The API returns different error codes using the HTTP status and will also include some high-level information in the JSON response, including the status code, a message, and sometimes a more elaborate description.
{
"code": "validationerror",
"type": "query",
"message": "ValidationError: \"size\" must be greater than or equal to 0",
"errors": [
{
"code": "validationerror",
"title": "Field Validation Error",
"description": "ValidationError: \"size\" must be greater than or equal to 0",
"status": 400
}
]
}For scan submissions, there are various reasons why a scan request won't be accepted and will return an error code. This includes, among others:
- Blacklisted domains and URLs, requested to be blacklisted by their respective owners.
- Spammy submissions of URLs known to be used only for spamming this service.
- Invalid hostnames or invalid protocol schemes (e.g., FTP).
- Missing URL property ... yes, it does happen.
- Contains HTTP basic auth information ... yes, that happens as well.
- Non-resolvable hostnames (A, AAAA, CNAME) which we will not even try to scan.
An error will typically be indicated by the HTTP 400 status code. It might look like this:
{
"message": "DNS Error - Could not resolve domain",
"description": "The domain .google.com could not be resolved to a valid IPv4/IPv6 address. We won't try to load it in the browser.",
"status": 400,
"errors": [
{
"title": "DNS Error - Could not resolve domain",
"detail": "The domain .google.com could not be resolved to a valid IPv4/IPv6 address. We won't try to load it in the browser.",
"status": 400
}
]
}