AllyProof/Docs
Log InGet Started

API Reference

Complete REST API documentation. All endpoints return JSON. Dashboard APIs use session cookies; CI/CD APIs use API keys.

Authentication

Dashboard APIs (/api/*)

Authenticated automatically via Supabase session cookie in the browser.

CI/CD API (/api/v1/*)

Pass your API key via header:

x-api-key: ap_live_abc123...
# or
Authorization: Bearer ap_live_abc123...

CI/CD Scan

POST /api/v1/scan

Trigger an accessibility scan from CI/CD.

ParameterTypeRequiredDescription
urlstringYesSite URL (must match registered site)
thresholdnumberNoMinimum score to pass (0-100)
waitbooleanNoBlock until complete (max 5 min)
max_pagesnumberNoOverride page limit

GET /api/v1/scan?id={scanId}

Poll scan status and results.

API Keys

MethodEndpointDescription
GET/api/api-keysList keys (hashes hidden)
POST/api/api-keysCreate key (full key shown once)
DELETE/api/api-keys?id={id}Revoke key

Sites

MethodEndpointDescription
GET/api/sitesList all sites
POST/api/sitesAdd a site
GET/api/sites/{id}Get site details
PATCH/api/sites/{id}Update site
DELETE/api/sites/{id}Remove site
POST/api/sites/{id}/verifyVerify ownership

Scans

MethodEndpointDescription
GET/api/scansList scan jobs
POST/api/scansTrigger manual scan
GET/api/scans/{id}Scan details
GET/api/scans/{id}/pagesPer-page results

Violations

MethodEndpointDescription
GET/api/violationsList violations (filterable)
GET/api/violations/{id}Violation details
PATCH/api/violations/{id}Update status/notes
POST/api/violations/{id}/fixGenerate AI fix

Reports

MethodEndpointDescription
GET/api/vpatsList VPATs
POST/api/vpatsGenerate VPAT
GET/api/vpats/{id}VPAT details
POST/api/statementsPublish accessibility statement

Team & Settings

MethodEndpointDescription
GET/api/teamList members
POST/api/teamInvite member
DELETE/api/team?id={id}Remove member
GET/api/settingsGet org settings
PATCH/api/settingsUpdate org settings