API Reference

Base URL: https://api.depswright.com/v1

Authentication

All API requests require a Bearer token in the Authorization header:

Authorization: Bearer dpw_live_xxxxxxxxxxxxxxxx

Get your API key from the Depswright dashboard under Settings → API Keys.

Scans

POST /scans

Trigger a scan for a repository.

curl -X POST https://api.depswright.com/v1/scans \
  -H "Authorization: Bearer dpw_live_xxx" \
  -H "Content-Type: application/json" \
  -d '{"repo_id": "repo_abc123"}'

Response:

{
  "scan_id": "scan_def456",
  "status": "queued",
  "repo_id": "repo_abc123",
  "created_at": "2026-04-07T09:00:00Z"
}

GET /scans/:scan_id

Retrieve a scan result.

curl https://api.depswright.com/v1/scans/scan_def456 \
  -H "Authorization: Bearer dpw_live_xxx"

Response includes: status, summary, violations, warnings, graph_stats.

Repositories

GET /repos

List all repos linked to your account.

curl https://api.depswright.com/v1/repos \
  -H "Authorization: Bearer dpw_live_xxx"

POST /repos

Add a repository by its provider URL.

curl -X POST https://api.depswright.com/v1/repos \
  -H "Authorization: Bearer dpw_live_xxx" \
  -H "Content-Type: application/json" \
  -d '{"url": "https://github.com/acme/payments-service"}'

Webhooks

Configure webhooks to receive scan completion events:

POST /webhooks

{
  "url": "https://your-server.example.com/hooks/depswright",
  "events": ["scan.completed", "scan.failed", "violation.critical"]
}

Webhook payloads are signed with HMAC-SHA256. Verify using the secret shown once at creation time.

Configuration