Getting Started
The VSCan API allows you to scan VS Code extensions for security vulnerabilities programmatically. All requests require secure authentication via an API key snippet.
Authentication Protocol
Always include your active API key in the X-API-Key
header for each secure request payload:
curl -H "X-API-Key: your-api-key" \
https://vscan.dev/api/v1/status/your-analysis-idGenerate Your API Key
Head over to the developer portal to instantly provision API credentials and quota.
Base URL
https://vscan.dev/api/v1Core Endpoints
/scan
Submit a raw VS Code extension package configuration for multi-layered security analysis and intelligence scanning.
Request Payload Schema
| Parameter | Type | Description |
|---|---|---|
| publisher required | string | The authoritative author/publisher identifier of the subject extension. |
| name required | string | The exact technical slug/name component of the subject extension. |
Execution Example
curl -X POST https://vscan.dev/api/v1/scan \
-H "Content-Type: application/json" \
-H "X-API-Key: your-api-key" \
-d '{"publisher": "ms-python", "name": "python"}'Response Pattern (202 Accepted)
{
"success": true,
"analysisId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"status": "pending",
"message": "Extension accepted for analysis.",
"statusUrl": "/api/v1/status/a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"resultsUrl": "/api/v1/results/a1b2c3d4-e5f6-7890-abcd-ef1234567890"
}/status/:analysisId
Poll the live status and execution progress of a triggered analysis workflow.
Path Parameters
| Parameter | Type | Description |
|---|---|---|
| analysisId required | UUID | The 36-character tracking identifier injected via the
POST /scan
handler.
|
Execution Example
curl https://vscan.dev/api/v1/status/a1b2c3d4-e5f6-7890-abcd-ef1234567890 \
-H "X-API-Key: your-api-key"Response Pattern (200 OK)
{
"success": true,
"analysisId": "a1b...",
"status": "processing",
"progress": 45,
"message": "Analyzing...",
"resultsUrl": null
}State Machine Enumerables
| Status Enum | Directive Meaning |
|---|---|
| pending | Job queued. Awaiting available compute capacity. |
| processing | Job claimed. Executing dynamic intelligence tools. |
| completed | Execution finalized. Safe to query `/results`. |
| failed | Job threw a fatal exception. Package unavailable or incompatible. |
/results/:analysisId
Extract the full normalized intelligence report and risk
scores for a completed
analysis.
Path Parameters
| Parameter | Type | Description |
|---|---|---|
| analysisId required | UUID | The 36-character tracking identifier returned natively from the initial creation request. |
Execution Example
curl https://vscan.dev/api/v1/results/a1b2c3d4-e5f6-7890-abcd-ef1234567890 \
-H "X-API-Key: your-api-key"Response Pattern (200 OK)
{
"success": true,
"analysisId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"results": {
"score": 85,
"extensionInfo": {
"publisher": "ms-python",
"name": "python",
"version": "2024.1.0"
},
"findings": [
// Contains an exact array of isolated threats mapped by tool engine
...
],
"summary": {
// Aggregated statistical risk mapping factors
...
}
}
}Rate Topologies
Scan Submission
POST /api/v1/scan — compute-heavy jobs
Public API & Config
/api/v1/*
status, results & config endpoints
General API
All /api/*
routes — catch-all ceiling
Exception Mapping
| HTTP | Semantics Mapping |
|---|---|
| 400 | Malformed parameter schema or absent target arguments |
| 401 | Key rejection / Empty X-API-Key |
| 404 | UUID identifier unmapped inside intelligence store |
| 409 | Conflict - Execution lock active on identical package |
| 429 | Rate limit exceeded — too many requests in the current window |
| 500+ | Gateway fallback. Native server crash. |