API DOCUMENTATION

Developer API.

Programmatic domain security scanning. Integrate CQwerty Shield into your CI/CD pipeline, monitoring tools, or custom dashboards.

Quick start

1. Generate an API key in Dashboard > Settings > API Access

2. Add the key to your requests as an X-API-Key header

3. Scan any domain:

curl -H "X-API-Key: cqs_your_key"   https://api.cqwerty.com/api/v1/scan/example.com

Rate limits

100

scans/day (Pro)

1,000

scans/day (Business)

JSON

response format

Endpoints

Run a lightweight security scan on any domain. Returns SSL, DMARC, SPF, headers grades and WHOIS summary.

Auth: X-API-Key header

Request

curl -H "X-API-Key: cqs_your_key" \
  https://api.cqwerty.com/api/v1/scan/example.com

Response

{
  "ok": true,
  "domain": "example.com",
  "grades": {
    "ssl_grade": "A+",
    "email_grade": "B",
    "headers_grade": "C",
    "overall_score": 72,
    "risk_level": "MEDIUM"
  },
  "ssl": { "valid": true, "issuer": "Let's Encrypt", "expires": "2026-07-01" },
  "dmarc": { "record": "v=DMARC1; p=reject; rua=..." },
  "spf": { "record": "v=spf1 include:_spf.google.com -all" },
  "scanned_at": "2026-04-11T00:00:00Z"
}