API

Previous Next

The S4E platform provides a public REST API for programmatic access to scanning, asset management, reporting, and more. All public API endpoints authenticate via a Public API Token.

Base URL

Environment Base URL
Cloud https://api.s4e.io
On-Premises https://api.<your-domain>

All endpoint paths below are relative to this base URL. Replace API_URL in examples with your base URL.

Authentication

Every request requires a token parameter (your Public API Token). Generate one from Settings > API Token in the platform.

Validate token

POST /auth/check

curl -X POST 'API_URL/auth/check' \
  -H 'Content-Type: application/json' \
  -d '{"token": "your_api_token"}'

{"message": "string", "code": 200}

Check extension login

POST /auth/check-extension-login

Returns whether the user has used the browser extension in the last 7 days.

curl -X POST 'API_URL/auth/check-extension-login' \
  -H 'Content-Type: application/json' \
  -d '{"token": "your_api_token"}'

{"message": "string", "code": 200}

Assets

Add assets in bulk

POST /asset/handler/bulk-asset-add

Add multiple assets for the token owner. Performs validation and adds assets if not already owned.

curl -X POST 'API_URL/asset/handler/bulk-asset-add' \
  -H 'Content-Type: application/json' \
  -d '{
    "assets": ["example.com", "192.168.1.0/24"],
    "description": "Production servers",
    "source": "manuel",
    "token": "your_api_token"
  }'

{"message": "string", "code": 200}
Parameter Type Required Description
assets array Yes List of assets to add.
token string Yes Public API token.
description string No Optional description (3-300 chars).
source string No manuel, s4e_subdomain_finder, s4e_iprange_extender, digitalocean_integration, cloudflare_integration, wordpress_integration.

Check asset ownership

POST /asset/handler/bulk-asset-ownership-check

Check if assets can be registered by the token owner.

curl -X POST 'API_URL/asset/handler/bulk-asset-ownership-check' \
  -H 'Content-Type: application/json' \
  -d '{"assets": ["example.com"], "token": "your_api_token"}'

{
  "value": [{"asset": "example.com", "is_available": true}],
  "code": 200
}

Validate asset type

POST /asset/handler/bulk-asset-type-check

Validate type and format for multiple assets (domain, IP, CIDR).

curl -X POST 'API_URL/asset/handler/bulk-asset-type-check' \
  -H 'Content-Type: application/json' \
  -d '{"assets": ["example.com"], "token": "your_api_token"}'

{
  "value": [{"asset": "example.com", "warning": "string"}],
  "code": 200
}

Retrieve an asset

POST /asset/info/detail

Get detailed information for a single asset.

curl -X POST 'API_URL/asset/info/detail' \
  -H 'Content-Type: application/json' \
  -d '{"asset_id": 123, "token": "your_api_token"}'

{
  "asset": "s4e.io",
  "if_verified": true,
  "created_at": "date",
  "if_premium": true,
  "asset_type": "domain",
  "tags": [],
  "auto_services": [],
  "sticky_services": []
}
Parameter Type Required Description
token string Yes Public API token.
asset_id integer No Asset ID.
asset string No Asset name.

List all assets

POST /asset/info/list

List assets with filtering, sorting, and pagination.

curl -X POST 'API_URL/asset/info/list' \
  -H 'Content-Type: application/json' \
  -d '{
    "page": 1,
    "per_page": 20,
    "order_by": "created_at",
    "order_type": "desc",
    "token": "your_api_token"
  }'

{
  "value": {
    "asset": [
      {
        "id": 123456,
        "asset": "s4e.io",
        "asset_type": "domain",
        "if_verified": true,
        "if_premium": false,
        "created_at": "date"
      }
    ],
    "count": 1
  },
  "code": 200
}
Parameter Type Description
asset string Filter by asset name.
asset_ids array Filter by asset IDs.
tag_ids array Filter by tag IDs.
if_premium boolean Premium filter.
if_verified boolean Verification filter.
asset_types array domain, ipv4, etc.
search_text string Search by asset and description.
search_condition string contains, equal, startswith, endswith.
inet string Network-aware IP filter (single IP, CIDR, or range).

Update scan categories

POST /asset/settings/update-scan-categories

Enable or disable scan categories for an asset.

curl -X POST 'API_URL/asset/settings/update-scan-categories' \
  -H 'Content-Type: application/json' \
  -d '{
    "asset_id": 1,
    "status_list": [
      {"category_slug": "dns-controls", "status": false},
      {"category_slug": "web-vulnerabilities", "status": true}
    ],
    "token": "your_api_token"
  }'

{"message": "string", "code": 200}

Category slugs: dns-controls, ssl-controls, misconfiguration, network-vulnerabilities, web-vulnerabilities, information-scans, product-based-web-vulnerabilities, product-based-network-vulnerabilities, exposed-panels.

Scans

List all scans

POST /scan/list

Retrieve available scan definitions with filtering and pagination.

curl -X POST 'API_URL/scan/list' \
  -H 'Content-Type: application/json' \
  -d '{
    "query": "cve",
    "asset_type": "domain",
    "page": 1,
    "per_page": 20,
    "token": "your_api_token"
  }'

{
  "value": {
    "data": [
      {
        "name": "DNS Zeus Tracker Scanner",
        "slug": "dns-zeus-tracker-scanner",
        "score": 10,
        "asset_types": ["domain,ipv4"],
        "estimate_time": 15,
        "if_api_support": true
      }
    ],
    "total_count": 16
  },
  "code": 200
}
Parameter Type Description
query string Search text.
asset_type string domain, ipv4, url, request, email.
scan_category_slug string Filter by category.
severity string critical, high, medium, low, info.
if_single_scan boolean Single scan filter.
if_group_scan boolean Group scan filter.

List scan categories

POST /scan/scan-categories-with-count

Get scan categories and their counts for a given asset type.

curl -X POST 'API_URL/scan/scan-categories-with-count' \
  -H 'Content-Type: application/json' \
  -d '{"asset_type": "domain", "slug": "full-scan", "token": "your_api_token"}'

{
  "value": [{"id": 1, "count": 12, "name": "DNS Controls", "slug": "dns-controls"}],
  "code": 200
}

Start a single scan

POST /scan/start-single-scan

Start a scan identified by its slug against a specific asset.

curl -X POST 'API_URL/scan/start-single-scan' \
  -H 'Content-Type: application/json' \
  -d '{
    "asset": "s4e.io",
    "slug": "txt-record-lookup",
    "token": "your_api_token"
  }'

{"message": "ok", "code": 200, "value": {"slug": "slug"}}
Parameter Type Required Description
asset string Yes Target asset name.
slug string Yes Scan slug identifier.
token string Yes Public API token.
port integer No Target port (1-65535).

Start a group scan

POST /scan/start-group-scan

Start a Full Scan, Light Scan, Crawl Only, or Fast Scan.

curl -X POST 'API_URL/scan/start-group-scan' \
  -H 'Content-Type: application/json' \
  -d '{
    "assets": [{"id": 10, "port": null, "protocol_id": null}],
    "category_slugs": ["dns-controls", "ssl-controls", "web-vulnerabilities"],
    "slug": "full-scan",
    "token": "your_api_token"
  }'

{"message": "ok", "code": 200, "value": {"slug": "slug"}}
Slug Scan Type
full-scan Full Scan
half-scan Light Scan
crawl-only Crawl Only
fast-scan Fast Scan (use asset string instead of assets array)

Verify an asset

POST /scan/start-verify

Trigger the verification process for an asset.

curl -X POST 'API_URL/scan/start-verify' \
  -H 'Content-Type: application/json' \
  -d '{"asset_id": 336, "token": "your_api_token"}'

{"message": "string", "value": {"slug": "string"}, "code": 200}

Retrieve activity logs

POST /scan/get-activity-logs

Retrieve timestamped activity logs for a group scan.

curl -X POST 'API_URL/scan/get-activity-logs' \
  -H 'Content-Type: application/json' \
  -d '{"slug": "group-scan-slug", "token": "your_api_token"}'

{"value": {"date": 1723016513781, "desc": "Light scan has been started."}, "code": 200}

List scan history

POST /scan/history-single-scan | /scan/history-group-scan | /scan/history-crawler

Retrieve past scan executions. All three endpoints accept the same parameters.

curl -X POST 'API_URL/scan/history-group-scan' \
  -H 'Content-Type: application/json' \
  -d '{
    "asset_ids": [123],
    "page": 1,
    "per_page": 20,
    "scan_status": [1],
    "order_by": "finished_at",
    "order_type": "desc",
    "token": "your_api_token"
  }'

{
  "data": [
    {
      "asset": "s4e.io",
      "scan_status": 1,
      "started_at": 0,
      "finished_at": 0,
      "group_output_slug": "string"
    }
  ],
  "total_count": 0
}

Reports

List reports

POST /report/list

Retrieve a paginated list of scan reports.

curl -X POST 'API_URL/report/list' \
  -H 'Content-Type: application/json' \
  -d '{
    "severity": [5, 4, 3],
    "report_status": [0, 8],
    "page": 1,
    "per_page": 20,
    "order_by": "finished_at",
    "order_type": "desc",
    "token": "your_api_token"
  }'

{
  "value": {
    "report": [
      {
        "name": "TCP Top Port Service Scan",
        "asset": "harbor.s4e.link",
        "severity": 1,
        "report_status": 0,
        "slug": "cda6200f-cae8-4df9-a651-1aa097c26b58",
        "started_at": 1748447972633,
        "finished_at": 1748447989935
      }
    ],
    "count": 7009
  },
  "code": 200
}

Severity: 1 Info · 2 Low · 3 Medium · 4 High · 5 Critical

Status: 0 Open · 1 Fixed · 2 Request for Approval · 3 Accepted Risk · 4 False Positive · 5 Support Ongoing · 6 No Action Required · 7 Reopened · 8 In Progress

Source: 0 single-scan · 1 full-scan · 2 half-scan · 3 continuous-scan · 5 crawl-only · 9 fast-scan

Retrieve a single scan report

POST /report/single-scan-result

curl -X POST 'API_URL/report/single-scan-result' \
  -H 'Content-Type: application/json' \
  -d '{"scan_output_slug": "scan_output_slug", "token": "your_api_token"}'

{
  "value": {"score": 0, "asset": "8.8.8.8", "name": "Send Ping Online", "result": null},
  "code": 200
}

Retrieve a group scan report

POST /report/group-scan-result

curl -X POST 'API_URL/report/group-scan-result' \
  -H 'Content-Type: application/json' \
  -d '{"group_scan_slug": "scan_output_slug", "token": "your_api_token"}'

{
  "value": {
    "score": 1,
    "asset": "s4e.io",
    "name": "Top 10 TCP Ports Scanner",
    "result": {"compact": [], "detail": [], "status": "ok"}
  },
  "code": 200
}

Retrieve report history

POST /report/report-history

Returns past scan results for a given report.

curl -X POST 'API_URL/report/report-history' \
  -H 'Content-Type: application/json' \
  -d '{
    "asset": "s4e.io",
    "scan_slug": "a-record-lookup",
    "page": 1,
    "per_page": 20,
    "token": "your_api_token"
  }'

{
  "value": [
    {
      "start_date": 1723016513781,
      "scan_output_slug": "slug",
      "asset": "s4e.io",
      "score": 1,
      "severity": 1
    }
  ],
  "code": 200
}

Retrieve severity statistics

POST /report/get-severities

curl -X POST 'API_URL/report/get-severities' \
  -H 'Content-Type: application/json' \
  -d '{"token": "your_api_token"}'

{"value": [{"count": 2670, "severity": 1}, {"count": 566, "severity": 3}], "code": 200}

Retrieve status statistics

POST /report/get-statuses

curl -X POST 'API_URL/report/get-statuses' \
  -H 'Content-Type: application/json' \
  -d '{"token": "your_api_token"}'

{"value": [{"report_status": 0, "count": 6627}, {"report_status": 1, "count": 311}], "code": 200}

Export reports

POST /report/export

Export reports based on filters and the requested format. Supports CSV, HTML, PDF, and JSON.

Response Description
200 Report exported successfully.
401 Invalid API token.

Required JSON body fields: output_type, token.

Field Type Default Description
output_type string csv, html, pdf, json
token string Public API token (3256 chars)
template string short full (detailed) or short (summary)
delimiter string , , or ; (CSV)
scan_output_slugs string[] Scan output slugs to export
severity int[] 15: Information … Critical
slug string Scan result id (pattern ^([a-zA-Z0-9-]){3,400}$)
group_scan_slug string Group scan result id (same pattern)
started_at integer Start timestamp filter
finished_at integer End timestamp filter
until_date integer Filter until this date
order_by string finished_at id, severity, finished_at
order_type string desc desc or asc
if_custom boolean Include custom fields
asset_id int[] Asset IDs
asset string Asset name filter
scan_category_slug string[] e.g. web-vulnerabilities, network-vulnerabilities, …
report_status int[] 0 Open through 8 In Progress
source int[] Scan source enum (e.g. 3 continuous-scan)
name string Report name (3300)
scan_slug string Scan slug (3300)
read boolean Read status filter
count_total_only boolean false Return only total count
port int[] Ports (max 10)
tag string Tag filter
tag_ids int[] Tag IDs 
curl -X POST 'API_URL/report/export' \
  -H 'Content-Type: application/json' \
  -d '{
    "output_type": "csv",
    "severity": [5, 4, 3],
    "template": "full",
    "token": "your_api_token"
  }'

For a longer field reference and UI mapping (template ↔ Detailed/Summary), see Exporting Data — API.

Crawler

Retrieve crawler settings

POST /crawler/get-settings

Returns include/exclude URLs, API specs, headers, and enrichment configuration.

curl -X POST 'API_URL/crawler/get-settings' \
  -H 'Content-Type: application/json' \
  -d '{"asset_id": 123, "token": "your_api_token"}'

{
  "data": {
    "include_urls": "string",
    "exclude_urls": "string",
    "api_specs": "string",
    "headers": "string",
    "headers_valid_for": -1
  }
}

Add included URLs

POST /crawler/add-included-urls

Add URLs to the crawling inclusion list.

curl -X POST 'API_URL/crawler/add-included-urls' \
  -H 'Content-Type: application/json' \
  -d '{
    "asset_id": 1,
    "urls": ["https://s4e.io", "https://s4e.io/platform"],
    "token": "your_api_token"
  }'

{"code": 200, "message": "URL is added and will be crawled in next scan"}

Add excluded URLs

POST /crawler/add-excluded-urls

Add URLs to the crawling exclusion list.

curl -X POST 'API_URL/crawler/add-excluded-urls' \
  -H 'Content-Type: application/json' \
  -d '{
    "asset_id": 1,
    "urls": ["https://s4e.io/admin"],
    "token": "your_api_token"
  }'

{"code": 200, "message": "URL is excluded and will not be crawled in next scan"}

Note

Use /crawler/remove-included-urls and /crawler/remove-excluded-urls with the same body format to remove URLs.

Add API specifications

POST /crawler/add-api-specs

Add API specification URLs (.json, .wadl, .wsdl) for crawler discovery.

curl -X POST 'API_URL/crawler/add-api-specs' \
  -H 'Content-Type: application/json' \
  -d '{
    "asset_id": 123,
    "urls": ["https://api.example.com/swagger.json"],
    "token": "your_api_token"
  }'

{"code": 200, "message": "string"}

Note

Use /crawler/remove-api-specs with the same body format to remove specs.

Update crawler headers

POST /crawler/update-header

Set custom HTTP headers sent during crawling.

curl -X POST 'API_URL/crawler/update-header' \
  -H 'Content-Type: application/json' \
  -d '{
    "asset_id": 1,
    "headers": {
      "authorization": "Bearer token123",
      "user-agent": "Mozilla/5.0"
    },
    "headers_valid_for": -1,
    "token": "your_api_token"
  }'

{"code": 200, "message": "string"}

headers_valid_for: validity in milliseconds, -1 for indefinite.

Update enrichment setting

POST /crawler/update-enrichment-setting

Enable or disable enrichment analysis for crawled data.

curl -X POST 'API_URL/crawler/update-enrichment-setting' \
  -H 'Content-Type: application/json' \
  -d '{"asset_id": 1, "if_enrichment": true, "token": "your_api_token"}'

{"code": 200, "message": "string"}

List all crawled URLs

POST /crawler/list-alls

Retrieve a paginated list of all discovered URLs.

curl -X POST 'API_URL/crawler/list-alls' \
  -H 'Content-Type: application/json' \
  -d '{
    "asset": "s4e.io",
    "method": ["GET", "POST"],
    "status_code": [200, 404],
    "page": 1,
    "per_page": 20,
    "token": "your_api_token"
  }'

{
  "data": [
    {
      "endpoint": "/api/v1/users",
      "method": "GET",
      "status_code": 200,
      "asset": "s4e.io",
      "port": 443
    }
  ],
  "count": 2
}
Parameter Type Description
port array Filter by ports.
endpoint string Filter by endpoint path.
method array GET, POST, PUT, DELETE, PATCH.
status_code array Filter by HTTP status codes.
filter_pii_only boolean Show only URLs with PII.

Dashboard

Retrieve terminal data

POST /dashboard/terminal/v2

Real-time scan activity data with filtering and pagination.

curl -X POST 'API_URL/dashboard/terminal/v2' \
  -H 'Content-Type: application/json' \
  -d '{
    "page": 1,
    "per_page": 100,
    "severity": [5, 4, 3],
    "token": "your_api_token"
  }'

{
  "value": {
    "items": [
      {
        "data": {"scan_name": "string", "asset": "string", "severity": 3, "status": 1}
      }
    ],
    "metadata": {"total": 100, "page": 1, "has_next": false}
  },
  "code": 200
}

Retrieve group scan counts

POST /dashboard/group-scan-counts

curl -X POST 'API_URL/dashboard/group-scan-counts' \
  -H 'Content-Type: application/json' \
  -d '{"scan_group_output_slug": "FPiyCF", "token": "your_api_token"}'

{"value": {"finished_count": 42, "total_count": 50}, "code": 200}

Retrieve open ports

POST /dashboard/get-open-ports

curl -X POST 'API_URL/dashboard/get-open-ports' \
  -H 'Content-Type: application/json' \
  -d '{"token": "your_api_token"}'

{"value": [], "code": 200}

Retrieve asset count by ports

POST /dashboard/get-asset-count-by-ports

curl -X POST 'API_URL/dashboard/get-asset-count-by-ports' \
  -H 'Content-Type: application/json' \
  -d '{"token": "your_api_token"}'

{"value": [], "code": 200}

Retrieve monthly URL statistics

POST /dashboard/get-monthly-total-url

curl -X POST 'API_URL/dashboard/get-monthly-total-url' \
  -H 'Content-Type: application/json' \
  -d '{"month": 6, "token": "your_api_token"}'

{"value": [], "code": 200}

Retrieve monthly unique requests

POST /dashboard/get-monthly-unique-request

curl -X POST 'API_URL/dashboard/get-monthly-unique-request' \
  -H 'Content-Type: application/json' \
  -d '{"month": 6, "token": "your_api_token"}'

{"value": [], "code": 200}

Security Score

Retrieve security score

POST /risk/user-score

Retrieve risk score history for the token owner.

curl -X POST 'API_URL/risk/user-score' \
  -H 'Content-Type: application/json' \
  -d '{
    "page": 1,
    "per_page": 20,
    "order_type": "desc",
    "order_by": "calculated_at",
    "token": "your_api_token"
  }'

{
  "value": {
    "user_risk": [
      {
        "calculated_at": 1740997600536,
        "risk_score": 19.5,
        "parameters": {
          "asset_scores": {"39678": 71.5, "39679": 70.5},
          "calculation_method": "weighted_average",
          "total_assets": 2
        }
      }
    ],
    "count": 2
  },
  "code": 200
}

Threat Intelligence

List credentials

GET /threatintelligence/list

Retrieve threat intelligence credential data.

curl 'API_URL/threatintelligence/list?integration_type_slug=brand-defense&page=1&per_page=20&token=your_api_token'

{"data": [], "count": 0, "code": 200}

Integration types: brand-defense, proudsec.

User

Retrieve current user

POST /user/info

Returns profile data, privileges, and onboarding status.

curl -X POST 'API_URL/user/info' \
  -H 'Content-Type: application/json' \
  -d '{"token": "your_api_token"}'

{
  "value": {
    "email": "string",
    "name": "string",
    "id": 0,
    "package": "string",
    "privileges": ["string"],
    "two_factor_auth": true,
    "hasVerifiedAssetCount": 5
  }
}

Retrieve subscription info

POST /user/package-info

Check current subscription status and expiration.

curl -X POST 'API_URL/user/package-info' \
  -H 'Content-Type: application/json' \
  -d '{"token": "your_api_token"}'

{"value": {"has_package": true, "package_id": 0, "deletion_alert": false}, "code": 200}

HTTP Response Codes

Code Description
200 Success.
400 Validation error, asset not found, or ownership conflict.
401 Invalid API token.
404 Resource not found.
500 Internal server error.
Operations Guide Overview