Documentation & API reference

Everything you need to integrate Luxstie into your stack: quickstarts, API endpoints, SDKs, webhooks, and examples.

Quickstart API reference
Quickstart • 5 min

Quickstart

Scan a domain and get instant recommendations. This example shows the simplest way to run a domain scan via our HTTP API.

POST https://api.luxstie.com/v1/scan
Content-Type: application/json
Authorization: Bearer <API_KEY>

{
  "domain": "example.com",
  "checks": ["spf","dkim","dmarc","content"]
}

Response (200):

{
  "scan_id": "scan_01ABCDEFG",
  "domain": "example.com",
  "status": "queued"
}

Poll the scan result with GET /v1/scans/:scan_id or register a webhook to receive results automatically.

Auth • API keys

Authentication

All API requests require a bearer API key in the Authorization header. Keep your keys secret.

Authorization: Bearer <API_KEY>

Rotate keys periodically and use separate keys per integration for easier revocation.

API • REST

API reference

Create a scan — POST /v1/scan

Starts an asynchronous domain scan. Returns a scan_id you can poll.

POST /v1/scan
Body: {"domain":"example.com","checks":["spf","dkim"]}
Response: {"scan_id":"scan_01...","status":"queued"}

Get scan results — GET /v1/scans/:id

Retrieve the completed scan with detailed findings, severity, and recommended fixes.

Manage domains — GET/POST/DELETE /v1/domains

List, add, or remove monitored domains for your account.

Reports — GET /v1/reports/:id

Download PDF or JSON reports for a scan or date range.

Webhooks — POST /v1/webhooks

Register a URL to be notified when scans complete. Use HMAC signatures (see below).

SDKs • Examples

SDKs & examples

We provide lightweight SDKs and examples for common stacks. Below is a minimal Node.js example using fetch.

// Node.js (minimal)
const res = await fetch('https://api.luxstie.com/v1/scan', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json', 'Authorization': 'Bearer ' + API_KEY },
  body: JSON.stringify({ domain: 'example.com', checks: ['spf','dkim','dmarc'] })
});
const body = await res.json();
console.log(body);

SDKs available: python, node, and go. Links & installation instructions will be added here.

Webhooks • Security

Webhooks

When you register a webhook we sign payloads with an HMAC-SHA256 header: X-Luxstie-Signature. Verify the signature using your webhook secret.

// Example (verify signature)
const signature = req.headers['x-luxstie-signature'];
const body = rawRequestBody; // raw body
const expected = 'sha256=' + hmacSha256(webhookSecret, body);
if (!timingSafeEqual(signature, expected)) return res.status(401).end();
Rate limits • Quotas

Rate limits

Default limits: 60 requests/min per API key. For higher throughput contact sales to request increased quotas.

Changelog

Changelog

Recent changes:

  • 2025-09-28 — Added DMARC aggregate parsing improvements.
  • 2025-08-10 — Beta SDK for Go released.