API Reference
REST API for integrating Manta scans into your applications and CI/CD.
Authentication
All API requests require an API key in the header. Get your key from the dashboard.
X-API-Key: manta_sk_your_api_key
Base URL:
https://api.manta.red
Credits
Each scan costs 1 credit. Purchase credits from the billing page.
$5
1 scan
$40
10 scans
$175
50 scans
$300
100 scans
Endpoints
POST
/api/scan/mcpScan MCP server code for vulnerabilities
Request Body
{
"code": "// Your MCP server code here",
"options": {
"severity": "medium"
}
}Response
{
"scanId": "scan_abc123",
"status": "complete",
"type": "mcp-audit",
"summary": {
"critical": 1,
"high": 2,
"medium": 3,
"low": 1
},
"findings": [...]
}POST
/api/scan/prompt-injectionTest for prompt injection vulnerabilities
Request Body
{
"systemPrompt": "You are a helpful assistant...",
"options": {
"payloads": ["jailbreak", "extraction"]
}
}Response
{
"scanId": "scan_def456",
"status": "complete",
"type": "prompt-injection",
"summary": {
"tested": 25,
"vulnerable": 3,
"blocked": 22
},
"findings": [...]
}POST
/api/scan/fuzzFuzz tool interfaces for edge cases
Request Body
{
"tools": [
{
"name": "read_file",
"parameters": { "path": "string" }
}
],
"options": {
"iterations": 100
}
}Response
{
"scanId": "scan_ghi789",
"status": "complete",
"type": "tool-fuzzer",
"summary": {
"iterations": 100,
"crashes": 2,
"anomalies": 5
},
"findings": [...]
}POST
/api/scan/fullRun all scanners (comprehensive audit)
Request Body
{
"code": "// Your MCP server code",
"tools": [...],
"systemPrompt": "..."
}Response
{
"scanId": "scan_full123",
"status": "complete",
"type": "full",
"summary": {
"critical": 2,
"high": 4,
"medium": 6,
"low": 3
},
"scannersRun": ["mcp-audit", "prompt-injection", "tool-fuzzer", ...],
"findings": [...]
}GET
/api/scansList your scan history
Query Parameters
limitnumber
Results per page (default: 20)offsetnumber
Pagination offsetResponse
{
"scans": [
{
"scanId": "scan_abc123",
"type": "mcp-audit",
"status": "complete",
"startedAt": "2026-03-21T10:30:00Z",
"summary": { "critical": 1, "high": 2 }
}
],
"total": 42
}GET
/api/scan/:idGet a specific scan with findings
Response
{
"scanId": "scan_abc123",
"type": "mcp-audit",
"status": "complete",
"startedAt": "2026-03-21T10:30:00Z",
"summary": { "critical": 1, "high": 2, "medium": 3, "low": 1 },
"findings": [
{
"id": "finding_001",
"severity": "critical",
"title": "Command execution without sandboxing",
"description": "The tool 'shell_exec' allows...",
"location": { "line": 45, "column": 12 },
"remediation": "Add input validation and sandboxing..."
}
]
}GET
/api/usageGet your account usage and credits
Response
{
"credits": 42,
"scansTotal": 58,
"scansThisMonth": 12
}DELETE
/api/scan/:idDelete a scan from your history
Response
{
"success": true,
"message": "Scan deleted"
}Error Codes
400
Bad request — invalid parameters401
Unauthorized — invalid or missing API key402
Payment required — no credits remaining404
Not found — scan or resource doesn't exist429
Too many requests — rate limit exceeded500
Internal server errorFull Example
# Run an MCP audit scan
curl -X POST https://api.manta.red/api/scan/mcp \
-H "X-API-Key: manta_sk_your_api_key" \
-H "Content-Type: application/json" \
-d '{
"code": "const server = new MCPServer({\n tools: {\n shell_exec: async (cmd) => exec(cmd)\n }\n});"
}'
# Response
{
"scanId": "scan_abc123",
"status": "complete",
"summary": { "critical": 1, "high": 0, "medium": 0, "low": 0 },
"findings": [
{
"severity": "critical",
"title": "Command execution without sandboxing",
"description": "shell_exec allows arbitrary command execution",
"remediation": "Add input validation and use a sandbox..."
}
]
}