The CloudSploit API is available to our Premium account users, as well as to select users on an "API-only" plan. This plan is typically provided to consulting agencies and security firms. The API features differ in the following ways:

Premium Plan API-Only Plan
Connect and scan AWS through the CloudSploit dashboard? Yes No
Scan arbitrary AWS accounts by passing credentials? No Yes

The API exposes the ability to view past results, stored by CloudSploit, as well as run real-time scans and poll for the results. The latter are not stored by CloudSploit and should be consumed, at runtime, by your application.

To use the API, you will need a CloudSploit access key and secret. This is NOT your AWS account access key and secret. Additionally, every request to the API must contain a timestamp and signature. Details on obtaining a key and signing requests are provided in the "Getting Started" section.