Documentation·API v1 + v2 mirrored. v1 sunset 2027-04.

Programmatic posture,
same surface as the UI.

REST endpoints to scan, compare, evaluate compliance, and route webhooks. Same data the dashboard renders, no scraping.

Quick start

1. Generate an API key in Dashboard, Settings, API Access.

2. Pass the key as an X-API-Key header.

3. Scan any domain:

curl -H "X-API-Key: cqs_your_key" \
  https://api.cqwerty.com/api/v1/scan/example.com

Rate limits

100

scans / day, Operator

1,000

scans / day, Org

JSON

response format

Endpoints

Run a lightweight security scan on any domain. Returns SSL, DMARC, SPF, headers grades and WHOIS summary.

AuthX-API-Key header

Request

curl -H "X-API-Key: cqs_your_key" \
  https://api.cqwerty.com/api/v1/scan/example.com

Response

{
  "ok": true,
  "domain": "example.com",
  "grades": {
    "ssl_grade": "A+",
    "email_grade": "B",
    "headers_grade": "C",
    "overall_score": 72,
    "risk_level": "MEDIUM"
  },
  "ssl": { "valid": true, "issuer": "Let's Encrypt", "expires": "2026-07-01" },
  "dmarc": { "record": "v=DMARC1; p=reject; rua=..." },
  "spf": { "record": "v=spf1 include:_spf.google.com -all" },
  "scanned_at": "2026-04-11T00:00:00Z"
}

Programmatic posture,same surface as the UI.

Quick start

Rate limits

Endpoints

Programmatic posture,
same surface as the UI.