Vigilion API

Getting Started


Welcome to the Vigilion API!

The API is organized around REST. All requests must be made over SSL to All request and response bodies, including errors, are encoded in JSON.

We also have some specific language and framework open source code libraries to make integration easier. You can checkout our detailed guides here.


Authentication is done via the API access key which you can find in your project settings, each API request must have the following header X-Api-Key for example:

curl '' \
     -H 'X-Api-Key: V161L-N2R3UGDKpIOYjmMWgXi1vz'

If this header is not present or the API key is not valid then the response will be 401 UNAUTHORIZED.


We send a webhook to the callback_url specifed in your project settings. The status of the scan is returned to your application, so that you do not have to manually poll the service.

The X-Request-Signature header contains a hexdigest of the request body and your secret_access_key that can be used to verify the authenticity of the webhook request.

File Scan Status codes

There are a number of possible status codes that a file might have:

  • pending - The file is queued for scanning (default).
  • scanning - The scan is being scanned.
  • clean - The scan succeeded and the file is clean.
  • infected - The scan succeeded and the file was infected.
  • error - Unable to scan the file (password protected, error downloading file, or other error).

HTTP Status codes

Our API returns standard HTTP success or error status codes. For errors, we will also include extra information about what went wrong encoded in the response as JSON. The various HTTP status codes we might return are listed below.

Screen Shot 2016 05 19 At 18.23.28