Programmatically analyze network configurations for security issues, compliance gaps, and misconfigurations.
The Omniper API allows you to integrate network configuration security scanning into your CI/CD pipelines, automation scripts, or third-party tools.
API key authentication with rate limiting
Server-sent events for live progress updates
Additional endpoints coming soon
Integrate the Omniper API into your application in three steps.
Sign in to your Omniper account, go to Dashboard → Settings → API Keys, and generate a new key. Keys always start with omni_.
Send a POST request to /api/analyze with the configuration content and your API key in the Authorization header. The projectId field is optional — use it to associate the analysis with a project.
curl -X POST https://omniper.com/api/analyze \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"filename": "router-config.cfg",
"content": "! Cisco IOS configuration\nhostname R1\n...",
"projectId": "optional-project-id"
}'The API returns a stream of JSON events (Server-Sent Events). Parse each line starting with data: . The final event has "type": "result" and contains the full security report.
async function analyzeConfig(apiKey, filename, content, projectId = null) {
const response = await fetch("https://omniper.com/api/analyze", {
method: "POST",
headers: {
"Authorization": `Bearer ${apiKey}`,
"Content-Type": "application/json",
},
body: JSON.stringify({ filename, content, projectId }),
});
if (!response.ok) {
const error = await response.json();
throw new Error(error.error || "Request failed");
}
const reader = response.body.getReader();
const decoder = new TextDecoder();
while (true) {
const { done, value } = await reader.read();
if (done) break;
const chunk = decoder.decode(value);
const lines = chunk.split("\n");
for (const line of lines) {
if (line.startsWith("data: ")) {
const data = JSON.parse(line.slice(6));
if (data.type === "result") {
console.log("Final report:", data.result);
return data.result;
} else {
console.log("Progress:", data.message);
}
}
}
}
}Every request counts toward your plan's usage limit. For bulk scanning, store the API key as a secret in your environment rather than hardcoding it.
All API requests require a valid API key sent in the Authorization header.
omni_.Include this header in every request. The key must start with omni_.
Currently available API endpoints.
https://omniper.com/api/analyze{
"filename": "string (required)",
"content": "string (required) – the raw configuration text",
"projectId": "string (optional) – associate with a project"
}The endpoint streams JSON events. Each event starts with data: . The final event has "type": "result".
data: {"stage":"parsing","message":"Reading configuration file…"}
data: {"stage":"analysis","message":"Checks complete: 12 findings."}
data: {"type":"result","result":{"score":{"overall":72},"result":{"security":{"critical":[],"high":[...]}}}}curl -X POST https://omniper.com/api/analyze \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"filename": "router-config.cfg",
"content": "! Cisco IOS configuration\nhostname R1\n...",
"projectId": "optional-project-id"
}'To ensure fair usage, each API key is limited to 10 requests per 60 seconds.
All errors return a JSON object with an error field describing what went wrong.
{
"error": "Unauthorized"
}Missing or invalid API key.
{"error":"Rate limit exceeded. Try again later."}You have exceeded 10 requests per minute. Wait for the reset window indicated by the X-RateLimit-Reset header before retrying.
Missing required fields: filename and content.
Resources to help you get the most out of the Omniper API.