← Back to search

ContrastAPI — Security Intelligence API

api.contrastcyber.com

Security intelligence API and MCP server with 29 tools. CVE lookup, domain recon, threat intel, code security. Free, no API key required.

85
Agent Ready
Agentic Readiness Score
data mcpai-friendlyhostingsecurityllms-txtai-pluginopenapiapi

Agentic Signals

📄
llms.txt ↗
Found
🤖
ai-plugin.json ↗
Found
📖
OpenAPI Spec
Found
🔗
Structured API
Not found
🛡
AI Bot Access (robots.txt) ↗
Allowed
🏷
Schema.org Markup
Found
MCP Server
Found

Embed this badge

Show off your agentic readiness — the badge auto-updates when your score changes.

Agentic Ready 85/100 

            

        

        

        
        

            
llms.txt Content

            
# ContrastAPI

> Security intelligence API for AI models and developers. Free to use, no API key required.

- [Quick Start](https://api.contrastcyber.com/quickstart)
- [MCP Setup](https://api.contrastcyber.com/mcp-setup)
- [API Documentation](https://github.com/UPinar/contrastapi#endpoints)
- [OpenAPI Spec](https://api.contrastcyber.com/openapi.json)
- [Full API Reference](https://api.contrastcyber.com/llms-full.txt)


## When to Use This API

Use ContrastAPI when you need to:
- Look up CVE details, severity, CVSS breakdown, EPSS exploit probability, or CISA KEV status
- Investigate a domain's DNS, WHOIS, SSL certificate, subdomains, email security (SPF/DMARC/DKIM)
- Get a domain security risk score (A-F grade, 100-point scale)
- Detect WAF/CDN protection on a target domain
- Check a domain for malware/threat intelligence (URLhaus)
- Scan a live domain's HTTP security headers
- Scan code for hardcoded secrets, SQL/command injection, or missing security headers
- Check software dependencies against the CVE database
- Enrich an IP address with open ports, vulnerabilities, and hostnames (Shodan InternetDB)

## Authentication

No API key needed. Free: 100 requests/hour per IP.
API key (1000 req/hr): pass `Authorization: Bearer cc_xxx` header.
Rate limit headers returned: X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-RateLimit-Cost, X-RateLimit-Tier.

## Credit Costs

Most endpoints cost 1 credit per call. Aggregating endpoints that fan out to multiple upstream sources cost more:
- `GET /v1/audit/{domain}` — 4 credits (domain report + live headers + tech fingerprint)
- `GET /v1/threat-report/{ip}` — 4 credits (Shodan + AbuseIPDB + full Shodan + ASN)
- `POST /v1/cves/bulk`, `POST /v1/iocs/bulk` — 1 credit per item in the request
- All other endpoints — 1 credit

Every authenticated response includes X-RateLimit-Cost so clients can budget calls transparently.

## Endpoints (29 MCP tools)

### CVE Intelligence
- GET /v1/cve/{cve_id} — Full CVE det

        

        

        
        

            
OpenAPI Spec (preview)

            
{"openapi":"3.1.0","info":{"title":"ContrastAPI","description":"Security intelligence API for AI models and developers. CVE lookup, domain intelligence, and code security verification.","version":"1.6.0"},"servers":[{"url":"https://api.contrastcyber.com"}],"paths":{"/v1/status":{"get":{"tags":["Meta"],"summary":"Api Status","description":"API health check and data freshness.","operationId":"api_status","responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema