API Reference
CodeStax provides a REST API for integrating security scanning into your CI/CD pipelines, custom tools, and automation workflows.
Base URL
https://codestax.co/apiAll API endpoints are prefixed with /api which is routed to the backend.
Authentication
API requests require authentication using either:
- API Key — For CI/CD and programmatic access (recommended)
- JWT Token — For session-based access (used by the web app)
See Authentication for details.
Response Format
All responses are JSON. Successful responses return the data directly:
{
"id": "abc123",
"status": "completed",
"issues_count": 5
}Error responses include a detail field:
{
"detail": "Not authenticated"
}HTTP Status Codes
| Code | Meaning |
|---|---|
200 | Success |
201 | Created |
400 | Bad request (invalid parameters) |
401 | Not authenticated |
403 | Forbidden (insufficient permissions) |
404 | Resource not found |
422 | Validation error |
429 | Rate limited |
500 | Internal server error |
Rate Limits
API requests are rate-limited based on your plan:
| Plan | Rate Limit |
|---|---|
| Free | 100 requests/hour |
| Pro | 1,000 requests/hour |
| Team | 5,000 requests/hour |
| Enterprise | Custom |
When rate limited, you’ll receive a 429 response. Wait and retry.
Pagination
List endpoints return paginated results. Use skip and limit query parameters:
GET /api/scans?skip=0&limit=15