Quickstart.

Run your first scan in four steps. All you need is an API key and a URL to scan.

Step 1: Get an API key

Sign in to the AppVet dashboard and create an API key. Keys start with avk_live_ and look like:

avk_live_a1b2c3d4e5f6g7h8i9j0...

Store the key securely. It will only be shown once. You can create multiple keys to separate CI/CD from local development.

Step 2: Create a scan

Send a POST request to /v1/scan with the target URL and scan type:

curl -X POST https://appvet.dev/v1/scan \
  -H "Authorization: Bearer avk_live_your_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://example.com",
    "type": "security"
  }'

Response:

{
  "id": "scan_abc123",
  "status": "queued",
  "type": "security",
  "url": "https://example.com",
  "created_at": "2026-03-30T12:00:00Z"
}

Valid scan types: security, performance, accessibility, seo. See Scan Profiles for what each type checks.

Step 3: Poll for status

Scans take 30-90 seconds. Poll the status endpoint until status is "completed":

curl https://appvet.dev/v1/scan/scan_abc123 \
  -H "Authorization: Bearer avk_live_your_key_here"

Status transitions: queued → scanning → completed (or failed). Poll every 3-5 seconds.

Step 4: View the report

Once the scan is completed, fetch the full report:

curl https://appvet.dev/v1/report/scan_abc123 \
  -H "Authorization: Bearer avk_live_your_key_here"

The report contains a numeric score (0-100), letter grade, per-check results with severity, and actionable fix recommendations. See the Report endpoint docs for the full schema.

Next steps

• Authentication - rate limits, API key management, and alternative auth methods.
• API Reference - all endpoints with request and response schemas.
• CLI - run scans from your terminal or CI/CD pipeline.
• Scan Profiles - see all 84 checks across 5 scan types (Security, Performance, Accessibility, SEO, and Quality for signed-in users).