Know your API's
real score.
Analyze any REST endpoint and get a clear quality score, with real security, performance, and design guidance.
$ npx Cyberian scan https://api.example.com/v1
✓ Score: 87/100 · 2 issues found
Scanned 2 min ago
api.example.com/v1
Analysis overview · 1 critical · 2 warnings · 40 passed
FINDINGS
70+ probes · 2 min ago
api.example.com/v1
Works with any REST API
What we check
Six dimensions.
One complete picture.
Security
Security checks that actually matter.
We check HTTPS, CORS, rate limiting, sensitive data exposure, and SSL on every single scan.
12 security checks
Covering the most common API risks
Attack-style testing
We simulate real problems before they reach users
Practical fixes
Clear steps you can apply immediately
Process
Scan your first API
in 30 seconds.
01
Paste your API URL
Enter any REST endpoint. Public or authenticated, we handle both.
02
Multiple checks run in parallel
Security, performance, design, documentation, error handling, and standards are evaluated together.
03
Get your quality score
A clear 0-100 score with per-category breakdown. Know exactly where you stand.
04
Fix with clear direction
Each issue includes a simple explanation and a practical fix you can apply today.
Automation
Ship quality into
your CI pipeline.
Add one step to your GitHub Actions workflow and catch API issues before they reach production.
name: API Quality Checkon: [push, pull_request]jobs: apiscore: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Scan API quality run: | npx apiscore scan ${{ secrets.API_URL }} --fail-below 80 --badge-update
$ npx apiscore scan https://api.example.com/v1
Connecting to API...
Running analysis...
┌───────────────────────────────────────────────────┐
│ APIScore — api.example.com/v1 │
│ Score: 87/100 ⭐⭐⭐ │
├───────────────────────────────────────────────────┤
│ Security ████████████████████░░ 92/100 │
│ Performance █████████████████░░░░░ 78/100 │
│ Design █████████████████████░ 95/100 │
│ Documentation █████████████░░░░░░░░░ 60/100 │
│ Errors ███████████████████░░░ 88/100 │
│ Standards ████████████████████░░ 90/100 │
├───────────────────────────────────────────────────┤
│ ❌ CRITICAL: No rate limiting detected │
│ ⚠️ WARNING: No OpenAPI spec found │
│ ✅ 40 checks passed │
└───────────────────────────────────────────────────┘
Full report: https://apiscore.dev/report/abc123
$
my-rest-api
A production-ready REST API built with Node.js + Express. Includes JWT auth, rate limiting, and full CRUD operations.
API Quality Score
This API is monitored with APIScore. Automated quality scanning on every push.
Fail builds below threshold
Set a minimum score (e.g. 80) and fail the CI run if your API regresses.
Auto-update README badge
Your score badge updates automatically on every successful scan.
Score history
Track your API quality over time with per-commit score history.
Pricing
Simple, honest
pricing.
No hidden fees. Cancel anytime.
Choose your payment provider:
PayPal: No business registration required
Free
For exploring and personal projects.
- 5 scans / month
- Core 15 checks
- Basic score report
- Public APIs only
Dev
For developers shipping APIs to production.
- 100 scans / month
- All security checks
- Full detailed report
- Private APIs + auth headers
- PDF export
- Score history (30 days)
Team
For small teams with multiple APIs.
- 500 scans / month
- All security checks
- Up to 5 team members
- CI/CD integration
- README badge
- Score history (90 days)
- Priority support
Pro
For teams that need scale and automation.
- Unlimited scans
- All security checks
- Unlimited team members
- Scheduled scans
- Webhooks + Slack alerts
- Score history (1 year)
- Dedicated support
What people say
Developers ship
better APIs.
"We added APIScore to our CI pipeline and caught a missing rate limiter before it hit prod. Saved us from a potential nightmare."
Marco R.
Backend Engineer · Fintech startup
"The documentation score was a wake-up call. We had zero OpenAPI spec on a public API. Fixed it in a day, score went from 58 to 84."
Camille D.
Full Stack Dev · SaaS company
"Simple tool, real results. I run it on every API I ship now. It's like a second pair of eyes that checks things I'd forget."
Arjun M.
API Developer · Freelance
Questions &
answers.
Yes. On Dev, Team, and Pro plans you can pass authentication headers (Bearer token, API key, Basic auth) so we can scan private or protected endpoints.
Dozens of checks across six areas: security (headers, CORS, injection probes, exposed files, cookie flags), performance (compression, caching, latency), API design, documentation, error handling, and standards. The full list is in the docs.
All checks run in parallel, so most scans finish fast. The Intelligence deep-scan adds an extra passive recon layer on top of the standard scan and takes a bit longer.
You can scan any public API. Just respect the rate limits and terms of service of whatever you're scanning. We have built-in throttling so we don't hammer the target.
Response bodies are processed in memory and never stored. We only keep the score and the findings.
Yes. `npx cyberian scan <url>` works without an account for basic checks. You need to log in to see the full report and your scan history.
Get started
Ship better APIs.
Starting now.
No account needed to start. Paste your URL and get a score in seconds.
Free forever · No credit card · 5 scans/month on free plan