API Overview
Interactive API Documentation
The full list of available API endpoints, request/response schemas, and parameter details is available in the interactive OpenAPI (Swagger) documentation at:
You can browse all endpoints, inspect request and response schemas, and try out API calls directly from the browser. Authentication is required — sign in to CVEFeed.io first, then visit the docs page.
Base URL
https://cvefeed.io/api/v1/Authentication
All API requests require authentication via a project-scoped API token:
curl -H "Authorization: Bearer cvf_your_token_here" \ https://cvefeed.io/api/v1/projects/{project_id}/vulnerabilities/See API Tokens for how to create and manage tokens.
Rate Limits
Rate limits are based on the project owner’s subscription tier:
| Tier | Requests per Minute |
|---|---|
| Free | 30 |
| Starter | 90 |
| Pro | 180 |
| Enterprise | 720 |
The rate limit is determined by the project owner’s subscription tier — not the individual member’s or token’s. All requests to the same project (from any token or member) share one rate limit bucket.
Response Format
All responses are JSON. Successful responses return the data directly or wrapped in a pagination envelope:
{ "count": 42, "next": "https://cvefeed.io/api/v1/.../vulnerabilities/?page=2", "previous": null, "results": [...]}Error Responses
Errors return appropriate HTTP status codes with a detail message:
{ "detail": "Authentication credentials were not provided."}| Status | Meaning |
|---|---|
| 401 | Missing or invalid token |
| 403 | Token lacks required scope |
| 404 | Resource not found |
| 429 | Rate limit exceeded |
Token Scopes
API tokens use resource-based scoping. Each endpoint requires a specific scope:
| Scope | Endpoints |
|---|---|
vulnerabilities | /vulnerabilities/ |
subscriptions | /subscriptions/ |
alerts | /alerts/ |
integrations | /webhooks/, /slack/ |
activity_log | /activity-log/ |
project | /project/ settings |
A token without the required scope receives a 403 Forbidden response.