BlockchainSpy — API Documentation

Introduction

BlockchainSpy provides a REST API for automated smart contract security auditing. Submit Solidity source code or a verified contract address and receive a comprehensive security report powered by 8+ industry-leading analysis tools.

Key points: All responses are JSON. No authentication is required for audit endpoints. Rate limits apply based on your plan.

Base URL

https://blockchainspy.online/api

All endpoint paths below are relative to this base URL.

Endpoints

POST /api/audit/submit

Submit a smart contract for security audit. Provide either the source code directly or a verified contract address on a supported chain.

Request Body

Parameter	Type	Required	Description
`sourceCode`	string	Required*	Solidity source code (max 1MB)
`contractAddress`	string	Required*	Verified contract address (alternative to sourceCode)
`contractName`	string	Optional	Name of the contract
`chain`	string	Optional	Chain ID: ETH, BSC, POLYGON, OPTIMISM, FANTOM, GNOSIS, CRONOS
`clientEmail`	string	Optional	Email to receive the report and look up history
`plan`	string	Optional	Audit plan: free, basic, or pro

* Either sourceCode or contractAddress is required.

Response

{
  "success": true,
  "requestId": "audit_a1b2c3d4",
  "status": "pending"
}

Example cURL

curl -X POST https://blockchainspy.online/api/audit/submit \
  -H "Content-Type: application/json" \
  -d '{
    "sourceCode": "pragma solidity ^0.8.0; contract Test { ... }",
    "contractName": "MyContract",
    "clientEmail": "dev@example.com"
  }'

GET /api/audit/status/:id

Check the current status of an audit request. Poll this endpoint to know when the report is ready.

Response

{
  "success": true,
  "status": "pending" | "running" | "completed" | "failed"
}

GET /api/audit/report/:id

Retrieve the full audit report as JSON. Includes security score, all findings, tool results, and AI analysis.

Response

{
  "success": true,
  "score": 67,
  "severities": {
    "critical": 1,
    "high": 3,
    "medium": 5,
    "low": 8,
    "info": 12
  },
  "findings": [...],
  "toolsUsed": [...],
  "ai": {
    "summary": "...",
    "risk": "...",
    "recommendations": [...]
  }
}

GET /api/audit/report/:id?format=html

Get a summary HTML report. Suitable for embedding or quick viewing in a browser.

Returns text/html content type instead of JSON.

GET /api/audit/report/:id/full

Get the full detailed HTML report with all findings, tool outputs, AI analysis, and proof-of-exploit sections.

Returns text/html content type. This is the most comprehensive report format.

Analysis Tools

BlockchainSpy runs your contract through multiple industry-leading security tools in parallel for comprehensive coverage.

Slither

Mythril

Echidna

Solhint

CodeBERT

Claude AI

Additional Integrations

SWC Registry — All findings are mapped to the Smart Contract Weakness Classification registry for standardized vulnerability identification.
DeFi Hack Database — Findings are correlated against known real-world DeFi exploits to identify patterns from past attacks.

Rate Limits

Rate limits are applied per IP address. Upgrade your plan for higher limits.

Free

10

audits / day

Basic

50

audits / day

Pro

∞

unlimited

Quick Start

Get started with the BlockchainSpy API in just a few lines of code.

// Submit audit
const response = await fetch('https://blockchainspy.online/api/audit/submit', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify({
    sourceCode: 'pragma solidity ^0.8.0; contract Test { ... }',
    contractName: 'MyContract'
  })
});
const { requestId } = await response.json();

// Poll status
const status = await fetch(`/api/audit/status/${requestId}`).then(r => r.json());

// Get report
const report = await fetch(`/api/audit/report/${requestId}`).then(r => r.json());
console.log(`Security Score: ${report.score}/100`);