CypherScan API
Scan files before they hit production
Use the CypherScan API to scan files for malware, exposed secrets, and risky patterns before they enter your application, CMS, or deployment pipeline.
Get your API key instantly
Create your API key and start securing upload workflows immediately.
API keys remain private inside your CypherScan dashboard.
Ask questions or get setup help in the CypherNet Security Discord.
Install official CypherScan integrations for WordPress, Strapi, Payload CMS, Directus, and Ghost. Every integration uses the same secure presigned upload workflow.
Explore realistic examples of exposed secrets, malware indicators, suspicious ZIP uploads, and risky payloads detected by CypherScan.
Secure upload API
Presigned upload workflow
CypherScan integrations no longer send uploaded files through the scan endpoint as multipart FormData. Files are uploaded directly to temporary object storage and scanned by object key.
Request a presigned upload
Authenticate with your CypherScan API key and request a temporary upload URL.
Upload the file
Upload the file directly to the temporary object storage URL returned by CypherScan.
Request the scan
Submit the returned objectKey to the scan endpoint for security analysis.
Apply the verdict
Allow or block the original CMS upload according to the CypherScan verdict.
Authentication header
Authorization: Bearer YOUR_API_KEY Content-Type: application/json
API endpoints
The presign route currently depends on the integration version. Refer to the README for your CMS plugin for its exact endpoint and request fields.
POST /api/v1/upload/presign or POST /api/v1/presign
PUT PRESIGNED_UPLOAD_URL
POST /api/v1/scan
{
"objectKey": "TEMPORARY_OBJECT_KEY"
}Integration-specific configuration
Use the documentation page or GitHub README for your CMS integration to confirm its exact presign endpoint, environment variables, blocking behavior, and Fail Open or Fail Closed configuration.
API keys remain private in your dashboard. Never expose a CypherScan API key in browser-side code or a public repository.