Developers

GhostCred API

Scan repositories for exposed credentials programmatically — wire it into CI, a dashboard, or bulk MSP workflows. Included with Pro and MSP plans.

Authentication

When you subscribe to Pro or MSP, we email you an API key (gc_live_…). Send it as a bearer token on every request. Keep it secret — it scans on your account.

POST `/api/v1/scan`

Body: { "repo_url": "<github url>" }. Returns the full risk report (no paywall — you're authenticated).

Request

curl -X POST https://ghostcred.io/api/v1/scan \
  -H "Authorization: Bearer gc_live_..." \
  -H "content-type: application/json" \
  -d '{"repo_url":"https://github.com/your-org/your-repo"}'

Response

{
  "scan_id": "…",
  "risk_score": 82,
  "total_findings": 9,
  "critical_count": 2,
  "high_count": 3,
  "medium_count": 3,
  "low_count": 1,
  "results": { "findings": [ … ], "executive_summary": "…" }
}

Pay-as-you-go — $0.50 / scan

No subscription. Get a metered key and only pay for the scans you run.

Or get API access bundled with Pro / MSP.

See plans

GhostCred API

Authentication

POST /api/v1/scan

Pay-as-you-go — $0.50 / scan

POST `/api/v1/scan`