SolidityScan Security API
  • Introduction
    • 📋Overview of SolidityScan
    • 💡Key Features
    • 💻Supported Platforms
  • Getting Started
    • ⭐Web Application
      • ⏩QuickScan
      • Scan a Online Git Repository
      • Scanning a Deployed Contract
      • 🗃️Upload and Scan Solidity Project
      • 👨‍💼Organisation
    • ⚙️APIs
      • 🔏Generating Private Key
      • 🌐SolidityScan Private API
        • WebSocket API
          • Project Scan
          • Verified Contract Scan
          • Project Quick Scan
          • Project Threat Scan
          • File Upload Scans
          • Scan Lifespan and Events
        • HTTP API
      • RustScan API
      • 🔐Vulnerability Score API V1
      • 💢ThreatScore API V1
      • ThreatScore API V2
      • SolidityScan WebSocket Events
        • Private QuickScan WS
        • 🔐Private ThreatScan WS
        • WS references
      • ⚙️Postman Collection
      • Platform Info
    • 📑SolidityScan SDK
    • Platform Parameters
      • Arbitrum
        • Arbiscan
        • Blockscout
      • Asset Chain
        • Blockscout
      • Astar
        • Blockscout
        • SubScan
      • Aurora
        • Aurora Explorer
      • Avalanche
        • Snowtrace
        • Routescan
      • Base
        • BaseScan
        • Blockscout
      • BlackFort
        • Blockscout
      • BOBA
        • Routescan
      • Binance
        • Bscscan
      • BuildBear
        • BuildBear
      • Camino
        • Blockscout
      • Celo
        • Celo Explorer
        • Blockscout
      • Chiliz
        • Routescan
      • Connext
        • Blockscout
      • Creditcoin
        • Blockscout
      • Cronos
        • Cronos Explorer
      • Darwinia
        • SubScan
      • Ethereum Classic
        • Blockscout
      • Ethereum
        • Etherscan
        • Blockscout
      • Etherlink
        • Blockscout
      • Fantom
        • Ftmscan
      • 5ireChain
        • 5ireChain
      • Flare
        • Routescan
      • Fuse
        • Fuse Explorer
        • Blockscout
      • Gnosis
        • Blockscout
      • Hemi
        • Blockscout
      • Immutable
        • Blockscout
      • IOTA
        • Blockscout
      • Japan Open Chain
        • Blockscout
      • Lightlink
        • Blockscout
      • Linea
        • LineaScan
        • Blockscout
      • Lisk
        • Blockscout
      • LUKSO
        • Blockscout
      • Metis
        • Routescan
      • Moonbeam Network
        • SubScan
      • Neon
        • Blockscout
      • Nordek
        • Nordekscan
      • Omni
        • Blockscout
      • One World Chain
        • Blockscout
      • Optimism
        • Optimism
        • Blockscout
      • Peaq Network
        • SubScan
      • Playnance
        • Blockscout
      • Polkadot
        • SubScan
      • Polygon
        • Polygonscan
        • Blockscout
      • re.al
        • Blockscout
      • Redstone
        • Blockscout
      • Reef
        • ReefScan
      • Reya
        • Blockscout
      • Rootstock
        • Blockscout
      • Shibarium
        • Blockscout
      • Shimmer
        • Blockscout
      • Soneium
        • Blockscout
      • Stability
        • Blockscout
      • Tron
        • Tronscan
      • XDC
        • BlocksScan
      • Zetachain
        • Blockscout
      • zkSync
        • Blockscout
  • Integrations
    • GitHub
    • BitBucket
    • GitLab
    • Slack
    • VS Code
    • Remix
  • Audit Reports
    • 📒QuickScan Report
    • 📢Generate and Publish Reports
  • Pricing
    • 💰SolidityScan Pricing
Powered by GitBook
On this page
  • Generate token by following this
  • Start a project scan
  • Start a block scan
  • Generate Report
  • Pre-Signed URL Generation
  • Scan Retrieval
  • File Scan
  1. Getting Started
  2. APIs
  3. SolidityScan Private API

HTTP API

Generate token by following this Generating Private Key

Start a project scan

POST https://api.solidityscan.com/private/api-project-scan/

Name
Type
Description

Authorization*

String

Bearer <token>

Request Body

Name
Type
Description

project_url*

string

url of the project

project_branch

string

branch of the repository to scan

skip_file_paths

[string]

list of paths to skip when scanning

rescan

boolean

true if this scan has already been scanned, false if not.

Project Scan Example

curl --location 'https://api.solidityscan.com/private/api-project-scan/' \
--header 'accept: application/json, text/plain, */*' \
--header 'accept-language: en-GB,en-US;q=0.9,en;q=0.8' \
--header 'sec-ch-ua-mobile: ?0' \
--header 'sec-fetch-dest: empty' \
--header 'sec-fetch-mode: cors' \
--header 'sec-fetch-site: same-origin' \
--header 'sec-gpc: 1' \
--header 'Authorization: Bearer <Your Token>' \
--header 'Content-Type: application/json' \
--data '{
    "provider": "github",
    "project_name": "SolidityScan",
    "project_url": "https://github.com/Shashank-In/SmartContract",
    "project_branch": "main",
    "project_skip_files":[]
}'
{
  "scan_report": {
    "client_id": 326,
    "file_url_list": null,
    "multi_file_scan_details": [
      {
        "issue_id": "SOLIDITY_PUBLIC_BURN",
        "metric_wise_aggregated_findings": [
          {
            "bug_hash": "865MXqQZ2gXMX6bMC6Dak67NXD8=",
            "bug_id": "SSP_2115_8",
            "bug_status": "pending_fix",
            "comment": "",
            "description_details": {
              "function_name": ""
            },
            "findings": [
              {
                "file_path": "/contracts/bep20/BEP20TokenImplementation.sol",
                "line_nos_end": [
                  241
                ],
                "line_nos_start": [
                  238
                ]
              }
            ],
            "scan_id": "c209c67e4fc786aa"
          }
        ],
        "no_of_findings": 36,
        "template_details": {
          "_created": "Thu, 01 Jan 1970 00:00:00 GMT",
          "_id": "64142385f39e851afed3ecc8",
          "_links": {
            "self": {
              "href": "issue_details/SOLIDITY_LONG_REQUIRE_REVERT_STRINGS",
              "title": "issues"
            }
          },
          "_updated": "Thu, 01 Jan 1970 00:00:00 GMT",
          "description_keys": [],
          "detection_logic": "not defined yet",
          "is_production_disabled": false,
          "issue_confidence": "2",
          "issue_description": "<p>The <code>require()</code> and <code>revert()</code> functions take an input string to show errors if the validation fails.</br>This strings inside these functions that are longer than <code>32 bytes</code> require at least one additional <code>MSTORE</code>, along with additional overhead for computing memory offset, and other parameters.</p>",
          "issue_id": "SOLIDITY_LONG_REQUIRE_REVERT_STRINGS",
          "issue_name": "LONG REQUIRE/REVERT STRINGS",
          "issue_remediation": "<p>It is recommended to short the strings passed inside <code>require()</code> and <code>revert()</code> to fit under <code>32 bytes</code>. This will decrease the gas usage at the time of deployment and at runtime when the validation condition is met.</p>",
          "issue_severity": "gas",
          "issue_status": "true",
          "multi_file_supported": "true",
          "version": "1"
        }
      }
    ],
    "multi_file_scan_status": "scan_done",
    "multi_file_scan_summary": {
      "count_files_analyzed": 15,
      "issue_severity_distribution": {
        "critical": 21,
        "gas": 120,
        "high": 20,
        "informational": 18,
        "low": 58,
        "medium": 10
      },
      "issues_count": 247,
      "lines_analyzed_count": 3183,
      "scan_time_taken": 16,
      "scans_ran": [
        "static_template_based"
      ],
      "score": "4.26",
      "score_v2": "85.27"
    },
    "project_branch": "master",
    "project_id": "bf4b2e27a7eca4a04c2e5b2f768e4054",
    "project_name": "mano-credshields-eth-bsc-swap-contracts",
    "project_sequence_id": 2115,
    "project_url": "https://github.com/mano-credshields/eth-bsc-swap-contracts",
    "quick_file_scan_details": "c209c67e4fc786aa",
    "reporting_status": "not_generated",
    "scan_id": "c209c67e4fc786aa",
    "scan_init_time": "2023-06-12T10:18:51.367790",
    "scan_status": "scan_done",
    "scan_type": "project",
    "skip_file_paths": []
  }
}

Verified Contract Scans

Start a block scan

POST https://api.solidityscan.com/private/api-start-scan-block/

Name
Type
Description

Authorization*

String

Bearer <token>

Request Body

Name
Type
Description

contract_address*

string

address of the contract

contract_platform*

string

contract_chain*

strin

chain which the contract belongs to

Block Scan CURL Example

curl --location 'https://api.solidityscan.com/private/api-start-scan-block/' \
--header 'accept: application/json, text/plain, */*' \
--header 'accept-language: en-GB,en-US;q=0.9,en;q=0.8' \
--header 'sec-ch-ua-mobile: ?0' \
--header 'sec-fetch-dest: empty' \
--header 'sec-fetch-mode: cors' \
--header 'sec-fetch-site: same-origin' \
--header 'sec-gpc: 1' \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '{
    "contract_address": "0x814d65082Bbfbf45130741018772143b690609CE",
    "contract_platform": "bscscan",
    "contract_chain": "mainnet"
}'
{
  "scan_report": {
    "client_id": 326,
    "compilerversion": "v0.8.11+commit.d7f03943",
    "contract_address": "0x814d65082Bbfbf45130741018772143b690609CE",
    "contract_chain": "mainnet",
    "contract_platform": "bscscan",
    "contract_url": "https://bscscan.com/address/0x814d65082Bbfbf45130741018772143b690609CE",
    "contractname": "TestCA",
    "currency": "BNB",
    "evmversion": "Default",
    "licensetype": "None",
    "multi_file_scan_details": [
      {
        "issue_id": "SOLIDITY_INCORRECT_ACCESS_CONTROL",
        "metric_wise_aggregated_findings": [
          {
            "bug_hash": "wgs1VNce9tUpqOF1jt-bwauTY14=",
            "bug_id": "SSB_3940_74",
            "bug_status": "pending_fix",
            "comment": "",
            "description_details": {
              "contract_name": "DividendPayingToken",
              "function_name": "rescueTokens",
              "library_name": "@openzeppelin/contracts/access/Ownable.sol",
              "modifier_name": "onlyOwner"
            },
            "findings": [
              {
                "file_path": "contract.sol",
                "line_nos_end": [
                  430
                ],
                "line_nos_start": [
                  427
                ]
              }
            ],
            "scan_id": "7c96cf7b20b42c92"
          },
          {
            "bug_hash": "YpFgK9IcmIEX723u-T3R7MgtPZs=",
            "bug_id": "SSB_3940_75",
            "bug_status": "pending_fix",
            "comment": "",
            "description_details": {
              "contract_name": "TestCA",
              "function_name": "rescueTokens",
              "library_name": "@openzeppelin/contracts/access/Ownable.sol",
              "modifier_name": "onlyOwner"
            },
            "findings": [
              {
                "file_path": "contract.sol",
                "line_nos_end": [
                  605
                ],
                "line_nos_start": [
                  600
                ]
              }
            ],
            "scan_id": "7c96cf7b20b42c92"
          },
          {
            "bug_hash": "XiHaPHM4bJptrgKBwt5LpePsjws=",
            "bug_id": "SSB_3940_76",
            "bug_status": "pending_fix",
            "comment": "",
            "description_details": {
              "contract_name": "TestCA",
              "function_name": "processDividendTracker",
              "library_name": "@openzeppelin/contracts/access/Ownable.sol",
              "modifier_name": "onlyOwner"
            },
            "findings": [
              {
                "file_path": "contract.sol",
                "line_nos_end": [
                  690
                ],
                "line_nos_start": [
                  687
                ]
              }
            ],
            "scan_id": "7c96cf7b20b42c92"
          },
          {
            "bug_hash": "abpAYui5sZSDJjtZ1iUoH4dDtoU=",
            "bug_id": "SSB_3940_77",
            "bug_status": "pending_fix",
            "comment": "",
            "description_details": {
              "contract_name": "TestCA",
              "function_name": "claim",
              "library_name": "@openzeppelin/contracts/access/Ownable.sol",
              "modifier_name": "onlyOwner"
            },
            "findings": [
              {
                "file_path": "contract.sol",
                "line_nos_end": [
                  694
                ],
                "line_nos_start": [
                  692
                ]
              }
            ],
            "scan_id": "7c96cf7b20b42c92"
          },
          {
            "bug_hash": "6mNWpIIeI-jESDh_QxqdkbJ_djo=",
            "bug_id": "SSB_3940_78",
            "bug_status": "pending_fix",
            "comment": "",
            "description_details": {
              "contract_name": "TESTDividendTracker",
              "function_name": "process",
              "library_name": "@openzeppelin/contracts/access/Ownable.sol",
              "modifier_name": "onlyOwner"
            },
            "findings": [
              {
                "file_path": "contract.sol",
                "line_nos_end": [
                  1020
                ],
                "line_nos_start": [
                  975
                ]
              }
            ],
            "scan_id": "7c96cf7b20b42c92"
          }
        ],
        "no_of_findings": 5,
        "template_details": {
          "_created": "Thu, 01 Jan 1970 00:00:00 GMT",
          "_id": "64142385f39e851afed3ecfb",
          "_links": {
            "self": {
              "href": "issue_details/SOLIDITY_INCORRECT_ACCESS_CONTROL",
              "title": "issues"
            }
          },
          "_updated": "Thu, 01 Jan 1970 00:00:00 GMT",
          "description_keys": [
            "contract_name",
            "library_name",
            "function_name",
            "modifier_name"
          ],
          "detection_logic": "not defined yet",
          "is_production_disabled": false,
          "issue_confidence": "1",
          "issue_description": "<p>Access control plays an important role in segregation of privileges in smart contracts and other applications. If this is misconfigured or not properly validated on sensitive functions, it may lead to loss of funds, tokens and in some cases compromise of the smart contract. <br><br>The contract ${contract_name} is importing an access control library ${library_name} but the function ${function_name} is missing the modifier ${modifier_name}.</p>",
          "issue_id": "SOLIDITY_INCORRECT_ACCESS_CONTROL",
          "issue_name": "INCORRECT ACCESS CONTROL",
          "issue_remediation": "<p>It is recommended to go through the contract and observe the functions that are lacking an access control modifier. If they contain sensitive administrative actions, it is advised to add a suitable modifier to the same</p>",
          "issue_severity": "critical",
          "issue_status": "true",
          "multi_file_supported": "true",
          "version": "1"
        }
      }
    ],
    "multi_file_scan_status": "scan_done",
    "multi_file_scan_summary": {
      "count_files_analyzed": 1,
      "issue_severity_distribution": {
        "critical": 5,
        "gas": 91,
        "high": 7,
        "informational": 24,
        "low": 22,
        "medium": 1
      },
      "issues_count": 150,
      "lines_analyzed_count": 1033,
      "scan_time_taken": 9,
      "scans_ran": [
        "static_template_based"
      ],
      "score": "3.96",
      "score_v2": "79.19",
      "threat_score": "76.19"
    },
    "node_reference_id": null,
    "project_id": "a3b0fbb769c94f1733e2beeaee692dd6",
    "project_sequence_id": 3940,
    "quick_file_scan_details": "7c96cf7b20b42c92",
    "reporting_status": "not_generated",
    "scan_id": "7c96cf7b20b42c92",
    "scan_init_time": "2023-06-12T10:27:28.468226",
    "scan_status": "scan_done",
    "scan_type": "block",
    "value": "8.761483474979001e-06"
  }
}

Generate Report

Generate Report

POST https://api.solidityscan.com/private/api-generate-report/

Request Headers

Name
Type
Description

Authorization*

String

Bearer <token>

Request Body

Name
Type
Description

project_id*

string

project_id to generate report for

scan_id*

string

id of the scan associated

scan_type

string

block | project (Use block scan when generating report of scanned on-chain contract and use project type when generating report of github or file upload)

Generate Report CURL Example

curl --location 'https://api.solidityscan.com/private/api-generate-report/' \
--header 'accept: application/json, text/plain, */*' \
--header 'accept-language: en-GB,en-US;q=0.9,en;q=0.8' \
--header 'sec-ch-ua-mobile: ?0' \
--header 'sec-fetch-dest: empty' \
--header 'sec-fetch-mode: cors' \
--header 'sec-fetch-site: same-origin' \
--header 'sec-gpc: 1' \
--header 'Authorization: Bearer <Your Token Here>' \
--header 'Content-Type: application/json' \
--data '{
    "project_id": "6571b352c270c4eafcd0c8b09a75aebc",
    "scan_id": "2934f6851ea514ee",
    "scan_type":"project"
}'
{
    "scan_id": "abcdefgh",
    "status": "started"
}

Pre-Signed URL Generation

GEThttps://solidityscan.com/app/private/api-get-presigned-url/

Generates a pre-signed URL for uploading a file (e.g., test.sol).

Headers

Name
Value

Content-Type

application/json

Authorization

Bearer <token>

Response

{
    "status": "success",
    "result": {
        "url": "<URL_OF_THE_FILE>"
    }
}
{
    "status": "failed",
    "message": "Filetype not valid"
}

Curl Example:

curl --location 'https://solidityscan.com/app/private/api-get-presigned-url/?file_name=test.sol' \
--header 'accept: application/json, text/plain, */*' \
--header 'accept-language: en-GB,en-US;q=0.9,en;q=0.8' \
--header 'content-type: application/json' \
--header 'Authorization: Bearer <ACCESS_TOKEN>' \
--data ''

Scan Retrieval

POSThttps://solidityscan.com/app/private/api-get-scan/

Fetches the scan result of a specific project or file.

Headers

Name
Value

Content-Type

application/json

Authorization

Bearer <token>

Body

Name
Type
Description

client_id

number

Id of the client

scan_id

string

Id of the scan

scan_type

string

Type of Scan

project_id

string

Id of the project

Response

{
  "scan_report": {
    "file_url_list": [
      "https://credshields-prod.s3.amazonaws.com/temp_backend/15c9c621-11ab-4db5-a005-4c98ebbad1d9/1736928326545_testnew.sol"
    ],
    "is_quick_scan": false,
    "multi_file_scan_details": [
      {
        "issue_id": "SOLIDITY_INCORRECT_ACCESS_CONTROL",
        "metric_wise_aggregated_findings": [
          {
            "bug_hash": "mUvFpuKREc_hKplmSXj99sLGIzg=",
            "bug_id": "SSP_51519_14",
            "bug_status": "pending_fix",
            "description_details": {
              "contract_name": "BUG",
              "function_name": "transferToken",
              "library_name": "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol",
              "modifier_name": "onlyOwner"
            },
            "findings": [
              {
                "ai_tagged_reason": "The function 'transferToken' has a require statement checking the balance of msg.sender and ensures the recipient address is not zero. It does not modify critical data without proper checks, and it operates on the balance of msg.sender, which is appropriate for a public function.",
                "ai_tagged_status": false,
                "file_path": "/testnew.sol",
                "line_nos_end": [
                  27
                ],
                "line_nos_start": [
                  22
                ]
              }
            ],
            "scan_id": "759bab4e4c214fc5"
          }
        ],
        "no_of_findings": 1,
        "template_details": {
          "description_keys": [
            "contract_name",
            "library_name",
            "function_name",
            "modifier_name"
          ],
          "issue_confidence": "1",
          "issue_description": "<p>Access control plays an important role in segregation of privileges in smart contracts and other applications. If this is misconfigured or not properly validated on sensitive functions, it may lead to loss of funds, tokens and in some cases compromise of the smart contract. <br><br>The contract ${contract_name} is importing an access control library ${library_name} but the function ${function_name} is missing the modifier ${modifier_name}.</p>",
          "issue_id": "SOLIDITY_INCORRECT_ACCESS_CONTROL",
          "issue_name": "INCORRECT ACCESS CONTROL",
          "issue_remediation": "<p>It is recommended to go through the contract and observe the functions that are lacking an access control modifier. If they contain sensitive administrative actions, it is advised to add a suitable modifier to the same</p>",
          "issue_severity": "critical",
          "issue_status": "true",
          "static_issue_description": "<p>Access control plays an important role in the segregation of privileges in smart contracts and other applications. If this is misconfigured or not properly validated on sensitive functions, it may lead to loss of funds, tokens and in some cases compromise of the smart contract. <br><br>The contract is importing an access control library but the function is missing the modifier.</p>"
        }
      },
.......
{
  "error": "Invalid request"
}

Curl Example:

curl --location 'https://solidityscan.com/app/private/api-get-scan/' \
--header 'accept: application/json, text/plain, */*' \
--header 'content-type: application/json' \
--header 'Authorization: Bearer <ACCESS_TOKEN>' \
--data '{
    "client_id": 802,
    "scan_id": "789e422d9923edd3",
    "scan_type": "block",
    "project_id": "09577d722c51953c21e0a41199c47699"
}'

File Scan

POSThttps://solidityscan.com/app/private/api-file-scan/

Uploads a file and initiates its scan.

Headers

Name
Value

Content-Type

application/json

Authorization

Bearer <token>

Body

Name
Type
Description

file_urls

array

An array containing all the URLs of the files.

project_name

string

Name of the project

project_type

string

Type of the project

Response

{
  "scan_report": {
    "file_url_list": [
      "https://credshields-prod.s3.amazonaws.com/temp_backend/15c9c621-11ab-4db5-a005-4c98ebbad1d9/1736928326545_testnew.sol"
    ],
    "is_quick_scan": false,
    "multi_file_scan_details": [
      {
        "issue_id": "SOLIDITY_INCORRECT_ACCESS_CONTROL",
        "metric_wise_aggregated_findings": [
          {
            "bug_hash": "mUvFpuKREc_hKplmSXj99sLGIzg=",
            "bug_id": "SSP_51519_14",
            "bug_status": "pending_fix",
            "description_details": {
              "contract_name": "BUG",
              "function_name": "transferToken",
              "library_name": "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol",
              "modifier_name": "onlyOwner"
            },
            "findings": [
              {
                "ai_tagged_reason": "The function 'transferToken' has a require statement checking the balance of msg.sender and ensures the recipient address is not zero. It does not modify critical data without proper checks, and it operates on the balance of msg.sender, which is appropriate for a public function.",
                "ai_tagged_status": false,
                "file_path": "/testnew.sol",
                "line_nos_end": [
                  27
                ],
                "line_nos_start": [
                  22
                ]
              }
            ],
            "scan_id": "759bab4e4c214fc5"
          }
        ],
        "no_of_findings": 1,
        "template_details": {
          "description_keys": [
            "contract_name",
            "library_name",
            "function_name",
            "modifier_name"
          ],
          "issue_confidence": "1",
          "issue_description": "<p>Access control plays an important role in segregation of privileges in smart contracts and other applications. If this is misconfigured or not properly validated on sensitive functions, it may lead to loss of funds, tokens and in some cases compromise of the smart contract. <br><br>The contract ${contract_name} is importing an access control library ${library_name} but the function ${function_name} is missing the modifier ${modifier_name}.</p>",
          "issue_id": "SOLIDITY_INCORRECT_ACCESS_CONTROL",
          "issue_name": "INCORRECT ACCESS CONTROL",
          "issue_remediation": "<p>It is recommended to go through the contract and observe the functions that are lacking an access control modifier. If they contain sensitive administrative actions, it is advised to add a suitable modifier to the same</p>",
          "issue_severity": "critical",
          "issue_status": "true",
          "static_issue_description": "<p>Access control plays an important role in the segregation of privileges in smart contracts and other applications. If this is misconfigured or not properly validated on sensitive functions, it may lead to loss of funds, tokens and in some cases compromise of the smart contract. <br><br>The contract is importing an access control library but the function is missing the modifier.</p>"
        }
      },
.......
PreviousScan Lifespan and EventsNextRustScan API

Last updated 3 months ago

⚙️
🌐
42KB
response.json
42KB
response.json