Skip to main content
POST
/
api
/
v2
/
ai
/
review
Vulnerability Review
curl --request POST \
  --url https://aquilax.ai/api/v2/ai/review \
  --header 'Content-Type: application/json' \
  --header 'X-AX-KEY: <api-key>' \
  --data '
{
  "code": "try {\n  const user = db.getUserById(req.query.id);\n  res.send(user);\n} catch (err) {\n  res.status(500).send(\"Error\");\n}\n",
  "cwe_id": "CWE-79",
  "cwe_name": "Cross-Site Scripting",
  "line": "105",
  "file": "userController.js"
}
'
import requests

url = "https://aquilax.ai/api/v2/ai/review"

payload = {
"code": "try {
const user = db.getUserById(req.query.id);
res.send(user);
} catch (err) {
res.status(500).send(\"Error\");
}
",
"cwe_id": "CWE-79",
"cwe_name": "Cross-Site Scripting",
"line": "105",
"file": "userController.js"
}
headers = {
"X-AX-KEY": "<api-key>",
"Content-Type": "application/json"
}

response = requests.post(url, json=payload, headers=headers)

print(response.text)
const options = {
method: 'POST',
headers: {'X-AX-KEY': '<api-key>', 'Content-Type': 'application/json'},
body: JSON.stringify({
code: 'try {\n const user = db.getUserById(req.query.id);\n res.send(user);\n} catch (err) {\n res.status(500).send("Error");\n}\n',
cwe_id: 'CWE-79',
cwe_name: 'Cross-Site Scripting',
line: '105',
file: 'userController.js'
})
};

fetch('https://aquilax.ai/api/v2/ai/review', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));
<?php

$curl = curl_init();

curl_setopt_array($curl, [
CURLOPT_URL => "https://aquilax.ai/api/v2/ai/review",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => json_encode([
'code' => 'try {
const user = db.getUserById(req.query.id);
res.send(user);
} catch (err) {
res.status(500).send("Error");
}
',
'cwe_id' => 'CWE-79',
'cwe_name' => 'Cross-Site Scripting',
'line' => '105',
'file' => 'userController.js'
]),
CURLOPT_HTTPHEADER => [
"Content-Type: application/json",
"X-AX-KEY: <api-key>"
],
]);

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}
package main

import (
"fmt"
"strings"
"net/http"
"io"
)

func main() {

url := "https://aquilax.ai/api/v2/ai/review"

payload := strings.NewReader("{\n \"code\": \"try {\\n const user = db.getUserById(req.query.id);\\n res.send(user);\\n} catch (err) {\\n res.status(500).send(\\\"Error\\\");\\n}\\n\",\n \"cwe_id\": \"CWE-79\",\n \"cwe_name\": \"Cross-Site Scripting\",\n \"line\": \"105\",\n \"file\": \"userController.js\"\n}")

req, _ := http.NewRequest("POST", url, payload)

req.Header.Add("X-AX-KEY", "<api-key>")
req.Header.Add("Content-Type", "application/json")

res, _ := http.DefaultClient.Do(req)

defer res.Body.Close()
body, _ := io.ReadAll(res.Body)

fmt.Println(string(body))

}
HttpResponse<String> response = Unirest.post("https://aquilax.ai/api/v2/ai/review")
.header("X-AX-KEY", "<api-key>")
.header("Content-Type", "application/json")
.body("{\n \"code\": \"try {\\n const user = db.getUserById(req.query.id);\\n res.send(user);\\n} catch (err) {\\n res.status(500).send(\\\"Error\\\");\\n}\\n\",\n \"cwe_id\": \"CWE-79\",\n \"cwe_name\": \"Cross-Site Scripting\",\n \"line\": \"105\",\n \"file\": \"userController.js\"\n}")
.asString();
require 'uri'
require 'net/http'

url = URI("https://aquilax.ai/api/v2/ai/review")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)
request["X-AX-KEY"] = '<api-key>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"code\": \"try {\\n const user = db.getUserById(req.query.id);\\n res.send(user);\\n} catch (err) {\\n res.status(500).send(\\\"Error\\\");\\n}\\n\",\n \"cwe_id\": \"CWE-79\",\n \"cwe_name\": \"Cross-Site Scripting\",\n \"line\": \"105\",\n \"file\": \"userController.js\"\n}"

response = http.request(request)
puts response.read_body
{
  "class": "TRUE_POSITIVE",
  "confidence": 95.12
}

Authorizations

X-AX-KEY
string
header
required

Query Parameters

org
string
required

Organization ID

Body

application/json
code
string

A code snippet representing the vulnerable logic or affected lines.

Example:

"try {\n const user = db.getUserById(req.query.id);\n res.send(user);\n} catch (err) {\n res.status(500).send(\"Error\");\n}\n"

cwe_id
string

CWE identifier, if applicable.

Example:

"CWE-79"

cwe_name
string

Optional name or title of the CWE.

Example:

"Cross-Site Scripting"

line
string

Line number(s) where the issue appears.

Example:

"105"

file
string

Name or path of the file containing the snippet.

Example:

"userController.js"

Response

Successful classification result from the AI model.

class
enum<string>

The AI-determined classification of the vulnerability.

Available options:
TRUE_POSITIVE,
FALSE_POSITIVE,
UNVERIFIED
confidence
number<float>

Confidence percentage (0–100) of the classification.