API Reference
Complete documentation for the PTKD REST API. Integrate mobile security scanning into any application or workflow.
Authentication
Secure your API requests with bearer token authentication
API Key Authentication
Include your API key in the Authorization header of all requests:
Authorization: Bearer YOUR_API_KEYNote: Keep your API key secure and never expose it in client-side code. Generate a new key from your dashboard if compromised.
API Endpoints
Complete reference for all available endpoints
/v1/scanUpload and start scanning an app
Request Body
file:File (required) - The app file to scan (APK/AAB/IPA)scan_type:String (optional) - "quick" or "full" (default: "full")webhook_url:String (optional) - URL to receive scan completion webhookResponse
scan_id:String - Unique identifier for the scanstatus:String - Current scan status ("processing", "completed", "failed")estimated_completion:String - ISO timestamp of estimated completionwebhook_url:String - Webhook URL if provided/v1/scan/{scan_id}Get scan status and results
Response
scan_id:String - Scan identifierstatus:String - Current statuscreated_at:String - ISO timestamp of scan creationcompleted_at:String - ISO timestamp of completion (if finished)results:Object - Scan results (if completed)file_info:Object - Information about the scanned file/v1/scansList all scans for your account
Response
scans:Array - List of scan objectstotal:Number - Total number of scanspage:Number - Current page numberper_page:Number - Number of scans per page/v1/scan/{scan_id}Delete a scan and its results
Response
message:String - Confirmation messagedeleted_at:String - ISO timestamp of deletionWebhooks
Get real-time notifications when scans complete
Webhook Payload
When a scan completes, PTKD will send a POST request to your webhook URL with the following payload:
{
"scan_id": "scan_abc123",
"status": "completed",
"completed_at": "2024-01-15T10:35:22Z",
"results": {
"severity_summary": {
"critical": 0,
"high": 2,
"medium": 5,
"low": 8,
"info": 12
},
"vulnerabilities": [
{
"id": "vuln_001",
"title": "Insecure HTTP connections detected",
"severity": "high",
"category": "network_security",
"description": "Application makes HTTP requests without encryption",
"remediation": "Replace HTTP URLs with HTTPS equivalents"
}
]
}
}Error Codes
HTTP status codes and their meanings
Bad Request
Invalid request parameters or malformed data
Unauthorized
Invalid or missing API key
Forbidden
API key does not have required permissions
Not Found
Scan ID or resource not found
Payload Too Large
File size exceeds 500MB limit
Too Many Requests
Rate limit exceeded
Internal Server Error
Server error occurred
Ready to Integrate?
Get your API key and start scanning apps programmatically.