API Overview
The Inkog API allows you to programmatically scan code for AI agent security vulnerabilities.
Base URL
https://api.inkog.ioFor self-hosted deployments, use your server’s URL.
Authentication
All API requests require an API key passed in the Authorization header:
Authorization: Bearer YOUR_API_KEYAPI keys are available through the Inkog Dashboard . During beta, contact us for access.
Rate Limits
| Plan | Requests per minute | Burst |
|---|---|---|
| Free | 10 | 5 |
| Pro | 60 | 20 |
| Enterprise | Unlimited | - |
When rate limited, you’ll receive a 429 response with a Retry-After header.
Response Format
All responses are JSON with the following structure:
{
"success": true,
"data": { ... }
}Error responses include an error code and message:
{
"success": false,
"error": {
"code": "RATE_LIMITED",
"message": "Rate limit exceeded. Please retry later."
}
}Quick Start
Scan a file in seconds:
curl -X POST https://api.inkog.io/api/v1/scan \
-H "Authorization: Bearer YOUR_API_KEY" \
-F "file=@./agent.py"Response:
{
"success": true,
"risk_score": 75,
"findings_count": 2,
"findings": [
{
"severity": "HIGH",
"file": "agent.py",
"line": 42,
"message": "User input directly concatenated into LLM prompt",
"cwe": "CWE-77"
}
],
"scan_duration": "1.2s"
}Endpoints
| Method | Endpoint | Description |
|---|---|---|
POST | /api/v1/scan | Scan code for vulnerabilities |
SDKs
Official SDKs coming soon:
- Python (
pip install inkog) - JavaScript (
npm install @inkog/sdk) - Go (
go get github.com/inkog-io/inkog-go)
For now, use the REST API directly with any HTTP client.
Last updated on