API Reference

    Complete documentation for the PTKD REST API. Integrate mobile security scanning into any application or workflow.

    Authentication

    Secure your API requests with bearer token authentication

    API Key Authentication

    Include your API key in the Authorization header of all requests:

    Authorization Header
    Authorization: Bearer YOUR_API_KEY

    Note: Keep your API key secure and never expose it in client-side code. Generate a new key from your dashboard if compromised.

    API Endpoints

    Complete reference for all available endpoints

    POST/v1/scan

    Upload and start scanning an app

    Request Body

    file:File (required) - The app file to scan (APK/AAB/IPA)
    scan_type:String (optional) - "quick" or "full" (default: "full")
    webhook_url:String (optional) - URL to receive scan completion webhook

    Response

    scan_id:String - Unique identifier for the scan
    status:String - Current scan status ("processing", "completed", "failed")
    estimated_completion:String - ISO timestamp of estimated completion
    webhook_url:String - Webhook URL if provided
    GET/v1/scan/{scan_id}

    Get scan status and results

    Response

    scan_id:String - Scan identifier
    status:String - Current status
    created_at:String - ISO timestamp of scan creation
    completed_at:String - ISO timestamp of completion (if finished)
    results:Object - Scan results (if completed)
    file_info:Object - Information about the scanned file
    GET/v1/scans

    List all scans for your account

    Response

    scans:Array - List of scan objects
    total:Number - Total number of scans
    page:Number - Current page number
    per_page:Number - Number of scans per page
    DELETE/v1/scan/{scan_id}

    Delete a scan and its results

    Response

    message:String - Confirmation message
    deleted_at:String - ISO timestamp of deletion

    Webhooks

    Get real-time notifications when scans complete

    Webhook Payload

    When a scan completes, PTKD will send a POST request to your webhook URL with the following payload:

    {
      "scan_id": "scan_abc123",
      "status": "completed",
      "completed_at": "2024-01-15T10:35:22Z",
      "results": {
        "severity_summary": {
          "critical": 0,
          "high": 2,
          "medium": 5,
          "low": 8,
          "info": 12
        },
        "vulnerabilities": [
          {
            "id": "vuln_001",
            "title": "Insecure HTTP connections detected",
            "severity": "high",
            "category": "network_security",
            "description": "Application makes HTTP requests without encryption",
            "remediation": "Replace HTTP URLs with HTTPS equivalents"
          }
        ]
      }
    }

    Error Codes

    HTTP status codes and their meanings

    400

    Bad Request

    Invalid request parameters or malformed data

    401

    Unauthorized

    Invalid or missing API key

    403

    Forbidden

    API key does not have required permissions

    404

    Not Found

    Scan ID or resource not found

    413

    Payload Too Large

    File size exceeds 500MB limit

    429

    Too Many Requests

    Rate limit exceeded

    500

    Internal Server Error

    Server error occurred

    Ready to Integrate?

    Get your API key and start scanning apps programmatically.