ScruteX API documentation
The ScruteX REST API gives you programmatic access to findings, assets, threat intelligence, and reporting across every module. Webhooks expose real-time event streams. Customers building custom integrations, internal dashboards, or routing findings into bespoke tooling can use the API today.
The API is currently in private beta. Endpoint documentation and authentication guides are available to approved beta partners. Request access using the form below, and we will be in touch within two business days.
Six API surfaces, one OAuth flow
Every module exposes a corresponding API surface. Authentication is OAuth 2.0 with scoped tokens. Rate limits are documented per surface and tier. Read-write access is gated by role.
Findings API
List findings across modules with filtering by severity, asset, status, and detection date. Push status updates back into the platform.
Assets API
Read the discovered asset inventory, including domains, IPs, certificates, and metadata. Programmatic enumeration for downstream tooling.
Threat Intelligence API
Query threat actors, campaigns, IOCs, and TTP mappings scoped to your sector. Pull curated intelligence into your existing workflows.
Webhooks
Real-time event streams for new findings, status changes, and campaign events. Configurable filtering and delivery destinations.
Reporting API
Generate audit-ready reports on demand. PDF and CSV output formats. Scheduled delivery to webhook endpoints.
Vendor Insights API
Query third-party posture data, questionnaire status, and risk register entries for programmatic vendor risk reporting.
Endpoint reference, OpenAPI spec, and direct support
Beta partners get the full endpoint reference with request and response schemas, an OpenAPI 3.1 specification suitable for code generation, authentication and webhook configuration guides, and direct Slack access to the engineering team building the API.
We do not publish the documentation publicly during beta because the API surface is still stabilising. Breaking changes are possible between beta releases. We notify partners in advance, and we keep migration paths short.
General availability is scheduled for later in 2026. At GA, the documentation moves to a public Swagger UI deployment with stable versioning and a published deprecation policy.
Request API access
Tell us about the integration you want to build. We prioritise beta access for customers running active production deployments. Two business day turnaround on most requests.