🌐SolidityScan Private API

The Private APIs can be called via two methods

  1. WebSockets API

  2. HTTP API

1. WebSocket API Documentation

Overview

The WebSocket API provided by SolidityScan allows users to initiate and monitor various types of scans, including Project Scans for GitHub, BitBucket, and GitLab projects, Block Scans for different blockchain platforms, and File Scans for individual files.

  • URL: api-ws.solidityscan.com

  • Protocol: wss

  • Description: This request requires authorization. The bearer token is sent in the auth_tokenrequest parameter.

Step 1. Auth Token Registration Description: The first step is to register with your auth token to generate an UUID.

{
    "action": "message",
    "payload": {
        "type": "auth_token_register",
        "body": {
            "auth_token": "{Your_Auth_Token}"
        }
    }
}

Scan Types

1. Project Scan: Supported Providers: GitHub, BitBucket, GitLab

Sample Message Request & Response:

{
  "action": "message",
  "payload": {
    "type": "private_project_scan_initiate",
    "body": {
      "provider": "github",
      "project_url": "https://github.com/Shashank-In/SmartContract",
      "project_name": "SolidityScan",
      "project_type": "new",
      "project_branch": "main",
      "recur_scans": false,
      "project_visibility": "public",
      "skip_file_paths": []
    }
  }
}

  1. provider: The provider of the project repository. In this case, it is github, indicating that the project is hosted on GitHub. Other supported values bitbucket & gitlab

  2. project_url: The URL of the project repository. It points to the GitHub repository where the SolidityScan project is hosted. Users can navigate to this URL to access the project's source code and other details.

  3. project_name: The name of the project. This can be any name under 50 characters. In this case, it is "SolidityScan", indicating the name of the project hosted on GitHub.

  4. project_type: Specifies the type of project. This is of two types new (A new scan)& to existing perform a rescan on an existing project.

  5. project_branch: This can be any existing branch that needs to be scanned.

  6. recur_scans: A boolean (true or false) value indicating whether recursive scans are enabled for the project. In this case, it is set to "false", suggesting that recursive scans are not enabled.

  7. project_visibility: Indicates the visibility level of the project repository accepts value public or private. For the private repository, the user needs to configure private repository support from the integration page at https://solidityscan.com/integrations.

  8. skip_file_paths: An array of file paths or patterns to skip during scanning or processing. It is currently an empty array, indicating that no file paths are skipped during scans.

The scan data can be fetched from the S3 bucket. The JSON of the scan data sample can be found below.

  1. Verified Contract Scan: Supported Chains: All listed chains

{
  "action": "message",
  "payload": {
    "type": "private_block_scan_initiate",
    "body": {
      "contract_address": "0xd34d68A92f4E37d388bb6A72d801da575503B1C3",
      "contract_platform": "etherscan",
      "contract_chain": "mainnet"
    }
  }
}

The scan data can be fetched from the S3 bucket. The JSON of the scan data sample can be found below.

  1. File Upload Scans:

Step 1 - Fetching a pre-signed URL

file_name - Supported file name extensions .sol & .zip It is required to supply a file name to generate a pre-signed S3 URL from our end. Note this is just a file name and not an actual file upload call.

GET /private/api-get-presigned-url/?file_name=Your_File.zip HTTP/1.1
Host: api.solidityscan.com
Authorization: Bearer {Your token}

Step 2 - Scan initiation Request

{
    "action": "message",
    "payload": {
        "type": "private_project_scan_initiate",
        "body": {
            "file_urls": [
                "S3_signed_URL"
            ],
            "project_name": "TestRemix",
            "project_type": "new"
        }
    }
}

The value of the link is the s3 link of the JSON response of the scan result data.

Sample Response:

Scan Lifespan and Events

  1. Scan Initiation Acknowledgment:

    • Type: private_project_scan_acknowledge

    • Sample:

      {
  "type": "private_project_scan_acknowledge",
  "payload": {
    "scan_id": "",
    "message": "",
    "project_name": "testsol1",
    "project_url": "https://github.com/mano-credshields/testsol1",
    "project_id": null
  },
  "event_timestamp": "2024-02-13 13:30:45.750213"
}

  2. Account Credits Update:

    • Type: account_credits_update

    • Sample:

      {
  "type": "account_credits_update",
  "payload": {
    "updated_credits": 78
  },
  "event_timestamp": "2024-02-13 13:30:46.114996"
}

  3. Scan Status Events:

    • Types: scan_initiate, scan_status

    • Sample:

      {
  "type": "scan_initiate",
  "payload": {
    "scan_details": { ... }
  },
  "event_timestamp": "2024-02-13 13:30:46.238227"
}

  4. Post Scan Completion Details:

    • Type: scan_status with scan_status as scan_done

    • Sample:

      {
  "type": "scan_status",
  "payload": {
    "scan_id": "3c360eb6e7d70c5c",
    "scan_status": "scan_done",
    "project_id": "851506d2648ff2a405b8de364f00ca82",
    "scan_details": {
      "link": "https://credshields-prod.s3.amazonaws.com/private_scan_details/b3249e92472d1352.json?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=...&X-Amz-Date=...&X-Amz-Expires=...&X-Amz-SignedHeaders=...&X-Amz-Signature=..."
    }
  },
  "event_timestamp": "2024-02-13 13:30:56.323289"
}

2. HTTP API Documentation

Project Scan

Start a project scan

POST https://api.solidityscan.com/private/api-project-scan/

Request Body

Project Scan Example

curl --location 'https://api.solidityscan.com/private/api-project-scan/' \
--header 'accept: application/json, text/plain, */*' \
--header 'accept-language: en-GB,en-US;q=0.9,en;q=0.8' \
--header 'sec-ch-ua-mobile: ?0' \
--header 'sec-fetch-dest: empty' \
--header 'sec-fetch-mode: cors' \
--header 'sec-fetch-site: same-origin' \
--header 'sec-gpc: 1' \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '{
    "provider": "github"
    "project_name": "SolidityScan",
    "project_url": "https://github.com/Shashank-In/SmartContract",
    "project_branch": "master",
    "project_skip_files":[]
}'

Verified Contract Scans

Start a block scan

POST https://api.solidityscan.com/private/api-start-scan-block/

Request Body

Block Scan CURL Example

curl --location 'https://api.solidityscan.com/private/api-start-scan-block/' \
--header 'accept: application/json, text/plain, */*' \
--header 'accept-language: en-GB,en-US;q=0.9,en;q=0.8' \
--header 'sec-ch-ua-mobile: ?0' \
--header 'sec-fetch-dest: empty' \
--header 'sec-fetch-mode: cors' \
--header 'sec-fetch-site: same-origin' \
--header 'sec-gpc: 1' \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '{
    "contract_address": "0x814d65082Bbfbf45130741018772143b690609CE",
    "contract_platform": "bscscan",
    "contract_chain": "mainnet"
}'

Generate Report

Generate Report

POST https://api.solidityscan.com/private/api-generate-report/

Request Body

Generate Report CURL Example

curl --location 'https://api.solidityscan.com/private/api-generate-report/' \
--header 'accept: application/json, text/plain, */*' \
--header 'accept-language: en-GB,en-US;q=0.9,en;q=0.8' \
--header 'sec-ch-ua-mobile: ?0' \
--header 'sec-fetch-dest: empty' \
--header 'sec-fetch-mode: cors' \
--header 'sec-fetch-site: same-origin' \
--header 'sec-gpc: 1' \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '{
    "project_id": "abcdefgh12345",
    "scan_id": "abcdef123"
}'

This documentation provides a comprehensive guide for utilizing the WebSocket API, including connection details, supported scan types, and sample payloads.

PreviousSolidityScan SDKNextSolidityScan Other APIs

Last updated