This section outlines the minimum requirements for using our HTTP API.
HTTPS Requirements
All API endpoints require HTTPS for secure communication. Supported TLS versions include TLS 1.3 and TLS 1.2. Requests over HTTP will be rejected.
Example: Valid HTTPS request
curl -X GET "https://api.securityscorecard.io/companies/google.com" -H "Authorization: Token YOUR_ACCESS_TOKEN"Invalid request (HTTP not allowed)
curl -X GET "http://api.securityscorecard.io/companies/google.com" -H "Authorization: Token YOUR_ACCESS_TOKEN"JSON Format
Request and response bodies must use JSON (Content-Type: application/json), unless otherwise specified in the API reference. Some endpoints may return other formats, such as CSV or PDF, when explicitly stated.
Example: Sending a JSON request
curl -X POST "https://api.securityscorecard.io/portfolios" \
-H "Content-Type: application/json" \
-H "Authorization: Token YOUR_ACCESS_TOKEN" \
-d '{ "name": "test", "description": "test", "privacy": "private", "team_id": "test"}'Example: JSON response
{
"id": 123,
"name": "example",
"description": "example",
"privacy": "private"
}Exceptions:
Some endpoints may return other formats, such as CSV or PDF.
Example: Retrieving a CSV file
curl -X GET "https://api.securityscorecard.io/reports/files/{file_path}" -H "Authorization: Token YOUR_ACCESS_TOKEN"Response Headers:
Content-Type: text/csv
Content-Disposition: attachment; filename="export.csv"