API Documentation

Complete guide to integrating ComplianceLayer into your security workflow.

Quickstart Guide

Get started with ComplianceLayer in under 5 minutes. This guide will walk you through creating an account, getting your API key, running your first scan, and polling for results.

Step 1: Create an Account

Sign up for a free account at compliancelayer.net/signup. The free tier includes:

  • 10 scans per month
  • 1 monitored domain
  • 30 requests per minute
  • Access to all 15+ security modules

Step 2: Get Your API Key

After signing in, navigate to Settings → API Keys in the dashboard and click "Create API Key". Your key will start with cl_ and should be kept secure.

Security Note: Never commit API keys to version control or expose them in client-side code. Store them in environment variables.

Step 3: Make Your First Request

Submit a scan request for any public domain. The API will return a job ID that you'll use to poll for results.

# Submit scan request
curl -X POST "https://api.compliancelayer.net/v1/scan" \
  -H "Authorization: Bearer cl_YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "domain": "example.com"
  }'

# Response
{
  "job_id": "job_abc123def456",
  "domain": "example.com",
  "status": "queued",
  "queued_at": "2026-03-07T12:00:00Z"
}

Step 4: Poll for Results

Scans typically complete within 30-60 seconds. Poll the job status endpoint until the status field is completed, then fetch the full report.

# Check job status
curl "https://api.compliancelayer.net/v1/scan/jobs/job_abc123def456" \
  -H "Authorization: Bearer cl_YOUR_API_KEY"

# Response (when completed)
{
  "job_id": "job_abc123def456",
  "status": "completed",
  "result": {
    "score": 87,
    "grade": "B+",
    "risk_level": "low",
    "total_issues": 10,
    "critical_issues": 0,
    "high_issues": 2
  }
}

Step 5: Get the Full Report

Once the scan is complete, fetch the detailed report including all findings, compliance mappings, and module-specific results.

curl "https://api.compliancelayer.net/v1/scan/jobs/job_abc123def456/report" \
  -H "Authorization: Bearer cl_YOUR_API_KEY"

Understanding the Response

The full report includes:

  • score (0-100): Overall security score, higher is better
  • grade (A+ to F): Letter grade based on score
  • risk_level: low, medium, high, or critical
  • modules: Results from each scanner (DNS, SSL, headers, ports, etc.)
  • issues: All findings across modules, sorted by severity
  • compliance: Mapping to frameworks (SOC 2, ISO 27001, NIST, etc.)
  • recommendations: Actionable steps to improve your score

Alternative: Use via RapidAPI

ComplianceLayer is also available on the RapidAPI marketplace. If you prefer to manage subscriptions and billing through RapidAPI, subscribe there and use their unified API key instead. The endpoints and responses are identical.

Next Steps

Learn About Scanning

Explore advanced scanning features, custom parameters, and best practices.

Set Up Monitoring

Configure scheduled scans and alerts for continuous domain monitoring.

Configure Webhooks

Receive real-time notifications when scans complete or issues are detected.