VYPR AI

/predict Endpoint Documentation

Learn how to use the /predict endpoint to evaluate code vulnerabilities.

Overview

The /predict endpoint allows you to evaluate the vulnerability of functions in your source code. It accepts JSON input containing programming functions grouped by language and returns a vulnerability prediction for each function. The endpoint enforces rate limits for free users.

Endpoint Details

URL: /predict

Method: POST

Authentication

This endpoint requires authentication via session or token. There are two methods to authenticate:

  1. Session-based Authentication:

    If the user is logged in and identified via a session, they are authenticated automatically.

  2. Token-based Authentication:

    Include an Authorization header with a valid token in the request. The token must:

    • Be a valid token.
    • Correspond to a user record in the database.

    If the token is invalid or missing, an error response is returned.

Request Headers

Header Description Required
Authorization Token used for authentication. Yes (if no session is active)

Request Body

The request body must be a JSON object containing programming functions grouped by language.

Example:

{
    "py": [
        {
            "function_name_1": "def example(): pass"
        },
        {
            "function_name_2": "def another_example(x): return x * 2"
        }
    ],
    "js": [
        {
            "func1": "function example() { return 0; }"
        }
    ]
}

Requirements:

Response

The endpoint returns a JSON object with predictions for each submitted function, organized by programming language.

Success Response:

HTTP Status: 200 OK

Body:

{
    "js": {
        "func1": {
            "label":"Not Vulnerable",
            "score":0.8419320583343506
        }
    },
    "py": {
        "function_name_1": {
            "label":"Not Vulnerable",
            "score":0.9850937128067017
        },
        "function_name_2": {
            "label":"Not Vulnerable",
            "score":0.9977967739105225
        }
    }
}

Error Responses

Status Code Message Description
400 {"error":"No model available for '...'. Supported languages are: [...]"} No support for the programming language.
400 {"error": "No data provided"} The request body is empty or missing.
402 {"error": "No token provided"} Authentication token is missing.
402 {"error": "Invalid token"} Authentication token is invalid or does not match any user record.
403 {"error": "Function scan limit reached for free users"} Free users have exceeded their function scan limit.

Rate Limits for Free Users

Free-tier users are limited to scanning 100 functions. The function count is calculated based on the sum of all functions across languages in the request. If the limit is exceeded, an error response is returned.

Example Usage

Request:

curl -X POST https://vyprai.net/api/predict \
-H "Content-Type: application/json" \
-H "Authorization: YOUR_TOKEN" \
-d '{
"py": [
{
"example_function": "def example(): pass"
}
]
}'

Response:

{
    "py": {
        "example_function": {
            "label":"Not Vulnerable",
            "score":0.9850937128067017
        }
    }
}

Notes