{"openapi":"3.1.0","info":{"title":"security.txt API","version":"1.0.0","description":"Fetch and parse any domain's RFC 9116 security.txt — the machine-readable file at /.well-known/security.txt that tells security researchers how to report vulnerabilities. Pass a domain and the service locates the file (the canonical .well-known path with a legacy root fallback), parses every field — Contact, Expires, Encryption, Acknowledgments, Preferred-Languages, Canonical, Policy, Hiring and CSAF — and reports whether it is valid (has at least one Contact and a single, non-expired Expires), whether it is PGP-signed, whether it has expired (with the number of days remaining) and a list of issues with concrete advice. A companion endpoint returns the raw file. The request is made server-side; private and internal targets are refused (SSRF-guarded). Built for security audits, vendor and third-party risk assessment, attack-surface reviews and vulnerability-disclosure-policy compliance checks. A security.txt parser and validator — distinct from the HTTP security-header grader (secheaders), the SSL/TLS certificate check (sslcheck) and host reachability (hostcheck). No upstream key, no cache.","contact":{"name":"PremiumApi","url":"https://www.oanor.com/by/premiumapi"}},"servers":[{"url":"https://api.oanor.com/securitytxt-api","description":"oanor gateway"}],"tags":[{"name":"security.txt"},{"name":"Meta"}],"components":{"securitySchemes":{"oanorKey":{"type":"apiKey","in":"header","name":"x-oanor-key","description":"Get your key at https://www.oanor.com/developer/keys"}}},"security":[{"oanorKey":[]}],"paths":{"/v1/check":{"get":{"operationId":"get_v1_check","tags":["security.txt"],"summary":"Parse & validate a domain's security.txt","description":"","parameters":[{"name":"url","in":"query","required":true,"description":"Domain or URL","schema":{"type":"string"},"example":"google.com"}],"security":[{"oanorKey":[]}],"responses":{"200":{"description":"OK"},"401":{"description":"Missing or invalid x-oanor-key header"},"402":{"description":"Active subscription required"},"429":{"description":"Rate-limit or monthly quota reached"},"502":{"description":"Upstream did not respond"}}}},"/v1/raw":{"get":{"operationId":"get_v1_raw","tags":["security.txt"],"summary":"Raw security.txt content","description":"","parameters":[{"name":"url","in":"query","required":true,"description":"Domain or URL","schema":{"type":"string"},"example":"google.com"}],"security":[{"oanorKey":[]}],"responses":{"200":{"description":"OK"},"401":{"description":"Missing or invalid x-oanor-key header"},"402":{"description":"Active subscription required"},"429":{"description":"Rate-limit or monthly quota reached"},"502":{"description":"Upstream did not respond"}}}},"/v1/meta":{"get":{"operationId":"get_v1_meta","tags":["Meta"],"summary":"RFC 9116 fields & locations","description":"","parameters":[],"security":[{"oanorKey":[]}],"responses":{"200":{"description":"OK"},"401":{"description":"Missing or invalid x-oanor-key header"},"402":{"description":"Active subscription required"},"429":{"description":"Rate-limit or monthly quota reached"},"502":{"description":"Upstream did not respond"}}}}},"x-oanor-pricing":[{"slug":"free","name":"Free","price_cents_month":0,"monthly_call_quota":2400,"rps_limit":2,"hard_limit":true},{"slug":"starter","name":"Starter","price_cents_month":695,"monthly_call_quota":48000,"rps_limit":8,"hard_limit":true},{"slug":"pro","name":"Pro","price_cents_month":2180,"monthly_call_quota":244000,"rps_limit":20,"hard_limit":true},{"slug":"mega","name":"Mega","price_cents_month":5750,"monthly_call_quota":888000,"rps_limit":50,"hard_limit":true}],"x-oanor-marketplace-url":"https://www.oanor.com/api/securitytxt-api"}