ZAST.AI API

The ZAST.AI API is the main integration surface for programmatically creating assessments, uploading artifacts, checking diagnostics, and retrieving results.

Reference

Open interactive reference

Browse every endpoint, schema, and response shape in the full Redoc view.

Open reference

Spec

Download OpenAPI JSON

Use the raw schema for SDK generation, contract checks, or external tooling.

Download spec

Base Paths

/oxpecker/api/v1 covers file upload, diagnostics, domain ownership, browser sessions, task queries, and results lookup.
/oxpecker/api/v2 is used for newer task creation and report export flows.

Common Workflow

Upload the application artifact through POST /oxpecker/api/v1/files/upload.
Run network diagnostics with POST /oxpecker/api/v1/network-diagnostics if the target environment must be reachable from ZAST.AI.
Verify domain ownership with the random-content and verify endpoints before scanning externally reachable services.
Capture authenticated browser state with the browser session endpoints when login is required.
Create the assessment task through POST /oxpecker/api/v2/tasks.
Poll task state and fetch results or reports after completion.

Capability Groups

Artifact ingestion: upload deployable packages and source bundles before task creation.
Environment checks: validate network reachability and deployment assumptions up front.
Ownership verification: prove control of the target domain before active assessment.
Authenticated scanning: collect browser session data for flows behind login.
Task lifecycle: create, inspect, search, and export assessment outputs.

When To Use The Full Reference

Open the interactive reference when you need exact request payloads, enum values, response schemas, or the complete endpoint catalog. Keep this guide as the starting page for workflow-level understanding.

The ZAST.AI API is the main integration surface for programmatically creating assessments, uploading artifacts, checking diagnostics, and retrieving results.

Reference

Open interactive reference

Browse every endpoint, schema, and response shape in the full Redoc view.

Open reference

Spec

Download OpenAPI JSON

Use the raw schema for SDK generation, contract checks, or external tooling.

Download spec

Base Paths

/oxpecker/api/v1 covers file upload, diagnostics, domain ownership, browser sessions, task queries, and results lookup.
/oxpecker/api/v2 is used for newer task creation and report export flows.

Common Workflow

Upload the application artifact through POST /oxpecker/api/v1/files/upload.
Run network diagnostics with POST /oxpecker/api/v1/network-diagnostics if the target environment must be reachable from ZAST.AI.
Verify domain ownership with the random-content and verify endpoints before scanning externally reachable services.
Capture authenticated browser state with the browser session endpoints when login is required.
Create the assessment task through POST /oxpecker/api/v2/tasks.
Poll task state and fetch results or reports after completion.

Capability Groups

Artifact ingestion: upload deployable packages and source bundles before task creation.
Environment checks: validate network reachability and deployment assumptions up front.
Ownership verification: prove control of the target domain before active assessment.
Authenticated scanning: collect browser session data for flows behind login.
Task lifecycle: create, inspect, search, and export assessment outputs.

Guides, onboarding, and API references in the main web experience.

Open interactive reference

Download OpenAPI JSON

Base Paths

Common Workflow

Capability Groups

When To Use The Full Reference

Guides, onboarding, and API references in the main web experience.

ZAST.AI API

Open interactive reference

Download OpenAPI JSON

Base Paths

Common Workflow

Capability Groups

When To Use The Full Reference