API Documentation

SmartSec scans smart contracts for security vulnerabilities. Free tier available, or $0.50-$2.00 for Claude AI analysis (based on contract size).

No API Keys

Basic tier is free (1 scan/day). Pro tier costs $0.50-$2.00 based on contract size - pay with USDC on Solana and include the transaction signature in the X-PAYMENT header.

Overview

Base URL: https://api.smartsec.app

All requests should use HTTPS. The API accepts multipart form data for file uploads and returns JSON responses.

Quick Start

# Free scan (1/day)
curl -X POST https://api.smartsec.app/audit \
  -F "file=@contract.sol" \
  -F "tier=basic"

# Pro scan ($0.50-$2.00 based on contract size)
# 1. Call /estimate to get price for your contract
# 2. Send USDC to wallet, include tx signature in header

curl -X POST https://api.smartsec.app/audit \
  -H "X-PAYMENT: <tx-signature>" \
  -F "file=@contract.sol" \
  -F "tier=pro"

Authentication

Basic tier: No authentication needed. Just call the API (1 scan/day limit).

Pro tier: Pay USDC on Solana (price varies by contract size), then include the transaction signature:

X-PAYMENT: 5eykt4UsFv8P8NJdTREpY1vzqKqZKvdpKuc147dw2N9g...

x402 Payment Flow (Pro tier)

Call POST /audit with tier=pro (without payment)
Receive 402 Payment Required with x402 headers and payment details
Send USDC to the address specified in the response
Retry POST /audit with X-PAYMENT: <tx-signature>
Server verifies on-chain payment and returns scan results

402 Response Format

Response Headers

HTTP/1.1 402 Payment Required
X-Payment-Required: true
X-Payment-Network: solana-mainnet
X-Payment-Asset: USDC
X-Payment-Address: <payment-wallet>
X-Payment-Amount: 500000
X-Payment-Amount-USD: 0.50
X-Payment-Description: Pro audit: 150 lines (small)

Response Body

{
  "success": false,
  "error": "Payment required",
  "x402": {
    "version": "1.0",
    "network": "solana-mainnet",
    "asset": "USDC",
    "address": "<payment-wallet>",
    "amount": 500000,
    "amount_usd": 0.50,
    "description": "Pro audit for 150 lines (small contract)"
  },
  "instructions": "Send USDC to the address, then retry with X-PAYMENT header containing the transaction signature"
}

AI Agent Integration

AI agents can parse the x402 object programmatically. Amount is in USDC micro-units (6 decimals). 500000 = $0.50 USDC.

GET /

GET / Free

Returns API information and pricing details. Use this to discover payment configuration programmatically.

Response

{
  "service": "SmartSec",
  "description": "AI Smart Contract Security Scanner",
  "version": "1.0.0",
  "pricing": {
    "basic": "Free (1/day)",
    "pro": "$0.50-$2.00 (based on contract size)"
  },
  "payment": "USDC on Solana",
  "wallet": "<payment-wallet>"
}

GET /health

GET /health Free

Health check endpoint.

{ "status": "ok" }

POST /estimate

POST /estimate Free

Get price estimate before making payment. Analyzes contract complexity and returns pricing for all tiers.

Form Data

Parameter	Type	Description
file required	file	Smart contract source file (max 5MB)
chain	string	Blockchain: ethereum, bsc, polygon, arbitrum (default: ethereum)

Response

{
  "success": true,
  "file": "Token.sol",
  "lines": 350,
  "size": "small",      // small (<500), medium (500-2000), large (2000+)
  "chain": "ethereum",
  "pricing": {
    "basic": { "price": "Free", "limit": "1/day" },
    "pro": { "price": "$0.50" }  // Varies: $0.50/$1.00/$2.00 based on size
  },
  "wallet": "<payment-wallet>"
}

Pro pricing by size: <500 lines = $0.50 | 500-2000 lines = $1.00 | 2000+ lines = $2.00

POST /audit

POST /audit Paid

Run AI-powered security analysis on a smart contract. Returns vulnerability report with risk scoring.

Headers

Header	Description
X-PAYMENT required	Solana TX signature for payment verification

Form Data

Parameter	Type	Description
file required	file	Smart contract source file (max 5MB)
chain	string	Blockchain: ethereum, bsc, polygon, arbitrum
tier	string	Tier: basic (free, 1/day), pro ($0.50-$2.00 by size). Default: basic

Response

{
  "success": true,
  "tier": "pro",
  "contract": "Token",
  "chain": "ethereum",
  "risk_score": 65,
  "issues": 3,
  "vulnerabilities": [
    {
      "severity": "high",
      "type": "reentrancy",
      "description": "Potential reentrancy in withdraw()",
      "line": 142
    },
    {
      "severity": "medium",
      "type": "unchecked-return",
      "description": "Unchecked return value",
      "line": 78
    }
  ],
  "summary": "Contract has 3 potential issues..."
}

Response (Basic tier includes scans remaining)

{
  "success": true,
  "tier": "basic",
  ...
  "scans_left_today": 2
}

GET /fetch-contract/{chain}/{address}

GET /fetch-contract/{chain}/{address} Free

Fetch verified contract source code from block explorers (Etherscan, BSCScan, etc.). Useful for scanning deployed contracts.

Path Parameters

Parameter	Description
chain	Blockchain: ethereum, bsc, polygon, arbitrum
address	Contract address (0x...)

Response

{
  "success": true,
  "source": "pragma solidity ^0.8.0;\n\ncontract Token {...}",
  "name": "Token",
  "address": "0x...",
  "chain": "ethereum"
}

Error Response

{
  "success": false,
  "error": "Contract not verified or source not available"
}

GET /rpc/blockhash

GET /rpc/blockhash Free

Get latest Solana blockhash (for building transactions).

{ "blockhash": "EkSnNWid2cvw..." }

GET /rpc/balance/{wallet}

GET /rpc/balance/{wallet} Free

Check USDC balance for a wallet.

{ "balance": "$1.00", "wallet": "<wallet-address>" }

GET /rpc/account-exists/{account}

GET /rpc/account-exists/{account} Free

Check if an account exists on Solana.

{ "exists": true }

Pricing

Tier	Price	Analysis	Description
basic	FREE	Pattern Scanner	1 scan/day, pattern-based detection
pro	$0.50-$2.00	Claude AI	Size-based: <500 lines=$0.50, 500-2000=$1.00, 2000+=$2.00

Supported Chains

SmartSec supports fetching and analyzing contracts from the following EVM chains:

Chain	Explorer	ID
Ethereum	Etherscan	ethereum
BNB Smart Chain	BSCScan	bsc
Polygon	PolygonScan	polygon
Arbitrum	Arbiscan	arbitrum

Supported Languages

Upload contracts in any of these formats:

.sol - Solidity (Ethereum, BSC, Polygon, Arbitrum)
.rs - Rust/Anchor (Solana)
.vy - Vyper (Ethereum)
.move - Move (Aptos, Sui)
.txt - Plain text (any)

Error Codes

Code	Meaning
400	Bad request - invalid parameters, address format, or file encoding
402	Payment required - include X-PAYMENT header
403	Payment invalid - TX not found or insufficient amount
413	File too large - max 5MB
500	Server error - retry with exponential backoff
502	RPC/Explorer connection failed