OWASP API Security Project

OWASP API Security Project — auto-discovered JSON endpoint

📚 Open DataUNMONITORED
AUTH NONECORS AGENT ?HTTPS COMMERCIAL ?

Guidance and checks for API security practices

HOW IT'S SCORED ⓘ
Status badge · for your READMEshipapis health badge: — · unmonitored
ON PROBE SCHEDULE

We probe a documented GET and expect 2xx JSON — full uptime and health score. Open provider docs ↗

Uptime historystarts after first probe

On our probe schedule. Uptime charts appear after the first check lands.

Example responsefrom provider docs — not verified by us
GET https://owasp.org/feed.json

{
  "version": "https://jsonfeed.org/version/1.1",
  "title": "OWASP",
  "description": "OWASP Foundation main site repository",
  "favicon": "http://owasp.org/assets/images/logos/favicons/apple-touch-icon.png",
  "language": "en",
  "home_page_url": "http://owasp.org/",
  "feed_url": "http://owasp.org/feed.json",
  "user_comment": "This feed allows you to read the blogs from this site in any feed reader that supports the JSON Feed format."
}
Call itcurl · fetch · python
curl "https://owasp.org/feed.json"
const res = await fetch("https://owasp.org/feed.json");
const data = await res.json();
console.log(data);
import requests

res = requests.get("https://owasp.org/feed.json")
print(res.json())
Endpoints · 2On scheduleFULL DOCS ↗
On schedule — GET /feed.json awaits first probe
GET/feed.jsonPROBED

OWASP API Security Project — auto-discovered JSON endpoint

GET/feed.json?limit=5

Paginated variant with limit parameter.

Machine-readable spec

We probe a documented GET and expect 2xx JSON — full uptime and health score. Export includes every documented route below.

Response-shape history

Not tracked yet. Shape-change history starts once this API joins our probe schedule.

OWASP API Security Project: common questions

Is OWASP API Security Project free to use?

Yes — OWASP API Security Project is a free open data API. Free tier: Free — limits not published. Whether the free tier allows commercial use is unclear — check the provider docs.

Does OWASP API Security Project need an API key?

No — OWASP API Security Project needs no API key or signup. You can call it straight away; rate limits still apply (Unpublished).

Can I call OWASP API Security Project from the browser?

Yes — OWASP API Security Project returns CORS headers over HTTPS, so front-end code can fetch it directly with no backend proxy. Use the fetch snippet on this page, or hit "Run live" to try it now.

Is OWASP API Security Project up right now?

OWASP API Security Project is catalogued but not yet on our probe schedule, so we don't publish a live status for it. Check the provider's own status page or docs for its current state.