Quick Start

From zero to first API call in 30 seconds. No signup, no API key required.

Docs: Tool Selection Guide · Endpoints · Prompts · Resources

1 cURL

Copy, paste, run.

bashcurl https://api.contrastcyber.com/v1/domain/example.com

bash# CVE lookup
curl https://api.contrastcyber.com/v1/cve/CVE-2024-3094

# Live header scan
curl https://api.contrastcyber.com/v1/scan/headers/example.com

# IP intelligence
curl https://api.contrastcyber.com/v1/ip/8.8.8.8

# Code secrets scan
curl -X POST https://api.contrastcyber.com/v1/check/secrets \
  -H "Content-Type: application/json" \
  -d '{"code": "aws_key = AKIAIOSFODNN7EXAMPLE"}'

2 Node.js / JavaScript

npm No SDK needed — just fetch.

javascript// Domain security report
const res = await fetch('https://api.contrastcyber.com/v1/domain/example.com');
const data = await res.json();
console.log(data.risk_score);   // { grade: "B", score: 72, ... }
console.log(data.ssl.grade);    // "A"
console.log(data.dns.records);  // [{ type: "A", value: "93.184.216.34" }, ...]

// CVE lookup
const cve = await fetch('https://api.contrastcyber.com/v1/cve/CVE-2024-3094');
const vuln = await cve.json();
console.log(vuln.severity);     // "critical"
console.log(vuln.epss_score);   // 0.94

3 Python

pythonimport requests

# Domain report
r = requests.get('https://api.contrastcyber.com/v1/domain/example.com')
data = r.json()
print(data['risk_score']['grade'])  # "B"

# Scan code for secrets
r = requests.post('https://api.contrastcyber.com/v1/check/secrets',
    json={'code': 'password = "hunter2"'})
print(r.json()['findings'])

4 CI/CD (GitHub Actions)

yaml# .github/workflows/security.yml
- name: Security header check
  run: |
    GRADE=$(curl -s https://api.contrastcyber.com/v1/scan/headers/$DOMAIN | jq -r '.grade')
    if [ "$GRADE" = "F" ]; then echo "Security grade F!" && exit 1; fi

5 With a Pro API Key (optional)

Free tier is {{ free_limit }} req/hr. Add an Authorization: Bearer cc_... header to unlock {{ pro_limit }} req/hr and full AbuseIPDB + Shodan reputation enrichment on /v1/domain/, /v1/ip/, and /v1/threat-report/.

bash# cURL with Pro key
curl -H "Authorization: Bearer $CONTRASTAPI_API_KEY" \
  https://api.contrastcyber.com/v1/ip/8.8.8.8

javascript// Node.js / JavaScript — key from env
const res = await fetch('https://api.contrastcyber.com/v1/ip/8.8.8.8', {
  headers: { 'Authorization': `Bearer ${process.env.CONTRASTAPI_API_KEY}` }
});
const data = await res.json();
console.log(data.reputation.abuseipdb.abuse_score);  // 0 for clean IPs
console.log(data.reputation.shodan.ports);            // [22, 80, 443, ...]

pythonimport os, requests

headers = {'Authorization': f'Bearer {os.environ["CONTRASTAPI_API_KEY"]}'}
r = requests.get('https://api.contrastcyber.com/v1/ip/8.8.8.8', headers=headers)
print(r.json()['reputation']['shodan']['ports'])

yaml{% raw %}# GitHub Actions — key from repo secrets
- name: Threat report with Pro enrichment
  env:
    CONTRASTAPI_API_KEY: ${{ secrets.CONTRASTAPI_API_KEY }}
    TARGET_IP: "8.8.8.8"
  run: |
    curl -H "Authorization: Bearer $CONTRASTAPI_API_KEY" \
      https://api.contrastcyber.com/v1/threat-report/$TARGET_IP{% endraw %}

Get a Pro key ($15/mo): api.contrastcyber.com/pricing — or email contact@contrastcyber.com.