API Documentation

Quick Start

Sign up — Use the form above or create an account via the API.

curl -X POST https://patchapi.shanecode.org/v1/auth/register \
  -H "Content-Type: application/json" \
  -d '{"email":"[email protected]","password":"yourpassword"}'

Save the api_key from the response — it's shown only once.

Make your first call

curl https://patchapi.shanecode.org/v1/cve/CVE-2021-44228 \
  -H "X-API-Key: pp_live_your_key_here"

Or use the CLI

patchpulse auth login
patchpulse cve CVE-2021-44228
patchpulse check package-lock.json

Authentication

Pass your API key via the X-API-Key header or Authorization: Bearer header.

X-API-Key: pp_live_your_key_here
# or
Authorization: Bearer pp_live_your_key_here

Unauthenticated requests use the anonymous tier: 10 requests/minute, no monthly quota.

Endpoints

GET /v1/cve/{cve-id}

Full CVE detail with EPSS, CISA KEV, affected packages, and advisories.

GET /v1/pkg/{ecosystem}/{package}

All CVEs affecting a package, sorted by EPSS score. Supports npm, pypi, go, cargo, maven.

GET /v1/pkg/{ecosystem}/{package}/{version}

CVEs affecting a specific version. Version-range matching per ecosystem.

GET /v1/epss/{cve-id}/history

EPSS score history over time. Query parameter: days (default 30, max 365).

Requires: Business+

POST /v1/scan

Upload a manifest (package.json, go.mod, requirements.txt) for a prioritized vulnerability report.

Requires: Pro+

POST /v1/auth/register

Create an account. Returns your API key (shown once).

POST /v1/auth/login

GET /v1/auth/account

View account info, API key prefixes, and usage.

Requires: API key

GET /v1/usage

Current month usage stats.

Requires: API key

GET /health

Health check with data source freshness timestamps.

Rate Limits

Tier	Burst	Monthly Quota
Anonymous	10/min	—
Free	30/min	500
Pro	120/min	10,000
Business	300/min	50,000
Growth	600/min	200,000

Rate limit headers are included in every response: X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset.

Base URL

https://patchapi.shanecode.org