Getting Started
middleBrick scans your APIs for security vulnerabilities and gives you an actionable score in seconds. No agents, no credentials, no code changes. Just a URL.
Quick Start — Dashboard
Section titled “Quick Start — Dashboard”The fastest way to run your first scan:
- Sign up at app.middlebrick.com. Free, no credit card required.
- Paste a URL. Enter any public API endpoint (e.g.,
https://api.example.com/v1/users). - Review your report. Results arrive in under a minute.
That’s it. You’ll get a 0–100 score, a letter grade, findings grouped by severity, and remediation guidance for every issue.
Quick Start — CLI
Section titled “Quick Start — CLI”Prefer the terminal? Install the CLI and scan in one command:
npm install -g middlebrickmb loginmb scan https://api.example.com/v1/usersSee the CLI Reference for all commands and options.
Quick Start — API
Section titled “Quick Start — API”Integrate scans into any system with a single HTTP request:
curl -X POST https://api.middlebrick.com/v1/scan \ -H "Authorization: Bearer mb_your_api_key_here" \ -H "Content-Type: application/json" \ -d '{"url": "https://api.example.com/v1/users"}'See the API Reference for the complete endpoint documentation.
What You Get
Section titled “What You Get”Every scan produces:
- Overall score (0–100) and letter grade (A–F)
- Per-category scores across 12 security checks
- Prioritized findings sorted by severity (critical → info)
- Remediation guidance for every finding, explaining what to fix and why
- AI-powered analysis with false positive filtering
Improve Your Score
Section titled “Improve Your Score”- Address critical and high severity findings first, as they carry the most risk and score impact
- Provide your OpenAPI spec for deeper analysis (detects mismatches between docs and runtime)
- Set the context parameter (
financial,medical,public,internal) so checks are prioritized for your API type - Rescan after every fix to verify and track improvement over time
See Understanding Your Score for a deeper guide on interpreting your results.
Optional: OpenAPI Spec
Section titled “Optional: OpenAPI Spec”If your API has an OpenAPI or Swagger spec, provide the URL when scanning. middleBrick will cross-reference the spec with runtime findings for deeper analysis, detecting issues like:
- Security schemes defined in the spec but not enforced at runtime
- Mass assignment risks from writable sensitive fields
- Deprecated endpoints still responding
- Missing security requirements on individual operations
Supported formats: OpenAPI 3.0, OpenAPI 3.1, and Swagger 2.0.
Free Tier
Section titled “Free Tier”The free plan includes:
- 3 scans per month, enough to evaluate middleBrick on your APIs
- Full 12-category analysis, same engine as paid plans, no checks disabled
- Dashboard access to view results and track history
- API access to automate scans programmatically
Need more scans, CI/CD integration, or continuous monitoring? See our pricing plans.
Next Steps
Section titled “Next Steps”| Goal | Page |
|---|---|
| Understand the scan pipeline | How It Works |
| Learn what each check covers | The 12 Security Checks |
| Interpret your score | Understanding Your Score |
| Automate scanning | Integrations Overview |
| AI/LLM endpoint security | LLM / AI Security |