The CloudSploit API is available to our Premium account users, as well as to select users on an "API-only" plan. This plan is typically provided to consulting agencies and security firms. The API features differ in the following ways:
|Premium Plan||API-Only Plan|
|Connect and scan AWS through the CloudSploit dashboard?||Yes||No|
|Scan arbitrary AWS accounts by passing credentials?||No||Yes|
The API exposes the ability to view past results, stored by CloudSploit, as well as run real-time scans and poll for the results. The latter are not stored by CloudSploit and should be consumed, at runtime, by your application.
To use the API, you will need a CloudSploit access key and secret. This is NOT your AWS account access key and secret. Additionally, every request to the API must contain a timestamp and signature. Details on obtaining a key and signing requests are provided in the "Getting Started" section.