WarDek is a complete compliance suite that combines an OWASP vulnerability scanner with NIS2, AI Act and GDPR compliance modules, specially designed for European SMEs.

Is my company subject to NIS2?

The NIS2 directive applies to essential and important entities in sectors such as energy, healthcare, transport, digital, etc. Use our free simulator to check.

How should I use WarDek reports in an audit?

WarDek reports provide a practical working base for your team, auditor, or compliance preparation. They are not an official certification or legal opinion.

How long does a scan take?

A complete OWASP scan typically takes between 2 and 5 minutes depending on the complexity of your website.

Absolutely. We never store your credentials. Reports are encrypted and you can delete them at any time. We are hosted in France.

Can I try before I buy?

Yes! The Free plan lets you test WarDek with 3 scans per month, no credit card required.

API REFERENCE

Complete REST API for WarDek security and compliance scanning platform.

AUTHENTICATION

All API requests require authentication via a Bearer token in the Authorization header. API keys can be generated from your Dashboard under Settings.

Authorization: Bearer ssk_live_your_api_key_here

API keys start with ssk_live_ for production and ssk_test_ for sandbox. Keep your keys secret and never commit them to version control.

BASE URL

https://wardek.io

ENDPOINTS

POST/api/v1/scanAUTH REQUIRED

Launch a scan

Start a new security scan on a target URL. Returns scan results with a security score.

Request Body

interface ScanRequest {
  url: string;
  ci?: {
    minScore?: number;
    maxCritical?: number;
    maxHigh?: number;
  };
}

Response

interface ScanResponse {
  schemaVersion: string;
  id: string;
  url: string;
  domain: string;
  status: string;
  score: number;
  grade: string;
  duration: number;
  findingSummary: FindingSummary;
  criticalCount: number;
  highCount: number;
  reportUrl: string;
  ci?: CiGateResult;
  results: Record<string, object>;
  recommendations: string[];
  createdAt: string;
}

Examples

cURL

curl -X POST https://wardek.io/api/v1/scan \
  -H "Authorization: Bearer ssk_live_..." \
  -H "Content-Type: application/json" \
  -d '{"url": "https://example.com"}'

TypeScript

const res = await fetch('https://wardek.io/api/v1/scan', {
  method: 'POST',
  headers: {
    'Authorization': 'Bearer ssk_live_...',
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({ url: 'https://example.com' }),
});
const scan = await res.json();

GET/api/v1/scansAUTH REQUIRED

List scans

Retrieve a paginated list of your scans, ordered by most recent first.

Response

interface ScanListResponse {
  data: ScanSummary[];
  pagination: {
    total: number;
    limit: number;     // 1-100, default 10
    offset: number;    // default 0
    hasMore: boolean;
  };
}

Examples

cURL

curl "https://wardek.io/api/v1/scans?limit=10&offset=0" \
  -H "Authorization: Bearer ssk_live_..."

TypeScript

const res = await fetch(
  'https://wardek.io/api/v1/scans?limit=10&offset=0',
  { headers: { 'Authorization': 'Bearer ssk_live_...' } }
);
const { data, pagination } = await res.json();

GET/api/v1/scans/:idAUTH REQUIRED

Get scan details

Retrieve full details for a specific scan, including all module results and findings.

Response

// Same structure as POST /api/v1/scan response
// with additional fields: auditTrail, proof, remediation

Examples

cURL

curl https://wardek.io/api/v1/scans/scan_abc123 \
  -H "Authorization: Bearer ssk_live_..."

TypeScript

const res = await fetch(
  'https://wardek.io/api/v1/scans/scan_abc123',
  { headers: { 'Authorization': 'Bearer ssk_live_...' } }
);
const scan = await res.json();

GET/api/scans/:id/exportAUTH REQUIRED

Export scan results

Export scan results. Supported formats: json, yaml, csv, sarif. Append ?format=<format>.

Response

// JSON format: Full scan object
// YAML format: YAML-serialized scan object
// Content-Type varies by format

Examples

cURL

# JSON export
curl https://wardek.io/api/scans/scan_abc123/export?format=json \
  -H "Authorization: Bearer ssk_live_..."

# YAML export
curl https://wardek.io/api/scans/scan_abc123/export?format=yaml \
  -H "Authorization: Bearer ssk_live_..."

TypeScript

const res = await fetch(
  'https://wardek.io/api/scans/scan_abc123/export?format=json',
  { headers: { 'Authorization': 'Bearer ssk_live_...' } }
);
const data = await res.json();

RATE LIMITS

Rate limits are applied per API key. Exceeding limits returns a 429 status with a Retry-After header.

Plan	Scans	Rate
FREE	3 / month	Dashboard only
PRO	50 / month	Dashboard only
COMPLIANCE+	Unlimited	Dashboard only
ENTERPRISE	Unlimited	API access (daily limit)

ERROR CODES

Code	Message	Description
400	Bad Request	Invalid URL or malformed request body.
401	Unauthorized	Missing or invalid API key.
403	Forbidden	Scan limit reached for your plan.
429	Too Many Requests	Rate limit exceeded. Retry after the Retry-After header value.
500	Internal Server Error	Unexpected server error. Contact support if persistent.

Error Response Shape

{
  "error": {
    "code": 429,
    "message": "Rate limit exceeded",
    "retryAfter": 60
  }
}