Integrate WP HealthKit into your workflow
Trigger audits, retrieve findings, and pull AI fix prompts programmatically. Build security checks into your CI pipeline, internal tooling, or custom dashboards.
What you can do
Trigger audits
Submit a plugin zip or slug and receive a job ID to poll for results.
Poll results
Check audit status and retrieve the full report once processing completes.
Get findings
Fetch structured security findings with severity, file, line, and fix guidance.
Get fix prompts
Retrieve AI-generated fix prompts for any finding, ready to paste into your editor.
Check the directory
Query the public plugin intelligence directory — no auth required for read access.
Who uses the API
Plugin developers
Integrate security auditing into your CI/CD pipeline. Trigger a full 46-layer audit on every push to main, gate releases on security score thresholds, and fail the build automatically if critical findings are present.
WordPress agencies
Bulk-audit an entire client plugin stack programmatically. Pull structured findings into your own reporting dashboard. Schedule weekly re-audits of monitored plugins and push results to Slack or your client portal.
Security researchers
Query the plugin directory API for audit history, vulnerability counts, and PHPCS scores across thousands of plugins. Build custom tooling and dashboards on top of WP HealthKit's data.
Endpoint overview
| Method | Endpoint | What it does |
|---|---|---|
| POST | /v1/audits | Submit a plugin ZIP or wp.org slug for auditing |
| GET | /v1/audits/{id} | Poll status (pending → processing → complete) |
| GET | /v1/audits/{id}/findings | Retrieve findings with severity, file, line |
| GET | /v1/audits/{id}/report | Download the PDF report |
| GET | /v1/audits/{id}/fix-prompt/{finding_id} | Get an AI fix prompt for a finding |
| POST | /v1/audits/{id}/autofix | Trigger autofix — returns patched ZIP URL |
| GET | /v1/directory/{slug} | Get a plugin's audit history and current grade |
| GET | /v1/sites | List monitored sites (Pro plan and above) |
Quick start
Authenticate with a Bearer token generated from Settings → API Keys. Then:
# 1. Submit a plugin
curl -X POST https://api.wphealthkit.com/v1/audits \
-H "Authorization: Bearer YOUR_API_KEY" \
-F "[email protected]"
# → { "id": "aud_01J8X...", "status": "pending" }
# 2. Poll for results
curl https://api.wphealthkit.com/v1/audits/aud_01J8X... \
-H "Authorization: Bearer YOUR_API_KEY"
# 3. Get findings
curl https://api.wphealthkit.com/v1/audits/aud_01J8X.../findings \
-H "Authorization: Bearer YOUR_API_KEY"Rate limits
| Plan | Audits/month | Concurrent | Bulk endpoint |
|---|---|---|---|
| Free | 3 | 1 | No |
| Pro | 30 | 2 | No |
| Agency | 200 | 5 | Yes (10 at once) |
| Enterprise | 500 | 10 | Yes (10 at once) |
Full API documentation
The complete API reference — all endpoints, request parameters, response schemas, error codes, and webhook payloads — is in the developer docs.
Start building with the API
Generate an API key in your dashboard and trigger your first audit in minutes.