API Reference

The Patchlynx REST API lets you retrieve scan results, manage repositories, and integrate findings into your own tooling.

Authentication

All API requests require a Bearer token. Generate API keys in your dashboard under Settings → API Keys.

HTTP Request

GET https://api.patchlynx.com/v1/repos
Authorization: Bearer plx_live_your_api_key_here
Content-Type: application/json

Base URL

https://api.patchlynx.com/v1

Endpoints

GET /repos

List all connected repositories for the authenticated account.

Response

Response 200

{
  "repos": [
    {
      "id": "r_2xKj9n",
      "name": "org/myapp",
      "provider": "github",
      "plan": "pro",
      "last_scan": "2026-05-14T09:41:00Z"
    }
  ],
  "total": 1
}

GET /repos/:id/scans

List scan history for a specific repository. Returns scans in reverse chronological order.

Parameters

Param	Type	Description
`limit`	integer	Max results per page. Default 20, max 100.
`cursor`	string	Pagination cursor from previous response.
`verdict`	string	Filter: pass, warning, block.

GET /scans/:scan_id/findings

Retrieve all CVE findings for a specific scan, with reachability verdicts and call chain data.

POST /repos/:id/scans

Trigger an on-demand scan of the default branch. Returns a scan ID; poll /scans/:id for status.

Rate limits

API calls are rate-limited to 300 requests per minute per API key. The response headers include X-RateLimit-Remaining and X-RateLimit-Reset.