REST API — v2.1

Integrate Security Ratings Into Anything

Embed live cybersecurity ratings directly into your platform, dashboard, or workflow. Our REST API gives you real-time access to 250+ data points on any rated US organization.

Get API Access View Endpoints

REST

JSON over HTTPS

<200ms

Avg response time

99.9%

API uptime SLA

Quick Start — cURL

# Get a company's security rating

curl -X GET \

"https://api.cybersecurityratings.com/v2/ratings" \

-H "Authorization: Bearer YOUR_API_KEY" \

-H "Content-Type: application/json" \

-d '{"domain": "example.com"}'

# Response

{

"domain": "example.com",

"grade": "B+",

"score": 87,

"last_updated": "2026-03-20T14:22:00Z",

"categories": { ... }

}

200 OK

148ms

Base URL

https://api.cybersecurityratings.com/v2

All API requests must be made over HTTPS. HTTP requests will be rejected. The API uses JSON for all request and response bodies.

TLS 1.2+ JSON UTF-8

Authentication

Authenticate using your API key as a Bearer token in the Authorization header. Find your key in your account dashboard.

# Required header on every request

Authorization: Bearer csrat_live_xxxxxxxxxxxx

Never expose your API key in client-side code. Always make API calls from your server. Rotate keys immediately if compromised.

Rate Limits by Plan

Plan	Requests / Minute	Requests / Month	Batch Size
Professional	60	1,000	10 domains
Business	300	10,000	100 domains
Enterprise	Unlimited	Unlimited	1,000 domains

Rate limit headers are included in every response: X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset

API Reference

Core Endpoints

All endpoints return JSON and accept JSON request bodies. Authentication via Bearer token is required on all endpoints.

GET /ratings — Get the security rating for a domain All Plans

Request Parameters

domain

string required

The domain to look up (e.g. "example.com")

include_details

boolean optional · default: false

Include full category breakdown and vulnerability list

include_history

boolean optional · default: false

Include 90-day score history for trend analysis

Response

{

"domain": "example.com",

"grade": "B+",

"score": 87,

"industry_avg": 79,

"last_updated": "2026-03-20T14:22:00Z",

"categories": {

"network_security": 91,

"application_security": 83,

...

}

POST /ratings/batch — Fetch ratings for multiple domains in one request Business+

Request Body

{

"domains": [

"vendor1.com",

"vendor2.com",

"vendor3.com"

],

"include_details": false

}

Response

{

"results": [

{ "domain": "vendor1.com", "grade": "A" },

...

],

"total": 3,

"quota_used": 3

}

GET /search — Search the ratings database by company name, industry, or state All Plans

q

string · optional

Company name or keyword search

industry

string · optional

Filter by sector (e.g. "healthcare")

min_grade

string · optional

Min grade filter: A, B, C, D, F

state

string · optional

US state abbreviation (e.g. "CO")

limit

integer · default: 20

Results per page (max 100)

offset

integer · default: 0

Pagination offset

POST /monitor — Subscribe to real-time alerts when a domain's score changes Business+

Request Body

{

"domain": "vendor.com",

"webhook_url": "https://your.app/webhook",

"alert_on": ["grade_change", "critical_vuln"],

"threshold": 10

}

Webhook Payload (on alert)

{

"event": "grade_change",

"domain": "vendor.com",

"old_grade": "B",

"new_grade": "C",

"timestamp": "2026-03-20T14:22:00Z"

}

DELETE /monitor/{id} — Remove a monitoring subscription by its ID Business+

GET /account — Retrieve API quota usage, plan details, and key metadata All Plans

Code Examples

Get Up and Running in Minutes

get_rating.sh

# Install: no dependencies needed

# Get security rating with full details

curl -X GET \

"https://api.cybersecurityratings.com/v2/ratings?domain=example.com&include_details=true" \

-H "Authorization: Bearer csrat_live_xxxxxxxxxxxx" \

-H "Content-Type: application/json"

Error Codes

400

Bad Request

Missing or invalid request parameters. Check the error.message field for details.

401

Unauthorized

Missing or invalid API key. Verify your Authorization header is correct.

403

Forbidden

Your plan doesn't support this endpoint. Upgrade to Business or Enterprise to unlock.

404

Not Found

The domain has not been rated yet. Submit it for a free assessment first.

429

Rate Limited

You've exceeded your plan's rate limit. Check X-RateLimit-Reset for retry time.

500

Internal Server Error

Unexpected server error. Retry with exponential backoff. If persistent, contact support.

Error Response Structure

{

"error": {

"code": 429,

"type": "rate_limit_exceeded",

"message": "Rate limit exceeded. Retry after 60s."

}

Official SDKs

Python SDK

v1.4.0 · MIT License

pip install csratings View on GitHub

Node.js SDK

v2.1.0 · MIT License

npm install csratings View on GitHub

PHP SDK

v1.2.0 · MIT License

composer require csratings/php View on GitHub

Ruby Gem

v1.1.0 · MIT License

gem install csratings View on GitHub

Pagination

List endpoints use offset-based pagination. Use limit and offset parameters. Max page size is 100.

# Page 2 of results (20 per page)

GET /search?q=healthcare&limit=20&offset=20

{

"results": [ ... ],

"total": 284,

"limit": 20,

"offset": 20,

"has_more": true

}

GitHub Issues

Report bugs, request features, and view open issues on our public GitHub repository.

Open GitHub

Developer Support

Email our developer success team for integration help, advanced questions, and enterprise onboarding.

[email protected]

Developer Community

Join our Discord server to connect with other developers, share integrations, and get real-time help from our team.

Join Discord

Get API Access

Ready to Start Building?

API access is available on Business and Enterprise plans. Upgrade your account or contact our team to get your API key and start integrating today.

Get API Access Talk to an Engineer

REST API with JSON <200ms avg latency 99.9% uptime SLA Webhook support 4 official SDKs