "id": 123,
  "name": "example",
  "description": "example",
  "privacy": "private"
}

Exceptions:

Some endpoints may return other formats, such as CSV or PDF.

Example: Retrieving a CSV file

curl -X GET "https://api.securityscorecard.io/reports/files/{file_path}" -H "Authorization: Token YOUR_ACCESS_TOKEN"

Response Headers:

Content-Type: text/csv
Content-Disposition: attachment; filename="export.csv"