API Documentation
DevSecure Intelligence REST API — base URL: https://api-intel.devsecure.io
Overview
DevSecure Intelligence API provides enriched vulnerability data with proprietary RPS risk scoring. Built for AppSec teams and security consultants who need prioritised CVE decisions without running a full threat intel platform.
Authentication
Public (no key)
- /api/v1/health
- /api/v1/status
- /api/v1/kev
- /api/v1/stats
- /api/v1/trends
- /api/v1/trends/scatter
Rate limited by IP · 20 req/min, 200/day
Authenticated (Bearer token)
Authorization: Bearer YOUR_JWT_TOKEN
Create a free account for authenticated access. KEV+ endpoint is public — no key needed.
Quick Start
bash
# Public KEV+ (no key needed) curl https://api-intel.devsecure.io/api/v1/kev # Authenticated CVE lookup export JWT_TOKEN="<your-jwt-access-token>" curl -H "Authorization: Bearer $JWT_TOKEN" \ https://api-intel.devsecure.io/api/v1/cve/CVE-2021-44228
Common Use Cases
Have a list of CVEs from your scanner? Get a ranked priority review list in seconds.
Open Prioritize Tool →bash
curl -H "Authorization: Bearer $JWT_TOKEN" \ https://api-intel.devsecure.io/api/v1/cve/CVE-2021-44228
Endpoints
Full parameter details, response schemas, and interactive “Try it” are available in the API Reference.
| Method | Path | Auth | Description |
|---|---|---|---|
| GET | /api/v1/health | Public | Service health check |
| GET | /api/v1/status | Public | Data freshness and source status |
| GET | /api/v1/kev | Public | Free KEV+ catalog with RPS scores |
| GET | /api/v1/stats | Public | Corpus statistics and enrichment coverage |
| GET | /api/v1/trends | Public | Aggregated threat landscape data |
| GET | /api/v1/trends/scatter | Public | RPS vs CVSS scatter plot data |
| GET | /api/v1/cve/{id} | Required | Full enriched CVE lookup |
| POST | /api/v1/cve/batch | Required | Bulk CVE lookup (max 1,000) |
| GET | /api/v1/rps/{id} | Required | RPS score only (lightweight) |
| POST | /api/v1/prioritize | Required | Ranked priority order |
| GET | /api/v1/cwe/{id}/cves | Required | Search by CWE with pagination |
| GET | /api/v1/cve/recent | Required | Delta since timestamp |
| GET | /api/v1/patches/{id} | Required | Patch intelligence (enterprise) |
Quick Reference
bash
# Public — no key needed
curl https://api-intel.devsecure.io/api/v1/health
curl https://api-intel.devsecure.io/api/v1/status
curl https://api-intel.devsecure.io/api/v1/kev
curl https://api-intel.devsecure.io/api/v1/stats
curl https://api-intel.devsecure.io/api/v1/trends
curl https://api-intel.devsecure.io/api/v1/trends/scatter
# Authenticated
curl -H "Authorization: Bearer $JWT_TOKEN" \
https://api-intel.devsecure.io/api/v1/cve/CVE-2021-44228
curl -X POST -H "Authorization: Bearer $JWT_TOKEN" \
-H "Content-Type: application/json" \
-d '{"cve_ids":["CVE-2021-44228","CVE-2020-1472"]}' \
https://api-intel.devsecure.io/api/v1/cve/batch
curl -X POST -H "Authorization: Bearer $JWT_TOKEN" \
-H "Content-Type: application/json" \
-d '{"cve_ids":["CVE-2021-44228","CVE-2020-1472"]}' \
https://api-intel.devsecure.io/api/v1/prioritize
# Full endpoint details → /docs/#try-it-liveResponse Schema
Full enriched CVE response from GET /api/v1/cve/{cve_id}:
json
{
"cve_id": "CVE-2021-44228",
"rps_score": 104.98,
"rps": {
"score": 104.98,
"band": "critical_priority",
"version": "2.6.8",
"formula": "additive_base_kev_amplifier",
"scored_at": "2026-05-20T04:00:00Z"
},
"signals": {
"cvss": {"score": 10.0, "version": "3.1", "weight": 0.4, "contribution": 0.4, "source": "NVD"},
"epss": {"score": 0.944, "percentile": 0.999, "weight": 0.3, "contribution": 0.283, "source": "FIRST"},
"kev": {"in_catalog": true, "date_added": "2021-12-10", "amplifier": 1.5, "source": "CISA KEV"},
"exploit": {"public_exploit_available": true, "sources": ["ExploitDB"]},
"patch": {"verified_patch_available": true, "patch_count": 12, "source": "MoreFixes"}
},
"explanation": {
"summary": "Critical priority: CISA KEV confirmed exploitation, EPSS 99th percentile...",
"top_drivers": [
"CISA KEV confirmed exploitation",
"EPSS 99th percentile — highest exploitation likelihood",
"CVSS 10.0",
"Verified patch available"
],
"guidance": "Highest external threat. Active exploitation confirmed."
},
"sla_guidance": "Apply your organisation's SLA for critical-priority vulnerabilities.",
"recommended_next_step": "review_against_internal_sla",
"data_quality": {
"completeness": 1.0,
"missing_fields": [],
"last_source_refresh": {
"nvd": "2026-05-20T03:10:00Z",
"epss": "2026-05-20T02:00:00Z"
}
},
"severity": "CRITICAL",
"data_sources": ["NVD", "EPSS", "CISA_KEV", "GHSA", "OSV", "MoreFixes"]
}Field Definitions
| Field | Definition |
|---|---|
| rps.score | RPS is not capped at 100. Under v2.6.8, the current formula can reach approximately 105 when high CVSS, high EPSS, and KEV confirmation align. |
| rps.version | Formula version used to compute this score |
| rps.band | Priority band: critical_priority, high_priority, medium_priority, low_priority, informational, unknown (for non-existent CVEs) |
| signals.cvss | CVSS input: score, version, weight (0.4), contribution, source (NVD) |
| signals.epss | EPSS input: score, percentile, weight (0.3), contribution, source (FIRST) |
| signals.kev | KEV input: in_catalog, date_added, amplifier (1.5/1.0), source (CISA KEV) |
| signals.exploit | Exploit input: public_exploit_available (bool), sources (array) |
| signals.exploit.sources | Enum: ExploitDB, GitHub, Metasploit, PacketStorm, Nuclei, Other |
| signals.patch | Patch input: verified_patch_available, patch_count, source (MoreFixes) |
| explanation.summary | Generated one-sentence summary of the score |
| explanation.top_drivers | 1-4 strings explaining the primary risk factors |
| explanation.guidance | Band-based guidance text (external threat assessment) |
| sla_guidance | Template-locked: 'Apply your organisation's SLA for {band} vulnerabilities.' |
| recommended_next_step | Enum: review_against_internal_sla | verify_applicability | monitor | no_action_recommended |
| data_quality.completeness | Enum: complete | partial | sparse (not a float) |
| data_quality.missing_fields | Enum: cvss, epss, kev, cwe, exploit, patch |
| data_quality.last_source_refresh | Object with per-source last refresh timestamps |
| severity | Derived severity: CRITICAL, HIGH, MEDIUM, LOW |
Endpoint Permissions
| Endpoint | Public | Free | Developer | Team | Enterprise |
|---|---|---|---|---|---|
| /api/v1/kev | 100/d | 100/d | 10K/d | 100K/d | Custom |
| /api/v1/cve/{id} | — | 100/d | 10K/d | 100K/d | Custom |
| /api/v1/cve/batch | — | — | 10K/d | 100K/d | Custom |
| /api/v1/rps/{id} | — | 100/d | 10K/d | 100K/d | Custom |
| /api/v1/cve/recent | — | — | — | 100K/d | Custom |
| /api/v1/trends | Public | Public | Public | Public | Public |
| /api/v1/trends/scatter | Public | Public | Public | Public | Public |
| /api/v1/stats | Public | Public | Public | Public | Public |
| /api/v1/patches/{id} | — | — | — | — | Custom |
Error Responses
All errors return JSON with this structure:
json
{
"error": {
"code": "unauthorized",
"message": "Missing or invalid API key",
"status": 401,
"request_id": "abc123def456",
"docs_url": "https://intel.devsecure.io/docs/#error-responses"
}
}| Code | Meaning | Response |
|---|---|---|
| 200 | Success | Requested data |
| 400 | Bad Request | {"error": {"code": "bad_request", ...}} |
| 401 | Unauthorized | {"error": {"code": "unauthorized", ...}} |
| 403 | Forbidden | {"error": {"code": "forbidden", ...}} |
| 404 | Not Found | {"error": {"code": "not_found", ...}} |
| 429 | Rate Limited | {"error": {"code": "rate_limited", ...}} |
| 500 | Internal Error | {"error": {"code": "internal_error", ...}} |
Rate Limits
| Tier | Rate Limit | Auth Required |
|---|---|---|
| Public KEV+ | 20 req/min · 200/day per IP | No |
| Free Account | 100 req/day | Yes |
| Developer | 10,000 req/day | Yes |
| Team | 100,000 req/day | Yes |
| Enterprise | Custom | Yes |
Responses include X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset headers. 429 responses include Retry-After.
Batch & Pagination
Batch partial failure: The batch endpoint returns HTTP 200 even when some CVEs are not found. Individual not-found CVEs appear in not_found_cves.
CWE pagination: Use limit (default 50, max 1,000) and offset (default 0). Response includes total and has_more.
OpenAPI Spec
Download the complete OpenAPI 3.0 specification. Import into Postman, Swagger, or any OpenAPI-compatible tool.
Download openapi.yamlInteractive API Reference
Test endpoints live with your API key. All requests run against the production API.
API Reference & Tools
Open Interactive API Reference
Full-screen API explorer with “Try it”
Download OpenAPI Spec
openapi.yaml — import into any tool
Download Postman Collection
Ready-to-use collection with all endpoints
Open Prioritize Tool
Ranked priority review list from your CVE list
Quick inline test (no key needed)
bash
curl https://api-intel.devsecure.io/api/v1/kev | head -20
Import into your tools:Postman → File → Import → Link → paste the YAML URL. Swagger UI → paste the YAML URL into the explore bar. Insomnia → paste the YAML URL into import.