Overview
The /predict
endpoint allows you to evaluate the vulnerability of functions in your source code. It accepts JSON input containing programming functions grouped by language and returns a vulnerability prediction for each function. The endpoint enforces rate limits for free users.
Endpoint Details
URL: /predict
Method: POST
Authentication
This endpoint requires authentication via session or token. There are two methods to authenticate:
- Session-based Authentication:
If the user is logged in and identified via a session, they are authenticated automatically.
- Token-based Authentication:
Include an
Authorization
header with a valid token in the request. The token must:- Be a valid token.
- Correspond to a user record in the database.
If the token is invalid or missing, an error response is returned.
Request Headers
Header | Description | Required |
---|---|---|
Authorization |
Token used for authentication. | Yes (if no session is active) |
Request Body
The request body must be a JSON object containing programming functions grouped by language.
Example:
{
"py": [
{
"function_name_1": "def example(): pass"
},
{
"function_name_2": "def another_example(x): return x * 2"
}
],
"js": [
{
"func1": "function example() { return 0; }"
}
]
}
Requirements:
- The keys in the JSON represent programming languages.
- Each key's value is a list of objects, where each object contains function names (or any arbitrary identifier) as keys and their respective code as values.
Response
The endpoint returns a JSON object with predictions for each submitted function, organized by programming language.
Success Response:
HTTP Status: 200 OK
Body:
{
"js": {
"func1": {
"label":"Not Vulnerable",
"score":0.8419320583343506
}
},
"py": {
"function_name_1": {
"label":"Not Vulnerable",
"score":0.9850937128067017
},
"function_name_2": {
"label":"Not Vulnerable",
"score":0.9977967739105225
}
}
}
Error Responses
Status Code | Message | Description |
---|---|---|
400 |
{"error":"No model available for '...'. Supported languages are: [...]"} |
No support for the programming language. |
400 |
{"error": "No data provided"} |
The request body is empty or missing. |
402 |
{"error": "No token provided"} |
Authentication token is missing. |
402 |
{"error": "Invalid token"} |
Authentication token is invalid or does not match any user record. |
403 |
{"error": "Function scan limit reached for free users"} |
Free users have exceeded their function scan limit. |
Rate Limits for Free Users
Free-tier users are limited to scanning 100 functions. The function count is calculated based on the sum of all functions across languages in the request. If the limit is exceeded, an error response is returned.
Example Usage
Request:
curl -X POST https://vyprai.net/api/predict \
-H "Content-Type: application/json" \
-H "Authorization: YOUR_TOKEN" \
-d '{
"py": [
{
"example_function": "def example(): pass"
}
]
}'
Response:
{
"py": {
"example_function": {
"label":"Not Vulnerable",
"score":0.9850937128067017
}
}
}
Notes
- Ensure that your token is valid and the user subscription level permits additional scans.
- The vulnerability model predictions depend on the specific implementation of
vulnerability_models
used in the application.