Integrations
Common questions about API, CI/CD, and third-party integrations. --- Yes. BlockSecOps offers a comprehensive REST API: - Base URL:...
Last updated: January 14, 2026
Integrations FAQ
Common questions about API, CI/CD, and third-party integrations.
API
Is there an API?
Yes. BlockSecOps offers a comprehensive REST API:
- Base URL:
https://api.blocksecops.com/api/v1 - Authentication: Bearer token
- Format: JSON
- Documentation: See API Overview
Which plans include API access?
| Plan | API Access | Rate Limit |
|---|---|---|
| Free | No | - |
| Developer | Yes | 1,000/day |
| Startup | Yes | 10,000/day |
| Professional | Yes | Unlimited |
| Enterprise | Yes | Unlimited |
How do I get an API key?
- Go to Settings → API Keys
- Click Create New Key
- Set name and permissions
- Copy key (shown only once)
Are there SDKs available?
Official SDKs:
- JavaScript/Node:
@blocksecops/sdk - Python:
blocksecops - Go:
github.com/blocksecops/go-sdk
CI/CD
Which CI/CD platforms are supported?
BlockSecOps works with any platform via our API:
| Platform | Integration |
|---|---|
| GitHub Actions | Native + API |
| GitLab CI | API |
| Jenkins | API |
| CircleCI | API |
| Travis CI | API |
| Azure DevOps | API |
| Bitbucket | API |
Is there a CLI?
Yes. Install via pip:
pip install blocksecops-cli
Or run as a Python module:
python -m blocksecops_cli --help
Usage:
# Authenticate
blocksecops auth login
# Scan a contract
blocksecops scan run contract.sol
# Fail on critical/high severity
blocksecops scan run ./contracts --fail-on high
See CLI Overview for full documentation.
How do I fail a build on vulnerabilities?
Use the --fail-on flag in CI:
blocksecops scan --fail-on critical # Fail on Critical
blocksecops scan --fail-on high # Fail on Critical or High
Or via API, check the response:
if [ "$(echo $RESULTS | jq '.summary.critical')" -gt 0 ]; then
exit 1
fi
Can I scan only changed files?
Not directly. For efficiency:
- Use Quick preset for all PRs
- Use Standard preset only when contract files change
- Configure path filters in CI
Webhooks
How do webhooks work?
BlockSecOps sends HTTP POST to your URL when events occur:
- Configure webhook URL
- Select events to receive
- Receive notifications in real-time
What events can I subscribe to?
| Event | Description |
|---|---|
scan.started |
Scan began |
scan.completed |
Scan finished |
scan.failed |
Scan errored |
vulnerability.critical |
Critical finding |
vulnerability.high |
High finding |
How do I verify webhook authenticity?
Check the signature header:
const signature = req.headers['x-blocksecops-signature'];
const expected = 'sha256=' + crypto
.createHmac('sha256', webhookSecret)
.update(payload)
.digest('hex');
if (signature !== expected) {
return res.status(401).send('Invalid signature');
}
What if my webhook endpoint is down?
Webhooks retry with exponential backoff:
- Attempt 1: Immediate
- Attempt 2: 1 minute
- Attempt 3: 5 minutes
- ...up to 7 attempts over 24 hours
Slack
How do I connect Slack?
- Go to Settings → Integrations → Slack
- Click Connect to Slack
- Authorize BlockSecOps
- Select default channel
- Configure notification preferences
What notifications can I receive?
- Scan completion
- Critical/High vulnerabilities
- Team assignments
- Daily/weekly digests
Can I use slash commands?
Yes, once connected:
/blocksecops scan <contract>- Start scan/blocksecops status- Check status/blocksecops summary- Get summary
GitHub
Is there a GitHub App?
Yes. The GitHub integration provides:
- PR comments with scan results
- Status checks for branch protection
- Automatic scanning on push
How do I set up GitHub status checks?
- Install GitHub App
- Configure repository access
- Add workflow with scan step
- Enable required status check in branch protection
Can I see results as PR comments?
Yes. Configure in Settings → Integrations → GitHub:
- Enable PR comments
- Select severity threshold
- Customize comment format
Other Integrations
Does BlockSecOps integrate with Jira?
Not natively, but you can:
- Use webhooks to create Jira tickets
- Export findings as CSV for import
- Use Zapier/Make for automation
What about PagerDuty?
Use webhooks for real-time alerts:
- Set up webhook for
vulnerability.critical - Point to PagerDuty integration URL
- Configure PagerDuty routing
Can I integrate with Grafana/monitoring?
Yes, via API:
- Poll
/api/v1/metricsfor scan data - Create custom dashboards
- Set up alerts on trends
Rate Limits
What are the API rate limits?
| Plan | Per Minute | Per Hour | Per Day |
|---|---|---|---|
| Developer | 60 | 1,000 | 10,000 |
| Startup | 120 | 5,000 | 50,000 |
| Professional | 300 | Unlimited | Unlimited |
| Enterprise | Custom | Custom | Custom |
How do I know if I'm rate limited?
Response code 429 Too Many Requests with headers:
X-RateLimit-Remaining: 0
X-RateLimit-Reset: 1705323600
Retry-After: 45
How do I avoid rate limits?
- Cache results locally
- Use webhooks instead of polling
- Implement exponential backoff
- Batch operations where possible
Authentication
Can the API use OAuth instead of API keys?
API keys are the primary method. For user-level integrations:
- OAuth flow available for GitHub/GitLab apps
- Contact Enterprise sales for custom OAuth needs
Do API keys expire?
By default, no. You can set expiration when creating:
- Custom expiry date
- No expiration (default)
Recommended: Rotate production keys every 90 days.
Troubleshooting
My webhook isn't receiving events
Check:
- URL is HTTPS and publicly accessible
- Events are selected for webhook
- Firewall allows BlockSecOps IPs
- Endpoint responds with 2xx
API returns "Unauthorized"
Check:
- API key is correct and not revoked
- Header format:
Authorization: Bearer YOUR_KEY - Key has required permissions
- Organization context is correct
CI/CD scan times out
Try:
- Using Quick preset for CI
- Increasing timeout setting
- Using webhooks for async completion
- Splitting large projects
Next Steps
- API Overview - Full API docs
- CI/CD Overview - Pipeline setup
- Webhooks - Event notifications