Urlert Logo

API Documentation

Ready to get started?

Start exploring our API with 25 free credits — no credit card required.

Try the API View Pricing
Base URL

All API requests should be made to:

https://api.urlert.com/v1
Authentication

All API endpoints require authentication using an API key

Request Examples
bash
curl -X GET "https://api.urlert.com/v1/endpoints" \
  -H "X-API-Key: your-api-key-here"
Rate Limiting

API requests are rate-limited to ensure fair usage

Rate Limits

  • GET requests: 100 requests per minute
  • POST/PATCH requests: 10 requests per minute

Response Headers

Header Description Example
X-RateLimit-Remaining Number of requests remaining in the current time window 9
X-RateLimit-Reset Unix timestamp (in seconds) when the rate limit window resets 1699456800
X-RateLimit-Limit Maximum requests per minute 10

Rate Limit Exceeded (429)

Implementation Examples
typescript
function exponentialBackoff(retries) {
  return Math.min(1000 * Math.pow(2, retries), 60000);
}

async function fetchWithRetry(url = "https://api.urlert.com/v1/endpoints", options, maxRetries = 5) {
  for (let i = 0; i < maxRetries; i++) {
    try {
      const response = await fetch(url, options);
      if (response.status !== 429) return response;
      
      const backoffMs = exponentialBackoff(i);
      await new Promise(resolve => setTimeout(resolve, backoffMs));
    } catch (error) {
      if (i === maxRetries - 1) throw error;
    }
  }
}
Complete Usage Example

Learn how to perform a complete scan workflow using our API

Workflow Steps

Create Scan

Submit a URL to start the analysis process. The API will return a scan object containing the scan ID.

Check Status

Poll the scan status endpoint every few seconds. The scan progresses through these states: PENDING → SCRAPED → ANALYZED, or FAILED if an error occurs.

Handle Results

When status is ANALYZED, you can access the analysis results including:
  • threatLevel (BENIGN to MALICIOUS)
  • confidence score (0.0 - 1.0)
  • malicious and non-malicious reasons
  • final URL after redirects
Complete Code Example
typescript
import type { Scan, Analysis, ScanStatus, ThreatLevel } from './types';

// 1. Create a new scan
async function createScan(url: string): Promise<Scan> {
  const response = await fetch("https://api.urlert.com/v1/scans", {
    method: "POST",
    headers: {
      "X-API-Key": "your-api-key-here",
      "Content-Type": "application/json",
    },
    body: JSON.stringify({ url })
  });
  return await response.json();
}

// 2. Poll for scan results
async function checkScanStatus(scanId: string): Promise<Scan> {
  const response = await fetch(`https://api.urlert.com/v1/scans/${scanId}`, {
    headers: { "X-API-Key": "your-api-key-here" }
  });
  return await response.json();
}

// 3. Complete workflow with polling
async function analyzeSite(url: string) {
  // Start the scan
  const scan = await createScan(url);
  console.log("Scan created:", scan.id);

  // Poll for results
  while (true) {
    const result = await checkScanStatus(scan.id);
    
    if (result.status === "FAILED") {
      console.error("Scan failed:", result.error);
      break;
    }
    
    if (result.status === "ANALYZED") {
      console.log("Scan completed!");
      console.log("Threat Level:", result.analysis?.threatLevel);
      console.log("Confidence:", result.analysis?.confidence);
      console.log("Final URL:", result.analysis?.finalUrl);
      console.log("Malicious Reasons:", result.analysis?.maliciousReasons);
      break;
    }

    // Wait 2 seconds before next check
    await new Promise(resolve => setTimeout(resolve, 2000));
  }
}

// Usage
analyzeSite("https://example.com");

Endpoints

GET /v1/status

Get API status

POST /v1/scans

Create a new scan

Creates a new scan for the specified URL. Scan data is automatically deleted after 90 days.

GET /v1/scans/{id}

Get scan results by ID

Returns the scan results. Scan data is automatically deleted after 90 days from creation.

POST /v1/reports

Create a new report from scan results

Creates a new report based on scan results. Reports are automatically deleted after 7 days.

GET /v1/reports/{id}

Get report by ID

Returns the report data. Reports are automatically deleted after 7 days from creation.

POST /v1/reports/batch

Create multiple reports from scan results in batch

Creates multiple reports based on scan results in a single request. Limit of 50 reports per batch. Reports are automatically deleted after 7 days. This operation counts as 5 operations against your rate limit.

POST /v1/reports/batch/get

Get multiple reports by IDs in batch

Returns multiple report data in a single request. Limit of 50 reports per batch. Reports are automatically deleted after 7 days from creation. This operation counts as 5 operations against your rate limit.