# RustScan API
### Validate Token Public Key
`POST` `https://rustscan.com/app/api-validate-solana-token/`
**Request Body**
| Name | Type | Description |
| ----- | ------ | ---------------- |
| token | string | Token Public Key |
**CURL Example**
{% tabs %}
{% tab title="Request" %}
```
curl 'https://rustscan.com/app/api-validate-solana-token/' \
-H 'content-type: application/json' \
--data-raw '{"token":"rndrizKT3MK1iimdxRdWabcF7Zg7AR5T4nud4EkHBof"}'
```
{% endtab %}
{% tab title="Response" %}
```
{
"data": {
"token_valid": true
},
"success": true
}
```
{% endtab %}
{% endtabs %}
### Scan Token
`GET` `https://rustscan.com/app/api/v1/solana-scan/`
**Note:** An API token is required for this endpoint. Without a token, the API has strict rate limits. To obtain a token, contact the team at .
**CURL Example**
{% tabs %}
{% tab title="Request" %}
```
curl 'https://rustscan.com/app/api/v1/solana-scan/rndrizKT3MK1iimdxRdWabcF7Zg7AR5T4nud4EkHBof' \
-H 'accept: application/json, text/plain, */*' \
-H 'accept-language: en-US,en;q=0.8' \
-H 'cache-control: no-cache' \
-H 'Authorization: Token {{token}}'
```
{% endtab %}
{% tab title="Response" %}
```
{
"data": {
"average_score": 15.400000000000006,
"client_id": 602,
"holders_info": {
"largest_accounts": [
{
"address": "AyzyikXL9kKs2cwyHsWLEe22aRYAvhbWwFn9TKrgmMx",
"amount": "9130709500140343",
"percentage": 22.166424428723353
},
{
"address": "8228jZiMQrgEhQv1cJgzsC2nk5sgQ8XQT2z4Cpi5mTSW",
"amount": "4000000000000001",
"percentage": 9.710712810820516
},
{
"address": "79Adifnep4pD1nrQSiHAS5X1yaTMgcd4ufnnZQnffX4B",
"amount": "2500003700000000",
"percentage": 6.069204489172171
},
{
"address": "4PcC3r3yfAJHJJ4WFjhuBcZDX38RNTvDCFLTJZF2cWxY",
"amount": "1962772611800005",
"percentage": 4.764980286533487
},
{
"address": "5crgXHDPmJup446JZ8Qxyx4jjyZbdW8pUjYBpbuqs8Ra",
"amount": "1510639967278643",
"percentage": 3.66734772069755
},
{
"address": "DzgL8bRB8sjTp3FMfGeM4bz3c8AD9BjQhUMDYks8SeQA",
"amount": "812707896089129",
"percentage": 1.972993244501923
},
{
"address": "7Rc85PbczgByupv9hBQCKWL1eHPQTmVnmFAvH8JUF4Fp",
"amount": "650000200000000",
"percentage": 1.577991317293974
},
{
"address": "B8E6RSZzp4j7ttJq2c8inT5fEZj89iQ7dzHjnimALHPz",
"amount": "560274455754141",
"percentage": 1.360166083766807
},
{
"address": "DHjcUkRKE16Rf3qXdmrwCvqCGNNbEURmB8AjPFENr3S5",
"amount": "498291533158492",
"percentage": 1.2096914936413907
},
{
"address": "2AYynk9g9FSctSaDwJGAS5kMJpXmJuxg2KYnj36sLjtC",
"amount": "487160368275100",
"percentage": 1.1826686072832633
}
],
"total_amount": 22112560232495852,
"total_percentage": 53.682180482434426
},
"issue_count": {
"Beneficial": 0,
"High Risk": 2,
"Low Risk": 0,
"Moderate Risk": 2,
"No Impact": 1,
"Unavailable": 0
},
"metadata": {
"creator_address": "None",
"creator_holding": 0,
"metadata_public_key": "G9rXtQrmSdNtc56j1SDekaQ2edXKgDkavv6iLDBGGcwJ",
"mint_decimals": 8,
"mint_public_key": "rndrizKT3MK1iimdxRdWabcF7Zg7AR5T4nud4EkHBof",
"mint_supply": "41191620820490697",
"public_key": "rndrizKT3MK1iimdxRdWabcF7Zg7AR5T4nud4EkHBof",
"token_address": "rndrizKT3MK1iimdxRdWabcF7Zg7AR5T4nud4EkHBof",
"token_image_uri": "https://shdw-drive.genesysgo.net/5zseP54TGrcz9C8HdjZwJJsZ6f3VbP11p1abwKWGykZH/rndr.png",
"token_name": "Render Token",
"token_standard": "Token 2022",
"token_symbol": "RENDER",
"token_uri": "https://shdw-drive.genesysgo.net/5zseP54TGrcz9C8HdjZwJJsZ6f3VbP11p1abwKWGykZH/rndr.json"
},
"scan_details": [
{
"issue_description": "The token appears to have an update authority assigned. This means that the token's metadata can be modified by the designated authority, potentially leading to unauthorized changes, manipulation, or even malicious activities. The address of the update authority is Eo4Du1GjLnQpEvZpBLMmeDFYqPjtGH5msDdUiS8WLGvC.",
"issue_id": "SOLANA_TOKEN_UPDATE_AUTHORITY",
"issue_name": "Update Authority",
"issue_status": "fail",
"severity": "Moderate Risk",
"weight1": 1.5,
"weight2": 0.8
},
{
"issue_description": "The token appears to have a freeze authority assigned. This means that the token can be frozen by the designated authority, potentially leading to unauthorized freezing, manipulation, or even malicious activities. The address of the freeze authority is 3LNxAhNnQpbCPcvgiamZhUbBugZTzxbjhcMwJ5jE65r5",
"issue_id": "SOLANA_TOKEN_FREEZE_AUTHORITY",
"issue_name": "Freeze Authority",
"issue_status": "fail",
"severity": "High Risk",
"weight1": 1.5,
"weight2": 1.5
},
{
"issue_description": "The token appears to have a mint authority assigned. This means that the token can be minted by the designated authority, potentially leading to unauthorized minting, manipulation, or even malicious activities. The address of the mint authority is CFyeujXVymxgP2YR9kLbPsaCv2rKrtXMWtJ3EbAN2pdc",
"issue_id": "SOLANA_TOKEN_MINT_AUTHORITY",
"issue_name": "Mint Authority",
"issue_status": "fail",
"severity": "High Risk",
"weight1": 1.5,
"weight2": 1.5
},
{
"issue_description": "The creator of the token holds 0.0% which is less than 5% of the total token supply. This is a positive sign as it indicates a more decentralized distribution of the token.",
"issue_id": "SOLANA_OWNER_HOLDING_IS_MORE_THAN_5_PERCENT",
"issue_name": "Owner holding is more than 5%",
"issue_status": "pass",
"severity": "No Impact"
},
{
"issue_description": "The top 5 holders of the token collectively holds 53.7% which is more than 10% of the total supply. This is a potential concern as it indicates a more centralized distribution of the token, which could lead to issues such as market manipulation or control.",
"issue_id": "SOLANA_TOP_5_HOLDERS_HAVING_MORE_THEN_10_PERCENT",
"issue_name": "Top 5 Holders having more than 10% of total supply",
"issue_status": "fail",
"severity": "Moderate Risk",
"weight1": 1.5,
"weight2": 0.8
}
],
"scan_id": "580e52184f97728f",
"scan_init_time": "2025-03-17T07:42:50.772079",
"severity": "High Risk"
},
"status": "success"
}
```
{% endtab %}
{% endtabs %}
### Get Scan Details
`POST` `https://rustscan.com/app/api-get-solana-scan-details/`
**Request Body**
| Name | Type | Description |
| -------- | ------ | -------------- |
| scan\_id | string | Id of the scan |
**CURL Example**
{% tabs %}
{% tab title="Request" %}
```
curl 'https://rustscan.com/app/api-get-solana-scan-details/' \
-H 'content-type: application/json' \
--data-raw '{"scan_id":"944a308e28b26787"}'
```
{% endtab %}
{% tab title="Response" %}
```
{
"success": true,
"data": {
"issue_count": {
"Beneficial": 0,
"High Risk": 2,
"Low Risk": 0,
"Moderate Risk": 2,
"No Impact": 1,
"Unavailable": 0
},
"scan_details": [
{
"issue_description": "The token appears to have an update authority assigned. This means that the token's metadata can be modified by the designated authority, potentially leading to unauthorized changes, manipulation, or even malicious activities. The address of the update authority is Eo4Du1GjLnQpEvZpBLMmeDFYqPjtGH5msDdUiS8WLGvC.",
"issue_id": "SOLANA_TOKEN_UPDATE_AUTHORITY",
"issue_name": "Update Authority",
"issue_status": "fail",
"severity": "Moderate Risk",
"weight1": 1.5,
"weight2": 0.8
},
{
"issue_description": "The token appears to have a freeze authority assigned. This means that the token can be frozen by the designated authority, potentially leading to unauthorized freezing, manipulation, or even malicious activities. The address of the freeze authority is 3LNxAhNnQpbCPcvgiamZhUbBugZTzxbjhcMwJ5jE65r5",
"issue_id": "SOLANA_TOKEN_FREEZE_AUTHORITY",
"issue_name": "Freeze Authority",
"issue_status": "fail",
"severity": "High Risk",
"weight1": 1.5,
"weight2": 1.5
},
{
"issue_description": "The token appears to have a mint authority assigned. This means that the token can be minted by the designated authority, potentially leading to unauthorized minting, manipulation, or even malicious activities. The address of the mint authority is CFyeujXVymxgP2YR9kLbPsaCv2rKrtXMWtJ3EbAN2pdc",
"issue_id": "SOLANA_TOKEN_MINT_AUTHORITY",
"issue_name": "Mint Authority",
"issue_status": "fail",
"severity": "High Risk",
"weight1": 1.5,
"weight2": 1.5
},
{
"issue_description": "The creator of the token holds 0.0% which is less than 5% of the total token supply. This is a positive sign as it indicates a more decentralized distribution of the token.",
"issue_id": "SOLANA_OWNER_HOLDING_IS_MORE_THAN_5_PERCENT",
"issue_name": "Owner holding is more than 5%",
"issue_status": "pass",
"severity": "No Impact"
},
{
"issue_description": "The top 5 holders of the token collectively holds 53.7% which is more than 10% of the total supply. This is a potential concern as it indicates a more centralized distribution of the token, which could lead to issues such as market manipulation or control.",
"issue_id": "SOLANA_TOP_5_HOLDERS_HAVING_MORE_THEN_10_PERCENT",
"issue_name": "Top 5 Holders having more than 10% of total supply",
"issue_status": "fail",
"severity": "Moderate Risk",
"weight1": 1.5,
"weight2": 0.8
}
],
"holders_info": {
"largest_accounts": [
{
"address": "AyzyikXL9kKs2cwyHsWLEe22aRYAvhbWwFn9TKrgmMx",
"amount": "9130709500140343",
"percentage": 22.166225212544504
},
{
"address": "8228jZiMQrgEhQv1cJgzsC2nk5sgQ8XQT2z4Cpi5mTSW",
"amount": "4000000000000001",
"percentage": 9.710625537787092
},
{
"address": "79Adifnep4pD1nrQSiHAS5X1yaTMgcd4ufnnZQnffX4B",
"amount": "2500003700000000",
"percentage": 6.069149943445554
},
{
"address": "4PcC3r3yfAJHJJ4WFjhuBcZDX38RNTvDCFLTJZF2cWxY",
"amount": "1962772611800005",
"percentage": 4.764937462253549
},
{
"address": "5crgXHDPmJup446JZ8Qxyx4jjyZbdW8pUjYBpbuqs8Ra",
"amount": "1514159334278643",
"percentage": 3.6758585749312225
},
{
"address": "DzgL8bRB8sjTp3FMfGeM4bz3c8AD9BjQhUMDYks8SeQA",
"amount": "819107896089127",
"percentage": 1.9885125134915325
},
{
"address": "7Rc85PbczgByupv9hBQCKWL1eHPQTmVnmFAvH8JUF4Fp",
"amount": "650000200000000",
"percentage": 1.577977135421679
},
{
"address": "B8E6RSZzp4j7ttJq2c8inT5fEZj89iQ7dzHjnimALHPz",
"amount": "551513705810642",
"percentage": 1.3388857690211042
},
{
"address": "DHjcUkRKE16Rf3qXdmrwCvqCGNNbEURmB8AjPFENr3S5",
"amount": "498291533158492",
"percentage": 1.2096806217879836
},
{
"address": "2AYynk9g9FSctSaDwJGAS5kMJpXmJuxg2KYnj36sLjtC",
"amount": "487160368275100",
"percentage": 1.1826579782924875
}
],
"total_amount": 22113718849552350,
"total_percentage": 53.6845107489767
},
"metadata": {
"creator_address": "None",
"creator_holding": 0,
"metadata_public_key": "G9rXtQrmSdNtc56j1SDekaQ2edXKgDkavv6iLDBGGcwJ",
"mint_decimals": 8,
"mint_public_key": "rndrizKT3MK1iimdxRdWabcF7Zg7AR5T4nud4EkHBof",
"mint_supply": "41191991025034844",
"public_key": "rndrizKT3MK1iimdxRdWabcF7Zg7AR5T4nud4EkHBof",
"token_address": "rndrizKT3MK1iimdxRdWabcF7Zg7AR5T4nud4EkHBof",
"token_image_uri": "https://shdw-drive.genesysgo.net/5zseP54TGrcz9C8HdjZwJJsZ6f3VbP11p1abwKWGykZH/rndr.png",
"token_name": "Render Token",
"token_standard": "Token 2022",
"token_symbol": "RENDER",
"token_uri": "https://shdw-drive.genesysgo.net/5zseP54TGrcz9C8HdjZwJJsZ6f3VbP11p1abwKWGykZH/rndr.json"
},
"severity": "High Risk",
"scan_id": "944a308e28b26787",
"scan_init_time": "2025-03-13T08:09:53.839231",
"average_score": 15
}
}
```
{% endtab %}
{% endtabs %}
### RustScan GitHub Scan APIs
This section documents the REST and WebSocket interfaces for running RustScan security scans on code repositories (e.g. GitHub projects) and retrieving detailed results and reports.
### REST API - Get Scan Details (GitHub Scans)
`POST` `https://rustscan.com/app/api-get-rustscan-details/`
Fetch detailed results for a previously completed RustScan scan by its `scan_id`.
**Request Details**
* **Method**: `POST`
* **URL**: `https://rustscan.com/app/api-get-rustscan-details/`
* **Content-Type**: `application/json`
* **Accept**: `application/json`
* **Authentication**: None required
**Request Body**
| Name | Type | Description |
| -------- | ------ | -------------- |
| scan\_id | string | Id of the scan |
**CURL Example**
{% tabs %}
{% tab title="Request" %}
```
curl 'https://rustscan.com/app/api-get-rustscan-details/' \
-H 'content-type: application/json' \
--data-raw '{"scan_id":"03c30b7a373a4d7c"}'
```
{% endtab %}
{% tab title="Response" %}
```
{
"scan_id": "03c30b7a373a4d7c",
"scan_details": {
"scan_id": "03c30b7a373a4d7c",
"project_url": "https://github.com/alloy-rs/alloy",
"project_name": "alloy",
"scan_type": "github",
"is_zip_scan": false,
"project_icon": "https://github.com/alloy-rs.png",
"quick_file_scan_details": [
{
"detector_id": "solana.account_reinitialization",
"title": "Initialization without reinit check",
"severity": "high",
"confidence": "high"
}
// ... more findings
],
"findings_count": 31,
"source_file": "https://github.com/alloy-rs/alloy/tree/...",
"multi_file_scan_summary": {
"comments": {},
"count_files_analyzed": 361,
"issue_severity_distribution": {
"critical": 0,
"high": 1,
"informational": 0,
"low": 24,
"medium": 6
},
"issues_count": 31,
"lines_analyzed_count": 102662,
"scan_time_taken": 7065,
"score_v2": "12.00",
"score_rating": "Poor"
},
"project_id": "12224f2b5761279ea12e483e266e4620"
}
}
```
{% endtab %}
{% endtabs %}
**Response Fields**
* **scan\_id**: The scan identifier.
* **project\_url**: GitHub or source URL of the scanned project.
* **project\_name**: Name of the project.
* **scan\_type**: Type of scan (e.g. `github`).
* **is\_zip\_scan**: Whether the scan was from a zip upload.
* **quick\_file\_scan\_details**: Array of detector findings with severity and confidence.
* **findings\_count**: Total number of findings.
* **multi\_file\_scan\_summary**: Aggregated scan statistics, including severity distribution, scores, lines analyzed, and time taken.
* **score\_v2**: Numeric security score.
* **score\_rating**: Human‑readable rating (e.g. `Poor`, `Fair`, `Good`).
* **project\_id**: Unique project identifier.
### WebSocket API (GitHub Scans)
All real-time interactions use a persistent WebSocket connection. Messages are JSON objects with an `action` and a `payload`.
#### Initiate a Project Scan
Send this message to start a new scan on a public GitHub project.
**Request (Client → Server)**
```
{
"action": "message",
"payload": {
"type": "public_project_scan_initiate",
"body": {
"project_url": "https://github.com/alloy-rs/alloy",
"project_branch": "main",
"project_name": "alloy",
"project_commit": "",
"project_type": "new",
"project_visibility": "public",
"scanner_type": "rustscan",
"skip_file_paths": [
".config/",
".github/",
"CHANGELOG.md",
"Cargo.toml",
"README.md"
// ... additional paths to exclude
]
},
"cf-turnstile-response": ""
}
}
```
**Body Fields**
* **project\_url**: Full GitHub URL of the repository.
* **project\_branch**: Branch to scan (e.g. `main`).
* **project\_name**: Display name for the project.
* **project\_commit**: Specific commit hash (empty = latest).
* **project\_type**: `new` or `existing`.
* **project\_visibility**: `public` or `private`.
* **scanner\_type**: Scanner to use — `rustscan`.
* **skip\_file\_paths**: Array of file/folder paths to exclude from scan.
* **cf-turnstile-response**: Cloudflare Turnstile CAPTCHA token.
**Scan Status Update (Server → Client)**
```
{
"type": "quick_scan_status",
"request_uuid": "7bab55cf1c82d4d451ed3f8583dc8bf4",
"payload": {
"scan_id": "af01d98488a4904c",
"scan_status": "scan_done",
"project_id": null,
"scan_details": {
"is_latest_scan": false,
"webhook_enabled": false,
"multi_file_scan_summary": {
"issue_severity_distribution": {
"critical": 0,
"high": 1,
"informational": 0,
"low": 24,
"medium": 6
},
"scan_time_taken": 7876,
"score_v2": "12.00",
"lines_analyzed_count": 102662,
"threat_score": null
},
"project_url": "https://github.com/alloy-rs/alloy",
"scan_id": "af01d98488a4904c",
"scan_status": "scan_done",
"quick_file_scan_details": [
{
"detector_id": "solana.account_reinitialization",
"title": "Initialization without reinit check",
"severity": "high",
"confidence": "high"
}
// ... more findings
]
}
},
"event_timestamp": "2026-02-18 10:53:32.352165"
}
```
**Status Values**
* **scan\_done**: Scan completed successfully.
* **scan\_in\_progress**: Scan is currently running.
* **scan\_failed**: Scan encountered an error (check `scan_status_err_msg`).
#### Generate a Report
Once a scan is complete and you have a `project_id` and `scan_id`, send this message to generate a downloadable report.
**Request (Client → Server)**
```
{
"action": "message",
"payload": {
"type": "generate_report",
"body": {
"project_id": "bce56d35c587ec8e7555da589fb0a6ab",
"scan_id": "38caa091805fcac6",
"report_id": null,
"scanner_type": "rustscan",
"connection_id": "Y-UrzdzdCYcCIVw="
}
}
}
```
**Body Fields**
* **project\_id**: Project ID from the scan details.
* **scan\_id**: Scan ID to generate report for.
* **report\_id**: `null` for new report; pass existing ID to regenerate.
* **scanner\_type**: `rustscan`.
* **connection\_id**: Current WebSocket connection ID.
**Report Generation Status (Server → Client)**
```
{
"type": "report_generation_status",
"request_uuid": "",
"payload": {
"scan_id": "38caa091805fcac6",
"project_id": "bce56d35c587ec8e7555da589fb0a6ab",
"report_status": "report_generated",
"report_id": "6676b922481f5626"
},
"event_timestamp": "2026-02-18 10:57:28.984198"
}
```
**Response Fields**
* **report\_status**: `report_generated` on success.
* **report\_id**: Unique ID of the generated report.
* **scan\_id**: Scan ID the report was generated for.
* **project\_id**: Project ID the report belongs to.
* **event\_timestamp**: UTC timestamp of the event.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://apidoc.solidityscan.com/solidityscan-security-api/getting-started/apis/rustscan-api.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.