POST /api/security-audit Bearer

Run Security Audit

Execute PocketPaw's 7 built-in security audit checks on demand and return detailed results. Detects misconfigurations in permissions, tokens, API keys, and security settings.

Overview

Runs the 7 built-in security audit checks against the current configuration and returns detailed results. This is the API equivalent of pocketpaw --security-audit.

Response

total integer

Total number of checks executed

passed integer

Number of checks that passed

issues integer

Number of checks that found issues

results array

Detailed results for each check.

check string

Check name (e.g., file_permissions, api_key_exposure)

passed boolean

Whether the check passed

message string

Description of what was found

fixable boolean

Whether the issue can be auto-fixed with --fix

curl -X POST "http://localhost:8000/api/security-audit" \
  -H "Authorization: Bearer <token>"

const response = await fetch("http://localhost:8000/api/security-audit", {
  method: "POST",
  headers: { "Authorization": "Bearer <token>" }
});
const data = await response.json();
console.log(data);

import requests

response = requests.post(
    "http://localhost:8000/api/security-audit",
    headers={"Authorization": "Bearer <token>"}
)
print(response.json())

{
  "total": 7,
  "passed": 5,
  "issues": 2,
  "results": [
    {
      "check": "file_permissions",
      "passed": true,
      "message": "Config directory permissions are correct (700)",
      "fixable": false
    },
    {
      "check": "api_key_exposure",
      "passed": false,
      "message": "API key found in environment variable without restricted permissions",
      "fixable": true
    }
  ]
}

Was this page helpful?

Request

curl -X POST "http://localhost:8000/api/security-audit" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer <token>"

const response = await fetch("http://localhost:8000/api/security-audit", {
  method: "POST",
  headers: {
    "Content-Type": "application/json",
    "Authorization": "Bearer <token>"
},
});

const data = await response.json();
console.log(data);

import requests

response = requests.post(
    "http://localhost:8000/api/security-audit",
    headers={'Content-Type':'application/json','Authorization':'Bearer <token>'},
)

print(response.json())

package main

import (
    "fmt"
    "net/http"
    "io"
)

func main() {
    req, _ := http.NewRequest("POST", "http://localhost:8000/api/security-audit", nil)
    req.Header.Set("Content-Type", "application/json")
    req.Header.Set("Authorization", "Bearer <token>")

    client := &http.Client{}
    resp, _ := client.Do(req)
    defer resp.Body.Close()

    body, _ := io.ReadAll(resp.Body)
    fmt.Println(string(body))
}

Response
Send a request to see the response