Scan any domain for quantum cryptographic vulnerabilities with a single API call.
All API requests require an API key passed via the X-QUANTRAMA-API-KEY header.
Get your API key from the dashboard.
curl https://quantrama.com/api/v1/usage \
-H "X-QUANTRAMA-API-KEY: qrk_live_your_key_here"/api/v1/scans— Create a new scan/api/v1/scans— List your scans/api/v1/scans/:scanId— Get scan details/api/v1/scans/:scanId/compare— Compare with previous scan/api/v1/scans/:scanId/compare— Compare two specific scans/api/v1/reports/:scanId— Download PDF report (Starter+)/api/v1/usage— Check your usage quotaBase URL: https://quantrama.com
/api/v1/scans— Scan a domain for quantum vulnerabilities{
"target": "example.com", // Required: domain to scan
"industry": "finance" // Optional: for compliance mapping
}Valid industries: finance, healthcare, government, defense, technology, ecommerce, telecom, energy, manufacturing, education, other
{
"scanId": "550e8400-e29b-41d4-a716-446655440000",
"target": "example.com",
"success": true,
"nistCompliance": 42,
"vulnerabilities": [
{
"title": "RSA-2048 Key Exchange Detected",
"description": "RSA-2048 is mathematically vulnerable to Shor's algorithm on a CRQC...",
"severity": "critical",
"category": "weak_cipher",
"affectedAsset": "example.com:443",
"algorithm": "RSA-2048",
"quantumVulnerable": true,
"migrationUrgency": "high",
"recommendation": "Migrate to CRYSTALS-Kyber (NIST-approved PQC)"
}
],
"summary": {
"totalVulnerabilities": 3,
"critical": 1,
"high": 1,
"medium": 1,
"low": 0
},
"cdn": {
"detected": true,
"provider": "cloudflare",
"note": "CDN detected — TLS config may reflect CDN, not origin server"
},
"compliance": [
{
"framework": "PCI DSS 4.0",
"status": "NON_COMPLIANT",
"gap": "RSA-2048 key exchange does not meet quantum-safe requirements",
"deadline": "2026-03-31",
"priority": "critical"
}
],
"previousScan": {
"scanId": "previous-scan-uuid",
"score": 35,
"date": "2026-02-15T10:00:00Z",
"trend": "improved"
},
"duration": 4,
"createdAt": "2026-02-23T10:30:00Z"
}Note: The compliance field is only included for Starter tier and above. The previousScan field appears when the same domain has been scanned before. See Enriched Response Fields for details.
/api/v1/scans— List your past scanslimit — Max results (default: 50, max: 100)offset — Pagination offset (default: 0)curl "https://quantrama.com/api/v1/scans?limit=10" \
-H "X-QUANTRAMA-API-KEY: qrk_live_your_key_here"/api/v1/scans/:scanId— Get full scan results with vulnerability detailscurl "https://quantrama.com/api/v1/scans/550e8400-e29b-..." \
-H "X-QUANTRAMA-API-KEY: qrk_live_your_key_here"Track your quantum security posture over time by comparing scan results.
/api/v1/scans/:scanId/compare— Compare with the most recent previous scan of the same domaincurl "https://quantrama.com/api/v1/scans/550e8400.../compare" \
-H "X-QUANTRAMA-API-KEY: qrk_live_your_key_here"/api/v1/scans/:scanId/compare— Compare current scan against a specific baselinecurl -X POST "https://quantrama.com/api/v1/scans/550e8400.../compare" \
-H "X-QUANTRAMA-API-KEY: qrk_live_your_key_here" \
-H "Content-Type: application/json" \
-d '{"baselineId": "previous-scan-uuid"}'Both scans must be completed and target the same domain.
{
"hasComparison": true,
"comparison": {
"current": {
"scanId": "550e8400...",
"score": 42,
"date": "2026-02-23T10:30:00Z"
},
"previous": {
"scanId": "previous-scan-uuid",
"score": 35,
"date": "2026-02-15T10:00:00Z"
},
"scoreChange": 7,
"trend": "improved",
"newVulnerabilities": [],
"resolvedVulnerabilities": ["RSA-1024 Key Exchange"],
"unchangedCount": 2
}
}If no previous scan exists, the response will have "hasComparison": false with a message.
/api/v1/reports/:scanId— Download a PDF report for a completed scanStarter tier and above. Free tier users will receive a 403 response. Upgrade to access PDF reports.
curl "https://quantrama.com/api/v1/reports/550e8400..." \
-H "X-QUANTRAMA-API-KEY: qrk_live_your_key_here" \
-o report.pdfReturns a PDF file with Content-Type: application/pdf. The report includes vulnerability details, NIST alignment score, CDN detection notes, and regulatory framework mapping (when applicable).
403 — PDF reports not available on your plan404 — Scan not found or not owned by you400 — Scan is not completed yet/api/v1/usage— Check your current scan quota{
"tier": "starter",
"scans": {
"used": 42,
"limit": 100,
"remaining": 58,
"resetsAt": "2026-03-01T00:00:00Z"
},
"rateLimit": {
"requestsPerMinute": 10,
"requestsPerHour": 100
}
}Scan responses include additional context to help you assess risk more accurately.
Every scan automatically detects CDN providers (Cloudflare, CloudFront, Akamai, Fastly, etc.) via DNS CNAME and HTTP header analysis. When a CDN is detected, the TLS configuration may reflect the CDN edge rather than your origin server.
"cdn": {
"detected": true,
"provider": "cloudflare",
"note": "CDN detected — TLS config may reflect CDN, not origin server"
}Maps scan findings to regulatory frameworks relevant to your industry (PCI DSS, HIPAA, NIST, SOC 2, etc.). Pass the industry field when creating a scan to get targeted compliance data. A snapshot is stored at scan time for audit trail purposes.
"compliance": [
{
"framework": "PCI DSS 4.0",
"status": "NON_COMPLIANT",
"gap": "RSA-2048 key exchange does not meet quantum-safe requirements",
"deadline": "2026-03-31",
"priority": "critical"
},
{
"framework": "SOC 2 Type II",
"status": "AT_RISK",
"gap": "Encryption controls may not meet future audit requirements",
"deadline": null,
"priority": "high"
}
]Status values: COMPLIANT, AT_RISK, NON_COMPLIANT
When a domain has been scanned before, the response includes a summary of the most recent previous scan for trend tracking.
"previousScan": {
"scanId": "previous-scan-uuid",
"score": 35,
"date": "2026-02-15T10:00:00Z",
"trend": "improved"
}Trend values: improved, declined, unchanged. Use the Compare Scans endpoint for detailed diff data.
import requests
API_KEY = "qrk_live_your_key_here"
headers = {"X-QUANTRAMA-API-KEY": API_KEY}
# Create a scan
response = requests.post(
"https://quantrama.com/api/v1/scans",
headers=headers,
json={"target": "example.com", "industry": "finance"}
)
result = response.json()
print(f"NIST Alignment: {result['nistCompliance']}%")
print(f"Critical vulnerabilities: {result['summary']['critical']}")
# Check usage
usage = requests.get(
"https://quantrama.com/api/v1/usage",
headers=headers
).json()
print(f"Scans remaining: {usage['scans']['remaining']}")const API_KEY = "qrk_live_your_key_here";
const response = await fetch("https://quantrama.com/api/v1/scans", {
method: "POST",
headers: {
"X-QUANTRAMA-API-KEY": API_KEY,
"Content-Type": "application/json",
},
body: JSON.stringify({
target: "example.com",
industry: "finance",
}),
});
const result = await response.json();
console.log(`NIST Alignment: ${result.nistCompliance}%`);
console.log(`Critical: ${result.summary.critical}`);curl -X POST https://quantrama.com/api/v1/scans \
-H "X-QUANTRAMA-API-KEY: qrk_live_your_key_here" \
-H "Content-Type: application/json" \
-d '{"target": "example.com"}'| Status | Meaning | Example |
|---|---|---|
| 400 | Bad Request | Missing target field |
| 401 | Unauthorized | Invalid or missing API key |
| 403 | Forbidden | Feature not available on your plan |
| 429 | Rate Limited / Quota Exceeded | Monthly scan limit reached |
| 500 | Server Error | Internal error — retry later |
{
"error": "Monthly scan quota exceeded",
"used": 100,
"limit": 100,
"resetsAt": "2026-03-01T00:00:00Z",
"upgrade": "https://quantrama.com/pricing"
}| Plan | Scans/month | Requests/min | Price |
|---|---|---|---|
| Free | 3 | 5 | $0 |
| Starter | 100 | 10 | $49/mo |
| Pro | 500 | 30 | $149/mo |
| Business | 500 included + overage | 60 | $199/mo + $0.15/scan |
Rate limited responses include a Retry-After header.