API reference
Get a report
The full structured report for a completed scan. On the free tier the response is a summary plus top findings; paid plans return the complete finding list and remediation detail.
GET
/v1/scans/{id}/reportResponse
| Field | Type | Description |
|---|---|---|
| disclaimer | string | Structured disclaimer — part of the data contract. Keep it with any rendered report. |
| overall_score | number | 0–100. |
| grade | string | A–F. |
| categories | object | Per-category 0–100 scores keyed by category. |
| findings | Finding[] | Each with category, code, severity, title, description, evidence, remediation, and page_type. |
json
{
"disclaimer": "This automated scan identifies publicly observable risk indicators ... It is not a HIPAA compliance audit or legal determination ...",
"overall_score": 72,
"grade": "C",
"categories": {
"tracking": 61, "privacy_policy": 80, "forms": 75,
"transport": 90, "headers": 70, "infrastructure": 100
},
"findings": [
{
"code": "tracking.pixel_on_intake",
"category": "tracking",
"severity": "high",
"page_type": "appointment",
"title": "Third-party tracking pixel on a patient-facing page",
"description": "A Meta Pixel was detected on /book.",
"evidence": { "url": "https://www.example-clinic.com/book", "vendor": "Meta Pixel" },
"remediation": "Remove the pixel from patient-facing pages or gate it behind consent..."
}
]
}Examples
curl -s https://api.sifthealth.app/v1/scans/scan_8fk2/report \
-H "Authorization: Bearer $SIFT_API_KEY"Always carry the disclaimer
If you store, render, or forward a report, include the
disclaimer field with it. Presenting Sift Health results as a compliance verdict is outside the responsible-use policy.