Getting Started
Overview Authentication Base URL
Scans
POST/scan POST/scan/authorised GET/scan/{id} GET/scan/{id}/findings GET/scans GET/scans/latest
Reports
GET/report/executive GET/report/technical GET/report/compliance
Clients
POST/clients/register GET/clients/me
Scheduling
POST/scans/schedule GET/scans/scheduled
Remediation
PATCH/finding/{id}/remediate GET/client/{id}/remediation-summary
Alerts
POST/alerts/configure
Billing
POST/billing/checkout POST/billing/webhook

Fix First API

The Fix First API gives you programmatic access to the complete exposure validation platform — scans, findings, intelligence enrichment, reports, scheduling, and billing. Build integrations, automate workflows, or embed Fix First into your MSP tooling.

https://api.fixfirstsec.com
Authentication: All endpoints require the x-api-key header.
Client endpoints additionally accept a Authorization: Bearer {token} header for per-client access.

Get your API key at fixfirstsecurity.com/signup.html
Scans
POST /scan Create a new scan job
Queue a new vulnerability scan. Returns a job_id to track progress. Scan runs asynchronously — poll /scan/{job_id} for status.
Request body
{ "target": "company.com", // IP, domain, URL, or CIDR "target_type": "domain", // ip | domain | url | cidr "scan_profile": "standard", // light | standard | aggressive "client_name": "Acme Corp" // optional client label }
Response
{ "job_id": "a1b2c3d4-...", "status": "queued", "target": "company.com", "message": "Scan queued. Track at /scan/a1b2c3d4" }
POST /scan/authorised Create scan with legal authorisation record
Create a scan with explicit authorisation confirmation stored for legal protection. Also enforces rate limiting per client tier. Recommended for all production use.
Request body
{ "target": "company.com", "target_type": "domain", "scan_profile": "standard", "client_name": "Acme Corp", "authorised": true, // required — confirms permission "authorised_by": "John Smith" // optional — who authorised }
GET /scan/{job_id} Get scan status and summary
Poll this endpoint to check scan progress. Status: queued → running → complete | failed.
Response
{ "job_id": "a1b2c3d4-...", "status": "complete", "target": "company.com", "error": null, "findings_summary": { "total": 12, "critical": 2, "high": 4, "medium": 6, "low": 0 } }
GET /scan/{job_id}/findings Get full findings with intelligence enrichment
Returns all validated findings enriched with CISA KEV, EPSS, MITRE ATT&CK, D3FEND, CWE, CIS Controls, and ISO 27001:2022 Annex A mappings.
Response — each finding includes
{ "title": "Redis Server - Unauthenticated Access", "severity": "high", "fixfirst_score": 8.4, "fixfirst_priority": "high", "kev_flagged": false, // CISA KEV check "epss_score": 0.247, // 30-day exploit probability "mitre_tactic_id": "TA0001", "mitre_technique_id": "T1190", "d3fend_countermeasures": "[...]", // D3FEND JSON "cwe_id": "CWE-306", "cis_control_id": "CIS-5", "iso27001_control_id": "A.8.20", // ISO 27001 Annex A "iso27001_control_name": "Networks Security", "fix_urgency": "urgent", "status": "open" // open|in_progress|fixed|accepted_risk }
Reports
GET /scan/{job_id}/report/{type} Generate HTML report — print to PDF
Returns a complete HTML report. Open in browser and use File → Print → Save as PDF. Report types: executive | technical | compliance
Example URLs
# Executive report — board/management facing GET /scan/{job_id}/report/executive?api_key=YOUR_KEY # Technical report — security team facing GET /scan/{job_id}/report/technical?api_key=YOUR_KEY # Compliance report — ISO 27001 + CIS + Canadian frameworks GET /scan/{job_id}/report/compliance?api_key=YOUR_KEY
Clients & Auth
POST /clients/register Register client and issue JWT token
Create a new client account and issue a JWT access token. The token is shown once — store it securely. Tiers: trial (2 scans) | starter (5/mo) | professional (unlimited) | enterprise (unlimited).
Request body
{ "name": "Acme Corp", "email": "security@acme.com", "company": "Acme Corporation", "tier": "trial" }
Response
{ "client_id": "uuid", "token": "eyJhbGci...", // Save — shown once "tier": "trial", "scan_limit": 2 }
GET /clients/me Get client info and usage
Returns client tier, scan usage, and billing period. Use Authorization: Bearer {token} header.
Scheduled Scans
POST /scans/schedule Schedule recurring scan
Schedule a scan to run automatically at a regular interval. Frequencies: daily | weekly | monthly. Scheduled scans are authorised automatically.
Request body
{ "client_id": "uuid", "target": "company.com", "target_type": "domain", "scan_profile": "standard", "frequency": "weekly" }
Remediation Tracking
PATCH /finding/{finding_id}/remediate Update finding remediation status
Mark a finding as fixed, in progress, or accepted risk. All status changes are logged with timestamp for audit trail.
Request body
{ "status": "fixed", // open|in_progress|fixed|accepted_risk "note": "Patched in deploy 2.4.1", "updated_by": "John Smith" }
Alerts
POST /alerts/configure Configure Slack / Teams / email alerts
Configure webhook alerts for KEV findings and critical vulnerabilities. Fix First fires instant Slack or Teams messages when CISA KEV findings are detected.
Request body
{ "client_id": "uuid", "slack_webhook": "https://hooks.slack.com/...", "teams_webhook": "https://outlook.office.com/...", "kev_alerts": true, "critical_alerts": true, "high_alerts": false }
Billing
POST /billing/checkout Create Stripe checkout session
Create a Stripe checkout session for a subscription. Returns a checkout URL — redirect the user to this URL to complete payment. Tier activates automatically on payment.
Request body
{ "tier": "professional", // starter | professional | enterprise "email": "user@company.com", "name": "John Smith" }
Full interactive documentation available at api.fixfirstsec.com/docs · Powered by FastAPI + OpenAPI 3.0