RustScan API

Validate Token Public Key

POST https://rustscan.com/app/api-validate-solana-token/

Request Body

Name

Type

Description

token

string

Token Public Key

CURL Example

curl 'https://rustscan.com/app/api-validate-solana-token/' \
  -H 'content-type: application/json' \
  --data-raw '{"token":"rndrizKT3MK1iimdxRdWabcF7Zg7AR5T4nud4EkHBof"}'

Scan Token

GET https://rustscan.com/app/api/v1/solana-scan/<token_public_key>

Note: An API token is required for this endpoint. Without a token, the API has strict rate limits. To obtain a token, contact the team at [email protected].

CURL Example

curl 'https://rustscan.com/app/api/v1/solana-scan/rndrizKT3MK1iimdxRdWabcF7Zg7AR5T4nud4EkHBof' \
  -H 'accept: application/json, text/plain, */*' \
  -H 'accept-language: en-US,en;q=0.8' \
  -H 'cache-control: no-cache' \
  -H 'Authorization: Token {{token}}'

{
    "data": {
        "average_score": 15.400000000000006,
        "client_id": 602,
        "holders_info": {
            "largest_accounts": [
                {
                    "address": "AyzyikXL9kKs2cwyHsWLEe22aRYAvhbWwFn9TKrgmMx",
                    "amount": "9130709500140343",
                    "percentage": 22.166424428723353
                },
                {
                    "address": "8228jZiMQrgEhQv1cJgzsC2nk5sgQ8XQT2z4Cpi5mTSW",
                    "amount": "4000000000000001",
                    "percentage": 9.710712810820516
                },
                {
                    "address": "79Adifnep4pD1nrQSiHAS5X1yaTMgcd4ufnnZQnffX4B",
                    "amount": "2500003700000000",
                    "percentage": 6.069204489172171
                },
                {
                    "address": "4PcC3r3yfAJHJJ4WFjhuBcZDX38RNTvDCFLTJZF2cWxY",
                    "amount": "1962772611800005",
                    "percentage": 4.764980286533487
                },
                {
                    "address": "5crgXHDPmJup446JZ8Qxyx4jjyZbdW8pUjYBpbuqs8Ra",
                    "amount": "1510639967278643",
                    "percentage": 3.66734772069755
                },
                {
                    "address": "DzgL8bRB8sjTp3FMfGeM4bz3c8AD9BjQhUMDYks8SeQA",
                    "amount": "812707896089129",
                    "percentage": 1.972993244501923
                },
                {
                    "address": "7Rc85PbczgByupv9hBQCKWL1eHPQTmVnmFAvH8JUF4Fp",
                    "amount": "650000200000000",
                    "percentage": 1.577991317293974
                },
                {
                    "address": "B8E6RSZzp4j7ttJq2c8inT5fEZj89iQ7dzHjnimALHPz",
                    "amount": "560274455754141",
                    "percentage": 1.360166083766807
                },
                {
                    "address": "DHjcUkRKE16Rf3qXdmrwCvqCGNNbEURmB8AjPFENr3S5",
                    "amount": "498291533158492",
                    "percentage": 1.2096914936413907
                },
                {
                    "address": "2AYynk9g9FSctSaDwJGAS5kMJpXmJuxg2KYnj36sLjtC",
                    "amount": "487160368275100",
                    "percentage": 1.1826686072832633
                }
            ],
            "total_amount": 22112560232495852,
            "total_percentage": 53.682180482434426
        },
        "issue_count": {
            "Beneficial": 0,
            "High Risk": 2,
            "Low Risk": 0,
            "Moderate Risk": 2,
            "No Impact": 1,
            "Unavailable": 0
        },
        "metadata": {
            "creator_address": "None",
            "creator_holding": 0,
            "metadata_public_key": "G9rXtQrmSdNtc56j1SDekaQ2edXKgDkavv6iLDBGGcwJ",
            "mint_decimals": 8,
            "mint_public_key": "rndrizKT3MK1iimdxRdWabcF7Zg7AR5T4nud4EkHBof",
            "mint_supply": "41191620820490697",
            "public_key": "rndrizKT3MK1iimdxRdWabcF7Zg7AR5T4nud4EkHBof",
            "token_address": "rndrizKT3MK1iimdxRdWabcF7Zg7AR5T4nud4EkHBof",
            "token_image_uri": "https://shdw-drive.genesysgo.net/5zseP54TGrcz9C8HdjZwJJsZ6f3VbP11p1abwKWGykZH/rndr.png",
            "token_name": "Render Token",
            "token_standard": "Token 2022",
            "token_symbol": "RENDER",
            "token_uri": "https://shdw-drive.genesysgo.net/5zseP54TGrcz9C8HdjZwJJsZ6f3VbP11p1abwKWGykZH/rndr.json"
        },
        "scan_details": [
            {
                "issue_description": "The token appears to have an update authority assigned. This means that the token's metadata can be modified by the designated authority, potentially leading to unauthorized changes, manipulation, or even malicious activities. The address of the update authority is Eo4Du1GjLnQpEvZpBLMmeDFYqPjtGH5msDdUiS8WLGvC.",
                "issue_id": "SOLANA_TOKEN_UPDATE_AUTHORITY",
                "issue_name": "Update Authority",
                "issue_status": "fail",
                "severity": "Moderate Risk",
                "weight1": 1.5,
                "weight2": 0.8
            },
            {
                "issue_description": "The token appears to have a freeze authority assigned. This means that the token can be frozen by the designated authority, potentially leading to unauthorized freezing, manipulation, or even malicious activities. The address of the freeze authority is 3LNxAhNnQpbCPcvgiamZhUbBugZTzxbjhcMwJ5jE65r5",
                "issue_id": "SOLANA_TOKEN_FREEZE_AUTHORITY",
                "issue_name": "Freeze Authority",
                "issue_status": "fail",
                "severity": "High Risk",
                "weight1": 1.5,
                "weight2": 1.5
            },
            {
                "issue_description": "The token appears to have a mint authority assigned. This means that the token can be minted by the designated authority, potentially leading to unauthorized minting, manipulation, or even malicious activities. The address of the mint authority is CFyeujXVymxgP2YR9kLbPsaCv2rKrtXMWtJ3EbAN2pdc",
                "issue_id": "SOLANA_TOKEN_MINT_AUTHORITY",
                "issue_name": "Mint Authority",
                "issue_status": "fail",
                "severity": "High Risk",
                "weight1": 1.5,
                "weight2": 1.5
            },
            {
                "issue_description": "The creator of the token holds 0.0% which is less than 5% of the total token supply. This is a positive sign as it indicates a more decentralized distribution of the token.",
                "issue_id": "SOLANA_OWNER_HOLDING_IS_MORE_THAN_5_PERCENT",
                "issue_name": "Owner holding is more than 5%",
                "issue_status": "pass",
                "severity": "No Impact"
            },
            {
                "issue_description": "The top 5 holders of the token collectively holds 53.7% which is more than 10% of the total supply. This is a potential concern as it indicates a more centralized distribution of the token, which could lead to issues such as market manipulation or control.",
                "issue_id": "SOLANA_TOP_5_HOLDERS_HAVING_MORE_THEN_10_PERCENT",
                "issue_name": "Top 5 Holders having more than 10% of total supply",
                "issue_status": "fail",
                "severity": "Moderate Risk",
                "weight1": 1.5,
                "weight2": 0.8
            }
        ],
        "scan_id": "580e52184f97728f",
        "scan_init_time": "2025-03-17T07:42:50.772079",
        "severity": "High Risk"
    },
    "status": "success"
}

Get Scan Details

POST https://rustscan.com/app/api-get-solana-scan-details/

Request Body

Name

Type

Description

scan_id

string

Id of the scan

CURL Example

curl 'https://rustscan.com/app/api-get-solana-scan-details/' \
  -H 'content-type: application/json' \
  --data-raw '{"scan_id":"944a308e28b26787"}'

{
    "success": true,
    "data": {
        "issue_count": {
            "Beneficial": 0,
            "High Risk": 2,
            "Low Risk": 0,
            "Moderate Risk": 2,
            "No Impact": 1,
            "Unavailable": 0
        },
        "scan_details": [
            {
                "issue_description": "The token appears to have an update authority assigned. This means that the token's metadata can be modified by the designated authority, potentially leading to unauthorized changes, manipulation, or even malicious activities. The address of the update authority is Eo4Du1GjLnQpEvZpBLMmeDFYqPjtGH5msDdUiS8WLGvC.",
                "issue_id": "SOLANA_TOKEN_UPDATE_AUTHORITY",
                "issue_name": "Update Authority",
                "issue_status": "fail",
                "severity": "Moderate Risk",
                "weight1": 1.5,
                "weight2": 0.8
            },
            {
                "issue_description": "The token appears to have a freeze authority assigned. This means that the token can be frozen by the designated authority, potentially leading to unauthorized freezing, manipulation, or even malicious activities. The address of the freeze authority is 3LNxAhNnQpbCPcvgiamZhUbBugZTzxbjhcMwJ5jE65r5",
                "issue_id": "SOLANA_TOKEN_FREEZE_AUTHORITY",
                "issue_name": "Freeze Authority",
                "issue_status": "fail",
                "severity": "High Risk",
                "weight1": 1.5,
                "weight2": 1.5
            },
            {
                "issue_description": "The token appears to have a mint authority assigned. This means that the token can be minted by the designated authority, potentially leading to unauthorized minting, manipulation, or even malicious activities. The address of the mint authority is CFyeujXVymxgP2YR9kLbPsaCv2rKrtXMWtJ3EbAN2pdc",
                "issue_id": "SOLANA_TOKEN_MINT_AUTHORITY",
                "issue_name": "Mint Authority",
                "issue_status": "fail",
                "severity": "High Risk",
                "weight1": 1.5,
                "weight2": 1.5
            },
            {
                "issue_description": "The creator of the token holds 0.0% which is less than 5% of the total token supply. This is a positive sign as it indicates a more decentralized distribution of the token.",
                "issue_id": "SOLANA_OWNER_HOLDING_IS_MORE_THAN_5_PERCENT",
                "issue_name": "Owner holding is more than 5%",
                "issue_status": "pass",
                "severity": "No Impact"
            },
            {
                "issue_description": "The top 5 holders of the token collectively holds 53.7% which is more than 10% of the total supply. This is a potential concern as it indicates a more centralized distribution of the token, which could lead to issues such as market manipulation or control.",
                "issue_id": "SOLANA_TOP_5_HOLDERS_HAVING_MORE_THEN_10_PERCENT",
                "issue_name": "Top 5 Holders having more than 10% of total supply",
                "issue_status": "fail",
                "severity": "Moderate Risk",
                "weight1": 1.5,
                "weight2": 0.8
            }
        ],
        "holders_info": {
            "largest_accounts": [
                {
                    "address": "AyzyikXL9kKs2cwyHsWLEe22aRYAvhbWwFn9TKrgmMx",
                    "amount": "9130709500140343",
                    "percentage": 22.166225212544504
                },
                {
                    "address": "8228jZiMQrgEhQv1cJgzsC2nk5sgQ8XQT2z4Cpi5mTSW",
                    "amount": "4000000000000001",
                    "percentage": 9.710625537787092
                },
                {
                    "address": "79Adifnep4pD1nrQSiHAS5X1yaTMgcd4ufnnZQnffX4B",
                    "amount": "2500003700000000",
                    "percentage": 6.069149943445554
                },
                {
                    "address": "4PcC3r3yfAJHJJ4WFjhuBcZDX38RNTvDCFLTJZF2cWxY",
                    "amount": "1962772611800005",
                    "percentage": 4.764937462253549
                },
                {
                    "address": "5crgXHDPmJup446JZ8Qxyx4jjyZbdW8pUjYBpbuqs8Ra",
                    "amount": "1514159334278643",
                    "percentage": 3.6758585749312225
                },
                {
                    "address": "DzgL8bRB8sjTp3FMfGeM4bz3c8AD9BjQhUMDYks8SeQA",
                    "amount": "819107896089127",
                    "percentage": 1.9885125134915325
                },
                {
                    "address": "7Rc85PbczgByupv9hBQCKWL1eHPQTmVnmFAvH8JUF4Fp",
                    "amount": "650000200000000",
                    "percentage": 1.577977135421679
                },
                {
                    "address": "B8E6RSZzp4j7ttJq2c8inT5fEZj89iQ7dzHjnimALHPz",
                    "amount": "551513705810642",
                    "percentage": 1.3388857690211042
                },
                {
                    "address": "DHjcUkRKE16Rf3qXdmrwCvqCGNNbEURmB8AjPFENr3S5",
                    "amount": "498291533158492",
                    "percentage": 1.2096806217879836
                },
                {
                    "address": "2AYynk9g9FSctSaDwJGAS5kMJpXmJuxg2KYnj36sLjtC",
                    "amount": "487160368275100",
                    "percentage": 1.1826579782924875
                }
            ],
            "total_amount": 22113718849552350,
            "total_percentage": 53.6845107489767
        },
        "metadata": {
            "creator_address": "None",
            "creator_holding": 0,
            "metadata_public_key": "G9rXtQrmSdNtc56j1SDekaQ2edXKgDkavv6iLDBGGcwJ",
            "mint_decimals": 8,
            "mint_public_key": "rndrizKT3MK1iimdxRdWabcF7Zg7AR5T4nud4EkHBof",
            "mint_supply": "41191991025034844",
            "public_key": "rndrizKT3MK1iimdxRdWabcF7Zg7AR5T4nud4EkHBof",
            "token_address": "rndrizKT3MK1iimdxRdWabcF7Zg7AR5T4nud4EkHBof",
            "token_image_uri": "https://shdw-drive.genesysgo.net/5zseP54TGrcz9C8HdjZwJJsZ6f3VbP11p1abwKWGykZH/rndr.png",
            "token_name": "Render Token",
            "token_standard": "Token 2022",
            "token_symbol": "RENDER",
            "token_uri": "https://shdw-drive.genesysgo.net/5zseP54TGrcz9C8HdjZwJJsZ6f3VbP11p1abwKWGykZH/rndr.json"
        },
        "severity": "High Risk",
        "scan_id": "944a308e28b26787",
        "scan_init_time": "2025-03-13T08:09:53.839231",
        "average_score": 15
    }
}

RustScan GitHub Scan APIs

This section documents the REST and WebSocket interfaces for running RustScan security scans on code repositories (e.g. GitHub projects) and retrieving detailed results and reports.

REST API - Get Scan Details (GitHub Scans)

POST https://rustscan.com/app/api-get-rustscan-details/

Fetch detailed results for a previously completed RustScan scan by its scan_id.

Request Details

Method: POST
URL: https://rustscan.com/app/api-get-rustscan-details/
Content-Type: application/json
Accept: application/json
Authentication: None required

Request Body

Name

Type

Description

scan_id

string

Id of the scan

CURL Example

curl 'https://rustscan.com/app/api-get-rustscan-details/' \
  -H 'content-type: application/json' \
  --data-raw '{"scan_id":"03c30b7a373a4d7c"}'

{
  "scan_id": "03c30b7a373a4d7c",
  "scan_details": {
    "scan_id": "03c30b7a373a4d7c",
    "project_url": "https://github.com/alloy-rs/alloy",
    "project_name": "alloy",
    "scan_type": "github",
    "is_zip_scan": false,
    "project_icon": "https://github.com/alloy-rs.png",
    "quick_file_scan_details": [
      {
        "detector_id": "solana.account_reinitialization",
        "title": "Initialization without reinit check",
        "severity": "high",
        "confidence": "high"
      }
      // ... more findings
    ],
    "findings_count": 31,
    "source_file": "https://github.com/alloy-rs/alloy/tree/...",
    "multi_file_scan_summary": {
      "comments": {},
      "count_files_analyzed": 361,
      "issue_severity_distribution": {
        "critical": 0,
        "high": 1,
        "informational": 0,
        "low": 24,
        "medium": 6
      },
      "issues_count": 31,
      "lines_analyzed_count": 102662,
      "scan_time_taken": 7065,
      "score_v2": "12.00",
      "score_rating": "Poor"
    },
    "project_id": "12224f2b5761279ea12e483e266e4620"
  }
}

Response Fields

scan_id: The scan identifier.
project_url: GitHub or source URL of the scanned project.
project_name: Name of the project.
scan_type: Type of scan (e.g. github).
is_zip_scan: Whether the scan was from a zip upload.
quick_file_scan_details: Array of detector findings with severity and confidence.
findings_count: Total number of findings.
multi_file_scan_summary: Aggregated scan statistics, including severity distribution, scores, lines analyzed, and time taken.
score_v2: Numeric security score.
score_rating: Human‑readable rating (e.g. Poor, Fair, Good).
project_id: Unique project identifier.

WebSocket API (GitHub Scans)

All real-time interactions use a persistent WebSocket connection. Messages are JSON objects with an action and a payload.

Initiate a Project Scan

Send this message to start a new scan on a public GitHub project.

Request (Client → Server)

{
  "action": "message",
  "payload": {
    "type": "public_project_scan_initiate",
    "body": {
      "project_url": "https://github.com/alloy-rs/alloy",
      "project_branch": "main",
      "project_name": "alloy",
      "project_commit": "",
      "project_type": "new",
      "project_visibility": "public",
      "scanner_type": "rustscan",
      "skip_file_paths": [
        ".config/",
        ".github/",
        "CHANGELOG.md",
        "Cargo.toml",
        "README.md"
        // ... additional paths to exclude
      ]
    },
    "cf-turnstile-response": "<cloudflare_token>"
  }
}

Body Fields

project_url: Full GitHub URL of the repository.
project_branch: Branch to scan (e.g. main).
project_name: Display name for the project.
project_commit: Specific commit hash (empty = latest).
project_type: new or existing.
project_visibility: public or private.
scanner_type: Scanner to use — rustscan.
skip_file_paths: Array of file/folder paths to exclude from scan.
cf-turnstile-response: Cloudflare Turnstile CAPTCHA token.

Scan Status Update (Server → Client)

{
  "type": "quick_scan_status",
  "request_uuid": "7bab55cf1c82d4d451ed3f8583dc8bf4",
  "payload": {
    "scan_id": "af01d98488a4904c",
    "scan_status": "scan_done",
    "project_id": null,
    "scan_details": {
      "is_latest_scan": false,
      "webhook_enabled": false,
      "multi_file_scan_summary": {
        "issue_severity_distribution": {
          "critical": 0,
          "high": 1,
          "informational": 0,
          "low": 24,
          "medium": 6
        },
        "scan_time_taken": 7876,
        "score_v2": "12.00",
        "lines_analyzed_count": 102662,
        "threat_score": null
      },
      "project_url": "https://github.com/alloy-rs/alloy",
      "scan_id": "af01d98488a4904c",
      "scan_status": "scan_done",
      "quick_file_scan_details": [
        {
          "detector_id": "solana.account_reinitialization",
          "title": "Initialization without reinit check",
          "severity": "high",
          "confidence": "high"
        }
        // ... more findings
      ]
    }
  },
  "event_timestamp": "2026-02-18 10:53:32.352165"
}

Status Values

scan_done: Scan completed successfully.
scan_in_progress: Scan is currently running.
scan_failed: Scan encountered an error (check scan_status_err_msg).

Generate a Report

Once a scan is complete and you have a project_id and scan_id, send this message to generate a downloadable report.

Request (Client → Server)

{
  "action": "message",
  "payload": {
    "type": "generate_report",
    "body": {
      "project_id": "bce56d35c587ec8e7555da589fb0a6ab",
      "scan_id": "38caa091805fcac6",
      "report_id": null,
      "scanner_type": "rustscan",
      "connection_id": "Y-UrzdzdCYcCIVw="
    }
  }
}

Body Fields

project_id: Project ID from the scan details.
scan_id: Scan ID to generate report for.
report_id: null for new report; pass existing ID to regenerate.
scanner_type: rustscan.
connection_id: Current WebSocket connection ID.

Report Generation Status (Server → Client)

{
  "type": "report_generation_status",
  "request_uuid": "",
  "payload": {
    "scan_id": "38caa091805fcac6",
    "project_id": "bce56d35c587ec8e7555da589fb0a6ab",
    "report_status": "report_generated",
    "report_id": "6676b922481f5626"
  },
  "event_timestamp": "2026-02-18 10:57:28.984198"
}

Response Fields

report_status: report_generated on success.
report_id: Unique ID of the generated report.
scan_id: Scan ID the report was generated for.
project_id: Project ID the report belongs to.
event_timestamp: UTC timestamp of the event.

PreviousHTTP API NextVulnerability Score API V1

Last updated 19 days ago

hashtagValidate Token Public Key

hashtagScan Token

hashtagGet Scan Details

hashtagRustScan GitHub Scan APIs

hashtagREST API - Get Scan Details (GitHub Scans)

hashtagWebSocket API (GitHub Scans)

hashtagInitiate a Project Scan

hashtagGenerate a Report

Validate Token Public Key

Scan Token

Get Scan Details

RustScan GitHub Scan APIs

REST API - Get Scan Details (GitHub Scans)

WebSocket API (GitHub Scans)

Initiate a Project Scan

Generate a Report