API Documentation - Luna. Cybersecurity Platform

Getting Started

The Luna. API provides programmatic access to our cybersecurity platform. Use our REST API to integrate vulnerability scanning, threat detection, and compliance monitoring into your applications.

Base URL

https://api.lunatech.xyz/v1

Content Type

All API requests should include the Content-Type: application/json header.

Required Headers

For organization-scoped endpoints, include:

Authorization: Bearer {JWT_TOKEN} - Authentication token
X-Organization-ID: {ORG_ID} - Organization context

Authentication

The Luna. API uses JWT tokens for authentication. There are two ways to authenticate:

1. Login Authentication

First, obtain a JWT token by logging in:

curl -X POST "https://api.lunatech.xyz/v1/auth/login" \ -H "Content-Type: application/json" \ -d '{ "email": "[email protected]", "password": "your_password" }'

2. API Key Authentication (Optional)

API keys can be generated from your dashboard for programmatic access:

POST/auth/api-keys

Create a new API key for authentication

{
  "name": "Production API Key",
  "permissions": ["scan:read", "scan:write"]
}

Using Authentication

curl -H "Authorization: Bearer YOUR_JWT_TOKEN" \
     -H "X-Organization-ID: YOUR_ORG_ID" \
     -H "Content-Type: application/json" \
     https://api.lunatech.xyz/v1/scans

Multi-Factor Authentication

If MFA is enabled on your account, include the MFA token in your login request or verify MFA separately using the /v1/auth/mfa/verify endpoint.

Organization Management

Organizations provide the context for all API operations. Users can belong to multiple organizations and switch between them.

GET/organizations

List all organizations the authenticated user has access to.

Example Response (200 OK)

{
  "organizations": [
    {
      "id": "org_123",
      "name": "Acme Corporation",
      "type": "standard",
      "role": "admin",
      "created_at": "2025-01-15T10:30:00Z"
    },
    {
      "id": "org_456",
      "name": "MSP Provider Inc",
      "type": "msp",
      "role": "msp_admin",
      "created_at": "2025-01-10T14:22:00Z"
    }
  ]
}

POST/organizations

Create a new organization.

{
  "name": "New Company Ltd",
  "type": "standard"
}

Scan Management

Manage vulnerability scans and view their results. All scan operations are organization-scoped.

POST/scan

Start a new vulnerability scan on specified targets.

Request Body

{
  "targets": ["example.com", "192.168.1.100"],
  "scan_type": "full"
}

Example Response (200 OK)

{
  "status": "Scan started",
  "scan_id": "scan_abc123",
  "targets": ["example.com", "192.168.1.100"],
  "scan_type": "full",
  "started_at": "2025-01-15T10:30:00Z"
}

GET/scans

Retrieve a list of all scans for the current organization.

Example Response (200 OK)

{
  "scans": [
    {
      "id": "scan_abc123",
      "status": "completed",
      "scan_type": "full",
      "targets": ["example.com"],
      "started_at": "2025-01-15T10:30:00Z",
      "completed_at": "2025-01-15T10:45:00Z",
      "vulnerability_count": 12
    }
  ]
}

GET/scans/{scanId}/results

Get detailed results for a specific scan.

Example Response (200 OK)

{
  "scan_id": "scan_abc123",
  "vulnerabilities": [
    {
      "id": "vuln_xyz789",
      "title": "SSL Certificate Expired",
      "severity": "medium",
      "host": "example.com",
      "port": 443,
      "description": "SSL certificate has expired"
    }
  ],
  "count": 1
}

POST/scans/{scanId}/rescan

Re-run a previous scan with the same configuration.

Vulnerability Management

View and manage vulnerabilities discovered during scans.

GET/vulnerabilities

Retrieve all vulnerabilities for the current organization.

Example Response (200 OK)

{
  "vulnerabilities": [
    {
      "id": "vuln_xyz789",
      "title": "SSL Certificate Expired",
      "severity": "medium",
      "host": "example.com",
      "port": 443,
      "template_id": "ssl-cert-expired",
      "discovered_at": "2025-01-15T10:30:00Z",
      "status": "open"
    }
  ]
}

GET/vulnerabilities/stats

Get vulnerability statistics for the organization.

Example Response (200 OK)

{
  "total": 45,
  "critical": 3,
  "high": 8,
  "medium": 20,
  "low": 12,
  "info": 2
}

PATCH/vulnerabilities/{id}/status

Update the status of a vulnerability.

{
  "status": "resolved",
  "notes": "Fixed by updating SSL certificate"
}

Scheduled Scans

Create and manage recurring scans that run automatically on a schedule.

POST/scheduled-scans

Create a new scheduled scan.

{
  "name": "Daily Website Scan",
  "targets": ["example.com"],
  "scan_type": "quick",
  "cron_expression": "0 2 * * *",
  "enabled": true
}

Example Response (201 Created)

{
  "id": "sched_abc123",
  "name": "Daily Website Scan",
  "targets": ["example.com"],
  "scan_type": "quick",
  "cron_expression": "0 2 * * *",
  "enabled": true,
  "created_at": "2025-01-15T10:30:00Z"
}

GET/scheduled-scans

List all scheduled scans for the current organization.

PUT/scheduled-scans/{scanId}

Update an existing scheduled scan.

DELETE/scheduled-scans/{scanId}

Delete a scheduled scan.

Target Management

Manage scan targets (domains, IP addresses, etc.) for your organization.

POST/addtargets

Add new targets to your organization.

{
  "targets": ["example.com", "192.168.1.100", "subdomain.example.com"]
}

GET/listtargets

List all targets for the current organization.

Example Response (200 OK)

{
  "targets": [
    {
      "id": "target_123",
      "target": "example.com",
      "added_at": "2025-01-15T10:30:00Z"
    }
  ]
}

MSP Features

Managed Service Provider (MSP) organizations can manage multiple client organizations.

GET/organizations/{orgId}/clients

List all clients for an MSP organization.

Example Response (200 OK)

{ "clients": [ { "id": "client_abc123", "name": "Client Company Ltd", "contact_email": "[email protected]", "status": "active", "created_at": "2025-01-15T10:30:00Z" } ] }

POST/organizations/{orgId}/clients

Create a new MSP client.

{ "name": "New Client Corp", "contact_email": "[email protected]", "phone": "+1234567890" }

GET/clients/{clientId}/targets

List targets for a specific MSP client.

POST/clients/{clientId}/targets

Add targets for a specific MSP client.

Code Examples

Authentication Flow

# Login to get JWT token curl -X POST "https://api.lunatech.xyz/v1/auth/login" \ -H "Content-Type: application/json" \ -d '{ "email": "[email protected]", "password": "your_password" }' # Response: # { # "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...", # "user": {...}, # "organization": {...} # }

Starting a Scan

# Start a vulnerability scan
curl -X POST "https://api.lunatech.xyz/v1/scan" \
  -H "Authorization: Bearer YOUR_JWT_TOKEN" \
  -H "X-Organization-ID: YOUR_ORG_ID" \
  -H "Content-Type: application/json" \
  -d '{
    "targets": ["example.com", "api.example.com"],
    "scan_type": "full"
  }'

Python Example

import requests

# Configure API client
headers = {
    'Authorization': 'Bearer YOUR_JWT_TOKEN',
    'X-Organization-ID': 'YOUR_ORG_ID',
    'Content-Type': 'application/json'
}

# Get all scans
response = requests.get(
    'https://api.lunatech.xyz/v1/scans',
    headers=headers
)

scans = response.json()
print(f"Found {len(scans['scans'])} scans")

# Get vulnerability statistics
stats_response = requests.get(
    'https://api.lunatech.xyz/v1/vulnerabilities/stats',
    headers=headers
)

stats = stats_response.json()
print(f"Critical vulnerabilities: {stats['critical']}")
print(f"Total vulnerabilities: {stats['total']}")

JavaScript Example

const axios = require('axios');

const client = axios.create({
  baseURL: 'https://api.lunatech.xyz/v1',
  headers: {
    'Authorization': 'Bearer YOUR_JWT_TOKEN',
    'X-Organization-ID': 'YOUR_ORG_ID',
    'Content-Type': 'application/json'
  }
});

// Start a vulnerability scan
async function startScan() {
  try {
    const response = await client.post('/scan', {
      targets: ['example.com'],
      scan_type: 'quick'
    });
    
    console.log('Scan started:', response.data.scan_id);
    
    // Poll for results
    const scanId = response.data.scan_id;
    const results = await client.get(`/scans/${scanId}/results`);
    
    console.log(`Found ${results.data.count} vulnerabilities`);
  } catch (error) {
    console.error('Scan failed:', error.response.data);
  }
}

// Create a scheduled scan
async function createScheduledScan() {
  try {
    const response = await client.post('/scheduled-scans', {
      name: 'Daily Security Check',
      targets: ['example.com'],
      scan_type: 'quick',
      cron_expression: '0 2 * * *',
      enabled: true
    });
    
    console.log('Scheduled scan created:', response.data.id);
  } catch (error) {
    console.error('Failed to create scheduled scan:', error.response.data);
  }
}

Health Check

# Check API health status
curl -X GET "https://api.lunatech.xyz/health"

# Response:
# {
#   "status": "operational",
#   "services": {
#     "database": {"status": "operational", "message": "Connected successfully"},
#     "scanner": {"status": "operational", "message": "Scanner engine available"},
#     "api": {"status": "operational", "message": "API server running"}
#   },
#   "uptime": "Running"
# }