API Reference Overview
The RepoRisk API lets you interact with the platform programmatically — submit repositories for analysis, poll scan status, retrieve reports, and browse scan history — all without using the web interface.
Direct API access is available on Tier 3 plans only. Tier 1 and Tier 2 organizations will see an upgrade prompt in Settings instead of key-management controls.
What You Can Do
- Submit repositories, browser extensions, and NPM packages for security analysis
- Poll scan status and retrieve completed security reports
- Browse scan history for any repository in your organization
- Scope access to a specific sub-organization by issuing a sub-org-scoped key
Plan Tier Requirement
API key generation is available to organizations on the following plans:
| Plan | API Access |
|---|---|
| Tier 1 | No |
| Tier 2 | No |
| Tier 3 | Yes |
Key Format
Every RepoRisk API key begins with the prefix rrk_live_ followed by a 43-character URL-safe random string. Example:
rrk_live_AbCdEfGhIjKlMnOpQrStUvWxYz0123456789_abcdef
Keys are shown once at creation time and are never retrievable afterwards. Store yours securely immediately after generating it.
Interactive API Explorer
RepoRisk exposes a live Swagger UI at:
https://api.canirunthat.com/api/docs
You can also access the ReDoc viewer at https://api.canirunthat.com/api/redoc and the raw OpenAPI JSON schema at https://api.canirunthat.com/api/openapi.json.
The explorer lets you inspect every endpoint, view request/response schemas, and execute requests directly in the browser (paste your API key into the Authorize dialog).
Next Steps
- Authentication — Generate a key and use it as a bearer token
- Endpoints — Full list of available operations with request/response fields
- Examples — Ready-to-run curl and Python snippets
- Error Reference — HTTP error codes and their meanings