API Overview
Complete guide to the Extension Auditor REST API for browser extension security analysis and monitoring.
The Extension Auditor API provides programmatic access to our browser extension security platform. Use the API to integrate extension analysis into your security workflows, automate monitoring, and build custom integrations.
Base URL
All API endpoints are available at:
https://extensionauditor.com/api/v1
Interactive Documentation
For hands-on API exploration, visit our Scalar API Reference which provides:
- Interactive endpoint testing
- Request/response examples
- Schema definitions
- Authentication testing
Available Endpoints
Extensions
Query and analyze Chrome extensions from our comprehensive database.
| Endpoint | Method | Description |
|---|---|---|
/extensions | GET | List extensions with filtering and pagination |
/extensions/{id} | GET | Get detailed extension information |
/extensions/{id}/reviews | GET | Get extension reviews |
/extensions/{id}/versions/{version}/analysis | POST | Trigger security analysis |
/extensions/{id}/versions/{version}/manifest | GET | Get extension manifest |
Publishers
Access publisher profiles and reputation data.
| Endpoint | Method | Description |
|---|---|---|
/publishers | GET | List publishers with filtering |
/publishers/{id} | GET | Get publisher details |
/publishers/{id}/extensions | GET | Get publisher's extensions |
Monitoring
Set up continuous monitoring for extensions.
| Endpoint | Method | Description |
|---|---|---|
/monitors | GET | List your monitors |
/monitors | POST | Create a new monitor |
/monitors/{id} | GET | Get monitor details |
/monitors/{id} | DELETE | Delete a monitor |
/monitors/{id}/webhooks | GET | List webhook destinations |
/monitors/{id}/webhooks | POST | Add webhook destination |
PermHash
Analyze permission patterns and discover similar extensions.
| Endpoint | Method | Description |
|---|---|---|
/permhash/{hash} | GET | Get extensions with matching PermHash |
/permhash/cluster/{extensionId} | GET | Get cluster for an extension |
/permhash/clusters/risky | GET | Get high-risk permission clusters |
Risk Engine
Trigger and retrieve security analysis reports.
| Endpoint | Method | Description |
|---|---|---|
/risk-engine/bulk-analysis | POST | Analyze multiple extensions |
/risk-engine/webhook/analyze | POST | Webhook-triggered analysis |
Authentication
All API endpoints require authentication. See the Authentication guide for details.
Rate Limits
| Operation | Rate Limit |
|---|---|
| Read (single resource) | 100/min |
| List (multiple resources) | 60/min |
| Search | 30/min |
| Write (create/update/delete) | 20/min |
Response Format
All responses use a consistent JSON structure:
Success Response
{
"success": true,
"data": {
// Response data
}
}
Paginated Response
{
"success": true,
"result": [],
"page": 1,
"page_size": 25,
"total_count": 150,
"total_pages": 6
}
Error Response
{
"success": false,
"error": "Error message"
}
Next Steps
- Authentication - Set up API access
- Extensions API - Query extension data
- Monitors API - Set up monitoring
- PermHash API - Analyze permission patterns