FOUNDING MEMBERS — ALPHA ACCESS
>_ Pricing

Secure Your API security with Simple, Transparent Pricing

Detect API authorization vulnerabilities and OWASP API risks with transparent, developer-friendly pricing. Works with .NET, Python, Node, Go, Java, and PHP APIs

Free

Perfect for individual developers exploring API security. Open-source CLI. 100% local analysis. Your code never leaves your machine.

$0 /year
  • 8 security rules (AP001–AP008)
  • Multi-language & framework support
  • Static source analysis (no build needed)
  • JSON / Markdown / Terminal output
  • CI/CD integration & --fail-on exit codes
  • Privacy-first (100% local, no cloud)
  • MIT licensed, open source
GET IT ON GitHub

Open Source Alpha

Most Popular

Pro

Best for growing teams building secure APIs. Advanced OWASP security scanning with secrets detection, diff mode, and history tracking.

$9 /month
  • Everything in Community
  • OWASP Top 10 rules (AP101–AP108)
  • 30+ secrets detection patterns (AP201)
  • Deep source code & file-level scanning
  • Diff mode — track regressions over time
  • Historical scan tracking (SQLite)
  • Automated risk scoring
JOIN WAITINGLIST

Coming Soon

Enterprise

Designed for organizations with advanced API security and compliance needs. Scale Pro security scanning across your entire engineering team.

$22 /month
  • Everything in Pro
  • Unlimited seats (site license)
  • Custom rule development
  • Priority support
  • On-prem / air-gapped deployment
  • Dedicated security engineer
JOIN WAITINGLIST

Custom SLA Support

>_ FAQ

Frequently Asked Questions

ApiPosture performs static source-code analysis of your API project — no compilation required. It discovers endpoints across your routes and handlers, then applies security rules against route metadata and method body source code. It supports multiple languages and frameworks including .NET, Node.js, Go, Python, and Java.
No. All analysis is performed 100% locally on your machine or CI/CD runner. No code, findings, or project data is ever sent to external servers. There is no telemetry or usage tracking of any kind.
The free Community CLI covers 8 authorization rules (AP001–AP008). Pro adds OWASP Top 10 deep-scanning rules (AP101–AP108), 30+ secrets detection patterns, deep file-level scanning across your project, diff mode for tracking regressions, historical scan storage, and automated risk scoring.
You will be able to get started in under 2 minutes and have first api security results in seconds. It only takes the following steps. 1. Install ApiPosture CLI 2. Scan your API project 3. Detect authorization vulnerabilities instantly ApiPosture is designed to be straightforward. No bloat, ApiPosture performs static source-code analysis of your API security project
It’s a 'plug-and-play' setup. You'll see results instantly and you'll get real-time detection for misconfigs across all your languages and frameworks without having to sift through false positives.
>_ Get Started

Need a custom plan?

Large enterprise requirements? Special compliance needs? We've got you covered.

Talk to an Engineer View on GitHub

Manage cookie preferences

Choose which optional cookies to allow. You can change this any time.