api

API Reference

Complete API documentation for RiskyPlugins platform

RiskyPlugins Team
Version v1
#api#reference#endpoints

API Reference

This document provides comprehensive information about the RiskyPlugins API, including endpoints, parameters, and response formats.

Base URL 

https://api.riskyplugins.com/api/v1

Authentication

API Key Authentication

Include your API key in the header:

Authorization: Bearer YOUR_API_KEY

For hosted MCP clients, use the same header on the remote MCP endpoint documented in Remote MCP Setup.

Rate Limits

  • Free tier: remote MCP enabled with conservative daily and per-minute limits
  • Basic tier: higher daily quota and more API keys
  • Pro tier: larger quota plus premium MCP tools
  • Enterprise tier: custom quota and deployment options

See your exact quota in Profile -> API Guide because limits are plan- and product-specific.

For the plan breakdown and billing model, see Pricing.

Remote MCP

Risky Plugins also exposes a hosted remote MCP endpoint:

GET /api/v1/mcp
POST /api/v1/mcp

Use it with SSE-capable MCP clients. Setup details and examples live in Remote MCP Setup, and authenticated users can copy the live endpoint and client snippets from Profile -> Remote MCP.

Endpoints

Extensions

Get Extension Analysis 

GET /extensions/{extensionId}

Parameters:

  • extensionId (string): Extension identifier
  • marketplace (query string): Marketplace (vscode, chrome, firefox, o365)

Response:

{
	"success": true,
	"data": {
		"id": "extension-id",
		"name": "Extension Name",
		"version": "1.2.3",
		"riskScore": 25,
		"riskLevel": "Low",
		"lastAnalyzed": "2025-01-07T10:00:00Z",
		"securityFindings": [
			{
				"severity": "medium",
				"type": "permission-abuse",
				"description": "Extension requests unnecessary permissions"
			}
		],
		"metadata": {
			"downloads": 10000,
			"rating": 4.5,
			"author": "Extension Author"
		}
	}
}

Search Extensions 

GET /extensions/search?q={query}&marketplace={marketplace}&limit={limit}

Parameters:

  • q (query string): Search term
  • marketplace (query string): Filter by marketplace
  • limit (query string): Maximum results (default: 20)
  • riskLevel (query string): Filter by risk level

Response:

{
  "success": true,
  "data": {
    "extensions": [...],
    "total": 150,
    "page": 1,
    "limit": 20
  }
}

Analysis

Analyze Extension 

POST /analysis/analyze

Request Body:

{
	"extensionId": "extension-id",
	"marketplace": "vscode",
	"version": "1.2.3"
}

Response:

{
  "success": true,
  "data": {
    "analysisId": "analysis-id",
    "status": "completed",
    "results": {
      "riskScore": 35,
      "riskLevel": "Medium",
      "findings": [...],
      "recommendations": [...]
    }
  }
}

Get Analysis Status 

GET /analysis/{analysisId}/status

Response:

{
	"success": true,
	"data": {
		"analysisId": "analysis-id",
		"status": "in-progress",
		"progress": 75,
		"estimatedTime": 30
	}
}

Security Reports

Get Security Report 

GET /security/reports/{extensionId}

Response:

{
  "success": true,
  "data": {
    "extensionId": "extension-id",
    "reportId": "report-id",
    "generatedAt": "2025-01-07T10:00:00Z",
    "summary": {
      "riskScore": 25,
      "criticalFindings": 0,
      "highFindings": 1,
      "mediumFindings": 3,
      "lowFindings": 7
    },
    "detailedFindings": [...],
    "recommendations": [...]
  }
}

Response Codes

Code Description
200 Success
400 Bad Request
401 Unauthorized
403 Forbidden
404 Not Found
429 Rate Limit Exceeded
500 Internal Server Error

Error Responses

All error responses follow this format:

{
	"success": false,
	"error": "Error type",
	"message": "Detailed error message",
	"code": "ERROR_CODE"
}

Webhooks

Configure Webhook 

POST /webhooks/configure

Request Body:

{
	"url": "https://your-domain.com/webhook",
	"events": ["extension.analyzed", "security.alert"],
	"secret": "webhook-secret"
}

Webhook Payload 

{
	"event": "extension.analyzed",
	"timestamp": "2025-01-07T10:00:00Z",
	"data": {
		"extensionId": "extension-id",
		"riskScore": 25,
		"riskLevel": "Low"
	}
}

SDKs

JavaScript/TypeScript 

npm install riskyplugins-sdk

import { RiskyPlugins } from 'riskyplugins-sdk';

const client = new RiskyPlugins('your-api-key');

const analysis = await client.analyzeExtension({
	extensionId: 'extension-id',
	marketplace: 'vscode'
});

Python 

pip install riskyplugins-python

from riskyplugins import RiskyPlugins

client = RiskyPlugins(api_key='your-api-key')

analysis = client.analyze_extension(
    extension_id='extension-id',
    marketplace='vscode'
)

Support

For API support:

Back to Documentation