DocsAPI Reference

API Reference

Integrate AuditSmart into your CI/CD pipeline, development workflow, or build your own security tooling on top of our API.

Base URL: https://api.auditsmart.org/v1
Bearer Token Auth
JSON responses
Rate limited by plan

Authentication

All API requests require an API key passed as a Bearer token in the Authorization header. Generate keys from Dashboard → Settings → API Keys.

Authorization Header
Authorization: Bearer as_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Keep your API key secret. Never expose it in client-side code or public repositories. Rotate keys instantly from the dashboard if compromised.

Rate Limits

Free10 req/min3/month
Pro60 req/min20/month
Enterprise200 req/min50/month

Rate limit headers included in all responses: X-RateLimit-Remaining, X-RateLimit-Reset

Endpoints

POST/audit/scanCore

Submit a Solidity contract for analysis. Returns findings in JSON.

GET/audit/results/:id

Retrieve results for a completed audit by ID.

GET/audit/history

Get paginated list of all audits for the authenticated user.

POST/audit/deepEnterprise

Submit for Deep Audit with Claude Opus extended thinking. Returns PoCs and patched code.

GET/user/limits

Check remaining audits, rate limits, and plan details.

GET/payment/plans

Get available subscription plans and their features.

Live Examples

Request

cURL
curl -X POST https://api.auditsmart.org/v1/audit/scan \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "code": "// SPDX-License-Identifier: MIT\npragma solidity ^0.8.0;\n\ncontract Vulnerable {\n  mapping(address => uint256) public balances;\n\n  function withdraw() external {\n    uint256 amount = balances[msg.sender];\n    (bool ok,) = msg.sender.call{value: amount}(\"\");\n    balances[msg.sender] = 0; // ❌ state updated after call\n  }\n}",
    "options": {
      "deepScan": false,
      "includeFixCode": true
    }
  }'

Response

JSON
{
  "auditId": "audit_7f8a3b2c",
  "status": "completed",
  "contractHash": "sha256:a1b2c3d4...",
  "duration": "48s",
  "summary": {
    "critical": 1,
    "high": 0,
    "medium": 1,
    "low": 2,
    "info": 3
  },
  "findings": [
    {
      "id": "REENTRANCY-001",
      "severity": "CRITICAL",
      "category": "Reentrancy",
      "title": "Reentrancy vulnerability in withdraw()",
      "description": "State update occurs after external call. Allows recursive withdrawal.",
      "line": 10,
      "agent": "ReentrancyAgent",
      "fix": {
        "code": "function withdraw() external {\n  uint256 amount = balances[msg.sender];\n  balances[msg.sender] = 0; // ✅ state first\n  (bool ok,) = msg.sender.call{value: amount}(\"\");\n}",
        "pattern": "Checks-Effects-Interactions"
      }
    }
  ],
  "reportUrl": "https://auditsmart.org/r/audit_7f8a3b2c",
  "pdfUrl": "https://auditsmart.org/r/audit_7f8a3b2c.pdf"
}

Error Codes

400
Bad Request
Missing required fields or invalid Solidity syntax
401
Unauthorized
Missing or invalid API key
403
Forbidden
Audit limit exceeded for your plan
404
Not Found
Audit ID does not exist or belongs to another user
429
Too Many Requests
Rate limit exceeded. Check X-RateLimit-Reset header
500
Server Error
Unexpected error. Retry after a few seconds

Need help with the API?

Check out our community Discord for help, or open a support ticket if you're on a paid plan.

Community DiscordOpen Support Ticket