API Documentation

ThreatScoreAI™ API

Integrate intelligent vulnerability risk scoring into your security workflow with our simple REST API.

Getting Started Authentication Score Endpoint Code Examples Error Handling API Playground OpenAPI Spec

Getting Started

The ThreatScoreAI™ API provides intelligent vulnerability risk scoring by combining multiple data sources into a single, actionable score.

1. Create an Account

2. Generate an API Key

Create an API key from your dashboard to authenticate requests.

3. Make API Requests

Send vulnerability data to our API and receive risk scores.

Authentication

All API requests must include your API key for authentication. You can provide the key in one of two ways:

Header Option 1:

X-API-Key: tsa_your_api_key_here

Header Option 2:

Authorization: Bearer tsa_your_api_key_here

Score Endpoint

POST/api/score

Request Body

Parameter	Type	Required	Description
cvss	number	Yes	CVSS base score (0-10)
epss	number	Yes	EPSS exploitation probability (0-1)
kev	boolean	Yes	Is in CISA KEV catalog
cweIds	string[]	Yes	Array of CWE identifiers

Response

{
  "threatScore": 89,
  "riskLevel": "Critical",
  "breakdown": {
    "cvss": {
      "weight": 0.4,
      "rawValue": 9.8,
      "contribution": 39.2
    },
    "epss": {
      "weight": 0.3,
      "rawValue": 0.92,
      "contribution": 27.6
    },
    "kev": {
      "weight": 0.2,
      "inKev": true,
      "contribution": 20
    },
    "mitre": {
      "weight": 0.1,
      "techniques": [
        {
          "cwe": "CWE-78",
          "technique": "T1059 - Command and Scripting Interpreter",
          "severity": 95
        },
        {
          "cwe": "CWE-89",
          "technique": "T1190 - Exploit Public-Facing Application",
          "severity": 90
        }
      ],
      "contribution": 9.3
    }
  },
  "timestamp": "2026-02-28T12:00:00.000Z"
}

Risk Levels

Critical

80-100

High

60-79

Medium

40-59

Low

0-39

Code Examples

curl -X POST https://your-domain.com/api/score \
  -H "Content-Type: application/json" \
  -H "X-API-Key: tsa_your_api_key_here" \
  -d '{
    "cvss": 9.8,
    "epss": 0.92,
    "kev": true,
    "cweIds": ["CWE-78", "CWE-89"]
  }'

Error Handling

Status Code	Error	Description
400	Validation Error	Invalid request body or parameters
401	Unauthorized	Missing or invalid API key
429	Too Many Requests	Rate limit exceeded
500	Internal Server Error	Unexpected server error

API Playground

Test the API

Enter your API key and test parameters to see the ThreatScoreAI™ response.

API Key

CVSS Score (0-10)

EPSS Probability (0-1)

CWE IDs (comma-separated)

In CISA KEV?

YesNo

Important Legal Notice

ThreatScoreAI™ is a trademark pending registration. The vulnerability risk scores, assessments, and recommendations provided through this API are for informational and research purposes only. They do not constitute professional security advice, and should not be the sole basis for security decisions. The scoring algorithm combines publicly available data sources (CVSS, EPSS, CISA KEV, MITRE ATT&CK) and may not reflect all risk factors relevant to your specific environment. ThreatScoreAI™ makes no warranties regarding accuracy, completeness, or fitness for any particular purpose. Users assume full responsibility for how they interpret and act upon the provided scores. By using this API, you agree that ThreatScoreAI™ shall not be liable for any damages arising from the use of this service.