M
API Matrix

URLScan.io API

Anti-malware / API Key Intermediate HTTPS
Varies by plan (check documentation)
77 Score
Grade B
Visit Official Site Compare Alternatives

Overview

URLScan.io scans and screenshots any URL in a sandboxed browser, then returns a detailed report covering the page content, network requests, linked domains, technologies detected, and threat indicators. It is particularly useful for safely investigating suspicious links without visiting them yourself. Beginners can use it to build phishing investigation tools or link preview features.

💡

Beginner Tip

Register at urlscan.io for a free API key. Scanning is asynchronous — first POST to /scan to submit, then poll GET /result/{uuid}/ until the scan is complete (usually 10-30 seconds).

Available Data

Use case: Integrate scan and analyse urls data into web and mobile applications
URLScan.io data via REST API
JSON-formatted response data
Requires API key authentication

Example Response

JSON Response 
{
  "status": "success",
  "data": {
    "result": "Data from URLScan.io",
    "description": "Scan and Analyse URLs",
    "timestamp": "2025-01-15T10:00:00Z"
  }
}

Field Reference

uuid Unique scan identifier; use this to fetch the full result at /api/v1/result/{uuid}/
result URL where the full scan report will be available once processing is complete
api Direct API URL to retrieve the JSON result for this scan
visibility Whether the scan is public, unlisted, or private based on what was submitted
url The URL that was submitted for scanning
message Status message from the API, typically Submission successful on success

Implementation Example 

const url = "https://urlscan.io/about-api/";
// Replace headers or query params with the values required by this API.
const response = await fetch(url, {
  headers: {
  "X-API-Key": "YOUR_API_KEY"
  }
});
if (!response.ok) throw new Error(`Request failed: ${response.status}`);
const data = await response.json();
console.log(data);

What Can You Build?

Note: These code examples are AI-generated and unverified. Always refer to the official API documentation for accurate usage.

Common Errors & Troubleshooting

400 Bad Request on scan submission The url field is missing from the POST body or is not a valid URL
Send a JSON body with at least {"url": "https://example.com", "visibility": "public"} and set Content-Type: application/json
404 on result fetch Polling for results too quickly before the scan has finished processing
Wait at least 10 seconds after submitting before fetching results; implement a polling loop with a delay
429 Too Many Requests Free tier is limited to 100 scans per day
Cache scan results by URL and avoid rescanning recently checked URLs; upgrade to a paid plan for higher limits

Matrix Score Breakdown

🌐 Reachability 30/30
⚡ Speed 10/20
🔒 Security 15/15
🛠 Developer XP 12/20
✓ Reliability 10/15

Partially tested on Apr 5, 2026

Technical Specifications

Auth API Key
HTTPS REQUIRED
CORS UNKNOWN
Category Anti-malware
Difficulty Intermediate
Verified: 2026-04-07

Similar APIs

View All →

AbuseIPDB

77

AbuseIPDB lets you check whether an IP address has been reported for malicious activity like spam, hacking, or DDoS attacks.

API Key Intermediate HTTPS

AlienVault Open Threat Exchange (OTX)

0

AlienVault Open Threat Exchange (OTX) provides programmatic access to ip/domain/url reputation via REST API.

API Key Intermediate HTTPS

CAPEsandbox

77

CAPEsandbox is an open-source malware analysis platform that executes suspicious files in an isolated environment and reports on their behavior.

API Key Intermediate HTTPS

Google Safe Browsing

77

Google Safe Browsing lets you check any URL against Google's constantly updated lists of phishing sites, malware distributors, and unwanted software.

API Key Intermediate HTTPS

MalDatabase

0

MalDatabase provides programmatic access to provide malware datasets and threat intelligence feeds via REST API.

API Key Intermediate HTTPS