reference
API Reference
Attestd exposes a single REST endpoint. All responses are JSON.
Base URL
https://api.attestd.ioAuthentication
Pass your API key in the Authorization header as a Bearer token.
Authorization: Bearer YOUR_API_KEYUse attestd_demo_key during development. Get a production key from the developer portal.
endpoint
GET /v1/check
Returns the current risk assessment for a product version.
Query parameters
| Parameter | Description |
|---|---|
product | Required. Product slug (e.g. nginx, log4j, openssh). See Quickstart for the full list. |
version | Required. Version string in any standard format (e.g. 1.24.0, 2.14.1, 8.0p1). |
Example request
bash
curl "https://api.attestd.io/v1/check?product=nginx&version=1.24.0" \
-H "Authorization: Bearer YOUR_API_KEY"Responses
200 OK— supported productjson
{
"product": "nginx",
"version": "1.24.0",
"supported": true,
"risk_state": "high",
"risk_factors": [
"remote_code_execution",
"no_authentication_required",
"internet_exposed_service",
"patch_available"
],
"actively_exploited": false,
"remote_exploitable": true,
"authentication_required": false,
"patch_available": true,
"fixed_version": "1.24.2",
"confidence": 0.89,
"cve_ids": ["CVE-2021-23017"],
"last_updated": "2026-02-23T18:21:30Z"
}200 OK— product not in coveragejson
{
"supported": false
}error codes
| Status | Meaning |
|---|---|
400 | Missing or invalid query parameters (product or version omitted) |
401 | Missing or invalid API key |
422 | Version string could not be parsed |
429 | Rate limit exceeded (see Retry-After header) |
500 | Internal server error — transient, safe to retry with backoff |
bash
HTTP/1.1 429 Too Many Requests
Retry-After: 60
{
"detail": "Rate limit exceeded"
}rate limits
| Tier | Monthly limit | Per-minute limit |
|---|---|---|
| Demo key | — | 60/min |
| Free | 500 calls | 60/min |
| Starter | 10,000 calls | 60/min |
| Pro | Unlimited | 60/min |
Monthly limits reset on your billing anniversary. The 429 response includes a Retry-After header with seconds to wait.