API Documentation

Integrate SamuAI scans into your CI/CD pipeline, dashboards, or security workflows.

The Scan API requires a Pro or Org plan. Lookup, Catalog, and Badge endpoints are free. View plans

Base URL

https://www.samuai.dev

Authentication

The Scan API authenticates via API key. Pass it in one of two ways:

Header (recommended)

x-api-key: aisk_your_key_here

Authorization header

Authorization: Bearer aisk_your_key_here

Generate API keys in Settings → API Keys. Each key has configurable scopes and rate limits.

Rate Limits

Rate limit headers are included on every response:

X-RateLimit-Limit

header

Max requests per hour for your plan

X-RateLimit-Remaining

header

Requests remaining in the current window

X-RateLimit-Reset

header

Unix timestamp when the window resets

Retry-After

header

Seconds to wait (only on 429 responses)

Errors

All errors return JSON with an error field:

{
  "error": "API key required. Pass via x-api-key header or Authorization: Bearer aisk_..."
}

400

status

Invalid request body or parameters

401

status

Missing or invalid API key

403

status

API key lacks required scope

429

status

Rate limit exceeded

502

status

Upstream scan failure (e.g., store unavailable)

Tool Types

SamuAI auto-detects the tool type from the input. You can also force it:

chrome

type

32-char ID or Chrome Web Store URL

vscode

type

publisher.extension format (e.g., ms-python.python)

npm

type

npm package name (e.g., express)

mcp

type

MCP server package name

Need help?

Questions about the API, rate limits, or integration?

support@samuai.dev