M
API Matrix

Mozilla tls scanner API

Security / No Auth Required Beginner HTTPS
Free to Use Varies (check documentation)
87 Score
Grade A
Visit Official Site Compare Alternatives

Overview

The Mozilla TLS Scanner API lets you check the TLS/SSL configuration of any public domain. It tests for common security issues like weak cipher suites, certificate problems, and protocol misconfigurations. This is a great tool for learning what makes HTTPS connections secure or vulnerable.

💡

Beginner Tip

Submit a scan with a POST request, then poll the GET endpoint with the returned scan ID until the scan status is "finished" — results usually arrive within 10-30 seconds.

Available Data

Use case: Integrate mozilla observatory tls scanner data into web and mobile applications
Mozilla tls scanner data via REST API
JSON-formatted response data
Freely accessible without authentication

Example Response

JSON Response 
{
  "status": "success",
  "data": {
    "result": "Data from Mozilla tls scanner",
    "description": "Mozilla observatory tls scanner",
    "timestamp": "2025-01-15T10:00:00Z"
  }
}

Field Reference

id Unique scan ID used to retrieve results.
target The domain name that was scanned.
status Current scan status: "pending", "running", or "finished".
has_tls Whether the target supports TLS/HTTPS.
cert_id Internal ID for the TLS certificate found on the target.
analysis List of analyzer results detailing specific TLS checks and their pass/fail status.

Implementation Example 

const url = "https://github.com/mozilla/tls-observatory";
const response = await fetch(url);
if (!response.ok) throw new Error(`Request failed: ${response.status}`);
const data = await response.json();
console.log(data);

What Can You Build?

Note: These code examples are AI-generated and unverified. Always refer to the official API documentation for accurate usage.

Common Errors & Troubleshooting

Scan result shows status "pending" TLS scans take time; the result is not ready immediately after submitting.
Use the scan ID to poll GET /api/v1/results?id=<scanID> in a loop until status is "finished".
400 Bad Request The target domain parameter is missing or malformed.
Ensure the query string uses ?target=yourdomain.com with a valid hostname (no http:// prefix).
Empty or unexpected response The domain may be unreachable or the observatory backend is overloaded.
Verify the domain resolves publicly and retry after a short wait.

Matrix Score Breakdown

🌐 Reachability 30/30
⚡ Speed 20/20
🔒 Security 15/15
🛠 Developer XP 15/20
✓ Reliability 7/15
Response Time 56ms

Fully tested on Apr 5, 2026

Technical Specifications

Auth No Auth
HTTPS REQUIRED
CORS UNKNOWN
Category Security
Difficulty Beginner
Verified: 2026-04-04

Similar APIs

View All →

Classify

0

Classify provides programmatic access to encrypting & decrypting text messages via REST API.

No Auth Beginner HTTPS 1ms

Dehash.lt

0

Dehash.lt provides programmatic access to hash decryption md5, sha1, sha3, sha256, sha384, sha512 via REST API.

No Auth Beginner HTTPS 52ms

EmailRep

⭐ Beginner's Pick
95

EmailRep is a free API that evaluates the risk and reputation of an email address in seconds.

No Auth Beginner HTTPS 36ms

Escape

⭐ Beginner's Pick
84

EscapeAPI is a simple open-source utility API that takes raw user input and returns properly escaped versions safe for use in HTML, SQL, shell, and other contexts.

No Auth Beginner HTTPS 80ms

FilterLists

⭐ Beginner's Pick
87

FilterLists is a community-maintained directory API that catalogs hundreds of filter lists used by ad blockers and firewalls like uBlock Origin and Pi-hole.

No Auth Beginner HTTPS 83ms