CypherScan logo
CypherScan
by CypherNet

CypherScan API

Scan files before they hit production

Use the CypherScan API to scan files for malware, exposed secrets, and risky patterns before they enter your application, CMS, or deployment pipeline.

Get your API key instantly

Create your API key and start securing upload workflows immediately.

API keys remain private inside your CypherScan dashboard.

Need help integrating?

Ask questions or get setup help in the CypherNet Security Discord.

CMS Integrations

Install official CypherScan integrations for WordPress, Strapi, Payload CMS, Directus, and Ghost. Every integration uses the same secure presigned upload workflow.

Presign → Upload → Scan(objectKey) → Verdict → Allow / Block
See real detection examples

Explore realistic examples of exposed secrets, malware indicators, suspicious ZIP uploads, and risky payloads detected by CypherScan.

Secure upload API

Presigned upload workflow

CypherScan integrations no longer send uploaded files through the scan endpoint as multipart FormData. Files are uploaded directly to temporary object storage and scanned by object key.

Step 1

Request a presigned upload

Authenticate with your CypherScan API key and request a temporary upload URL.

Step 2

Upload the file

Upload the file directly to the temporary object storage URL returned by CypherScan.

Step 3

Request the scan

Submit the returned objectKey to the scan endpoint for security analysis.

Step 4

Apply the verdict

Allow or block the original CMS upload according to the CypherScan verdict.

Authentication header

Authorization: Bearer YOUR_API_KEY
Content-Type: application/json

API endpoints

The presign route currently depends on the integration version. Refer to the README for your CMS plugin for its exact endpoint and request fields.

POST /api/v1/upload/presign
or
POST /api/v1/presign
PUT PRESIGNED_UPLOAD_URL
POST /api/v1/scan

{
  "objectKey": "TEMPORARY_OBJECT_KEY"
}

Integration-specific configuration

Use the documentation page or GitHub README for your CMS integration to confirm its exact presign endpoint, environment variables, blocking behavior, and Fail Open or Fail Closed configuration.

API keys remain private in your dashboard. Never expose a CypherScan API key in browser-side code or a public repository.