Support » Guides » API v1

API v1

Warning this API version is deprecated!

Please see the VulnDB HQ API v2 guide

Warning this API version is deprecated!

1 Schema

All API access is over HTTPS, and accessed from your private domain (e.g. john.vulndbhq.com). All data is sent and received as JSON.

Blank fields are included as null instead of being omitted.

All timestamps are returned in ISO 8601 format:


2 HTTP Verbs

Where possible, API v1 strives to use appropriate HTTP verbs for each action.

Can be issued against any resource to get just the HTTP header info.
Used for retrieving resources.
Used for creating resources
Used for updating resources with partial JSON data. For instance, a Private Page resource has name and content attributes. A PUT request may accept one or more of the attributes to update the resource.
Used for deleting resources.

3 Authentication

Currently the only supported way to authenticate through VulnDB HQ API v1 is through:

Basic Authentication:

$ curl -u "username:PASSWORD" https://john.vulndbhq.com

4 Rate Limiting

We limit requests to API v1 to 5000 per hour. This is keyed off your login or request IP.

Soon, you will be able to can check the returned HTTP headers of any API request to see your current status:

$ curl -i https://john.vulndbhq.com/private_pages.json

HTTP/1.1 200 OK
Status: 200 OK
X-RateLimit-Limit: 5000
X-RateLimit-Remaining: 4966

5 Model: Private Page

5.1 List all your private pages:

GET /private_pages.json


Search query to filter the results by. Default: none / unfiltered


GET /private_pages.json?q=XSS

5.2 Get

GET /private_pages/:id.json

Guide contents

  1. Schema

  2. HTTP Verbs

  3. Authentication

  4. Rate Limiting

  5. Model: Private Page

Download resources

Our users can download the resources used in this guide here.