GitScope
GITSCOPE.
Developer API

API Reference

Integrate GitHub analytics into your workflows with the GitScope REST API.

Authentication

GitScope supports two authentication methods:

Session cookies— all dashboard endpoints (automatic with browser)
API key/api/v1/ endpoints (Developer plan+)
Authorization: Bearer sk_gs_your_key_here
— or —
X-API-Key: sk_gs_your_key_here

Public Endpoints

These endpoints are available to all users, including guests (limited by rate limits):

GET/api/github/proxy?path={github_api_path}

Proxy requests to GitHub API with optional user token. Rate limited.

GET /api/github/proxy?path=repos/facebook/react
GET/api/github/rate-limit

Check current GitHub API rate limit status

GET/api/github/trending

Get trending repositories by language and time window

GET/api/github/search

Search GitHub repositories and users

GET/api/csrf

Get a fresh CSRF token for state-changing requests

Authenticated Endpoints

These endpoints require a valid session (GitHub OAuth or email/password):

GET/api/user/settings

Get user profile, connected providers, AI tier, and recent jobs

GET/api/user/history

Get user's repository search history

POST/api/user/history

Add a repository to search history

GET/api/user/notifications

Get user's in-app notifications

PATCH/api/user/account

Update password or GitHub PAT

GET/api/user/ai-capabilities

Get AI features available for user's tier

AI Endpoints

These endpoints require authentication. AI endpoints are gated by plan tier.

POST/api/ai/repo-scan

Full AI-powered repo health scan — returns 0–100 health score, findings, and recommendations

POST/api/ai/osv-scan

Scan a repository against the Google OSV CVE database — returns vulnerabilities with severity and CVSS scores

POST/api/ai/generate-pr-description

Generate an AI pull request description from diff context with configurable tone

POST/api/ai/generate-readme

AI-generated README from repository structure and source files

POST/api/ai/generate-changelog

Generate a changelog from recent commits (keepachangelog | conventional | narrative format)

GitHub Data Endpoints

Server-side GitHub proxies. All requests use your stored OAuth token automatically — works for private repos.

GET/api/github/contributors?repo={owner/repo}

Contributor stats for a repository — commit count, additions, deletions per contributor. Returns 202 if GitHub is still computing stats (retry after 3–5 s).

GET/api/github/ci-runs?repo={owner/repo}

Most recent 50 GitHub Actions workflow runs for a repository, grouped by workflow name.

GET/api/github/coverage?repo={owner/repo}

Test coverage percentage from Codecov API, detected test frameworks, and config files found in the repository.

GET/api/github/coverage/pr?repo={owner/repo}&pr={number}

PR-level coverage diff — base vs head coverage, delta, status (improved/degraded/unchanged), and per-file breakdown with test file detection. Pulls from Codecov PR comparison API.

GET/api/github/open-prs?repo={owner/repo}

Open pull requests for a repository — title, author, head/base branch, additions, deletions, labels, and PR URL.

GET/api/ai/team-scans?org={org-name}

Aggregated scan history for all repositories in an organization, across all GitScope users. Returns per-repo latest health score, critical count, and scanner identity.

Public REST API (v1)

Machine-readable endpoints for CI pipelines and third-party integrations. Authenticate with an API key — generate one in Settings → API Keys. Pass the key as Authorization: Bearer sk_gs_... or X-API-Key. Rate limit: 120 req/min per key. Available on Developer plan and above.

GET/api/v1

API discovery — returns available endpoints, scopes, and authentication instructions.

GET/api/v1/repos/{owner}/{repo}/scan

Latest scan result for a repository — healthScore, securityScore, qualityScore, criticalCount, summary, and timestamp. Scope: scans:read.

curl -H "Authorization: Bearer sk_gs_..." https://gitscope.dev/api/v1/repos/vercel/next.js/scan
GET/api/v1/repos/{owner}/{repo}/dora

DORA metrics for a repository — leadTime, deployFreq, cfr, mttr, deploySource (github-deployments | actions-workflows | pr-merges). Scope: dora:read.

curl -H "X-API-Key: sk_gs_..." https://gitscope.dev/api/v1/repos/vercel/next.js/dora

Public Badge API

Embeddable SVG badge — no authentication required:

GET/api/badge?repo={owner/repo}

Returns a live SVG health-score badge for any repo. Embed in any README.

![health](https://git-scope-pi.vercel.app/api/badge?repo=vercel/next.js)

GitHub OAuth Required

These endpoints require GitHub OAuth sign-in specifically:

GET/api/user/code-impact?repo={owner/repo}

Get code impact analysis for a repository

GET/api/user/pr-risk?repo={owner/repo}

Get PR risk analysis and scoring

GET/api/user/dora-metrics?repo={owner/repo}

Get DORA metrics (deployment frequency, lead time, etc.)

GET/api/user/dependency-map?repo={owner/repo}

Get dependency analysis and security advisories

Rate Limits

Guest (no auth)60 req/hr
Authenticated5,000 req/hr
AI Analysis10 req/min
Auth Endpoints5 req/min

Rate limits are per IP for guests, per token for authenticated users.

Security

  • HTTPS required for all requests
  • CSRF tokens for state-changing operations
  • Secure, httpOnly, SameSite=Strict cookies
  • IP-based rate limiting with abuse detection
View Security Policy

Coming Soon

gitscope-js (npm)
gitscope-go (module)
gitscope-python (pip)

Official SDKs are planned for future release. For now, use the REST API directly.