Start a hosted scan
POST
/api/v1/app/{appId}/perch/start Start a Scan
Provisions the resources needed to run a hosted security scan and starts the scan asynchronously.
Prerequisites
- The application must be a Hosted application type
- The target domain must be verified for hosted scanning
- No scan should already be running for this application
Request Body
| Parameter | Default | Description |
|---|---|---|
| id | "" | |
| name | "" | |
| command | {} |
Response
| Parameter | Default | Description |
|---|---|---|
| scanKey | "" |
{
"scanKey": ""
}
Errors
- 409 Conflict: A scan is already running for this application
- 400 Bad Request: The application is not verified for cloud scanning or is not a cloud application
- 404 Not Found: Application not found or user doesn't have access
👥 Teams Supported If the application belongs to a StackHawk Team, only members of the Team can call this endpoint. 🧾 Audited This is recorded as
SCAN_STARTEDUser Activity.
Requires
write:scanpermission.
Path parameters
appIdstring · uuidrequiredUUID identifier for this StackHawk Application.
Query parameters
envIdstring · uuidOptional UUID identifier of the environment to scan. Defaults to the app's default environment.
Body
command
perch.PerchCommandid
stringname
stringResponse
OK
scanKey
stringscanKey
stringBad Request
Unauthorized