SIGMA - API Documentation

Getting Started

Base URL

https://sigma.silverday.de/api/v1/

Prerequisites

SIGMA Account: You need an active SIGMA account
API Key: Generate an API key from your user profile
Permissions: Ensure your account has API access enabled

Ready to get started? Login to your account or create a new account to access API keys.

Authentication

All API requests must be authenticated using an API key. Include your API key in the request headers:

Header Authentication

X-API-Key: your_api_key_here

Alternative: Query Parameter

GET /api/v1/sites?api_key=your_api_key_here

Security Notice: Always use HTTPS when making API requests. Never expose your API key in client-side code or public repositories.

API Endpoints

API Information

GET /api/v1/info

Get API version information, available endpoints, and your permissions.

Response:

{
  "success": true,
  "message": "SIGMA API v1.0",
  "data": {
    "api_version": "1.0",
    "endpoints": {
      "GET /api/v1/info": "API information",
      "GET /api/v1/sites": "List user sites",
      "GET /api/v1/sites/{hostname}": "Get specific site details",
      "GET /api/v1/certificates": "List certificates",
      "POST /api/v1/scan": "Request scan for a site"
    },
    "user": "your_username",
    "permissions": {
      "view_sites": true,
      "view_certs": true,
      "json_sites": true,
      "scan_sites": true
    }
  },
  "timestamp": 1693948800
}

Sites

GET /api/v1/sites

List all sites you're monitoring with their current SSL status.

Parameters:

limit (optional): Maximum number of results (default: 100, max: 1000)
grade (optional): Filter by SSL grade (A+, A, A-, B, C, D, E, F)
status (optional): Filter by status (active, suspended)

GET /api/v1/sites/{hostname}

Get detailed information about a specific site including scan history.

Example Response:

{
  "success": true,
  "data": {
    "hostname": "example.com",
    "grade": "A",
    "utgrade": "A",
    "scan_time": 1693948800,
    "certificate": {
      "issuer": "Let's Encrypt Authority X3",
      "valid_from": "2025-01-01 00:00:00",
      "valid_to": "2025-04-01 00:00:00",
      "days_until_expiry": 89
    },
    "recent_scans": [...]
  }
}

Certificates

GET /api/v1/certificates

List SSL certificates for your monitored sites with expiration information.

Parameters:

expiring_days (optional): Show certificates expiring within X days
issuer (optional): Filter by certificate issuer

Example Response:

{
  "success": true,
  "data": [
    {
      "hostname": "example.com",
      "issuer": "Let's Encrypt Authority X3",
      "subject": "example.com",
      "valid_from": "2025-01-01T00:00:00Z",
      "valid_to": "2025-04-01T00:00:00Z",
      "days_until_expiry": 89,
      "status": "valid"
    }
  ]
}

Scans

POST /api/v1/scan

Request a new SSL scan for one of your monitored sites.

Request Body (JSON):

{
  "hostname": "example.com",
  "force": false
}

Response:

{
  "success": true,
  "message": "Scan queued successfully",
  "data": {
    "hostname": "example.com",
    "scan_id": "abc123",
    "queue_position": 3,
    "estimated_completion": 1693949400
  }
}

Code Examples

cURL Examples

Get API Information:

curl -X GET "https://sigma.silverday.de/api/v1/info" \
  -H "X-API-Key: your_api_key_here" \
  -H "Accept: application/json"

List Your Sites:

curl -X GET "https://sigma.silverday.de/api/v1/sites" \
  -H "X-API-Key: your_api_key_here" \
  -H "Accept: application/json"

Request a Scan:

curl -X POST "https://sigma.silverday.de/api/v1/scan" \
  -H "X-API-Key: your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{"hostname": "example.com"}'

PHP Examples

<?php

class SigmaAPI {
    private $baseUrl = 'https://sigma.silverday.de/api/v1/';
    private $apiKey;
    
    public function __construct($apiKey) {
        $this->apiKey = $apiKey;
    }
    
    private function makeRequest($endpoint, $method = 'GET', $data = null) {
        $curl = curl_init();
        
        curl_setopt_array($curl, [
            CURLOPT_URL => $this->baseUrl . $endpoint,
            CURLOPT_RETURNTRANSFER => true,
            CURLOPT_CUSTOMREQUEST => $method,
            CURLOPT_HTTPHEADER => [
                'X-API-Key: ' . $this->apiKey,
                'Content-Type: application/json',
                'Accept: application/json'
            ]
        ]);
        
        if ($data && $method !== 'GET') {
            curl_setopt($curl, CURLOPT_POSTFIELDS, json_encode($data));
        }
        
        $response = curl_exec($curl);
        $httpCode = curl_getinfo($curl, CURLINFO_HTTP_CODE);
        curl_close($curl);
        
        return [
            'status' => $httpCode,
            'data' => json_decode($response, true)
        ];
    }
    
    public function getSites($limit = 100) {
        return $this->makeRequest("sites?limit=$limit");
    }
    
    public function getSite($hostname) {
        return $this->makeRequest("sites/" . urlencode($hostname));
    }
    
    public function requestScan($hostname, $force = false) {
        return $this->makeRequest('scan', 'POST', [
            'hostname' => $hostname,
            'force' => $force
        ]);
    }
}

// Usage example
$api = new SigmaAPI('your_api_key_here');
$sites = $api->getSites();

if ($sites['status'] === 200 && $sites['data']['success']) {
    foreach ($sites['data']['data'] as $site) {
        echo "Site: {$site['hostname']} - Grade: {$site['grade']}\n";
    }
}
?>

Python Examples

import requests
import json

class SigmaAPI:
    def __init__(self, api_key):
        self.base_url = 'https://sigma.silverday.de/api/v1/'
        self.headers = {
            'X-API-Key': api_key,
            'Content-Type': 'application/json',
            'Accept': 'application/json'
        }
    
    def get_sites(self, limit=100):
        """Get list of monitored sites"""
        response = requests.get(
            f"{self.base_url}sites",
            headers=self.headers,
            params={'limit': limit}
        )
        return response.json()
    
    def get_site(self, hostname):
        """Get details for specific site"""
        response = requests.get(
            f"{self.base_url}sites/{hostname}",
            headers=self.headers
        )
        return response.json()
    
    def request_scan(self, hostname, force=False):
        """Request new scan for site"""
        data = {
            'hostname': hostname,
            'force': force
        }
        response = requests.post(
            f"{self.base_url}scan",
            headers=self.headers,
            json=data
        )
        return response.json()

# Usage example
api = SigmaAPI('your_api_key_here')

# Get all sites
sites = api.get_sites()
if sites['success']:
    for site in sites['data']:
        print(f"Site: {site['hostname']} - Grade: {site['grade']}")

# Request scan for specific site
scan_result = api.request_scan('example.com')
print(scan_result['message'])

JavaScript Examples

class SigmaAPI {
    constructor(apiKey) {
        this.baseUrl = 'https://sigma.silverday.de/api/v1/';
        this.headers = {
            'X-API-Key': apiKey,
            'Content-Type': 'application/json',
            'Accept': 'application/json'
        };
    }

    async makeRequest(endpoint, options = {}) {
        const url = this.baseUrl + endpoint;
        const config = {
            headers: this.headers,
            ...options
        };

        try {
            const response = await fetch(url, config);
            return await response.json();
        } catch (error) {
            console.error('API request failed:', error);
            throw error;
        }
    }

    async getSites(limit = 100) {
        return await this.makeRequest(`sites?limit=${limit}`);
    }

    async getSite(hostname) {
        return await this.makeRequest(`sites/${encodeURIComponent(hostname)}`);
    }

    async requestScan(hostname, force = false) {
        return await this.makeRequest('scan', {
            method: 'POST',
            body: JSON.stringify({
                hostname: hostname,
                force: force
            })
        });
    }
}

// Usage example
const api = new SigmaAPI('your_api_key_here');

// Get all sites
api.getSites()
    .then(result => {
        if (result.success) {
            result.data.forEach(site => {
                console.log(`Site: ${site.hostname} - Grade: ${site.grade}`);
            });
        }
    })
    .catch(error => console.error('Error:', error));

// Request scan with async/await
async function scanSite(hostname) {
    try {
        const result = await api.requestScan(hostname);
        console.log(result.message);
    } catch (error) {
        console.error('Scan request failed:', error);
    }
}

Response Format

All API responses follow a consistent JSON format:

Success Response

{
  "success": true,
  "message": "Request completed successfully",
  "data": { /* Response data */ },
  "timestamp": 1693948800
}

Error Response

{
  "success": false,
  "message": "Error description",
  "error_code": "INVALID_API_KEY",
  "errors": { /* Detailed error information */ },
  "timestamp": 1693948800
}

Error Handling

HTTP Status Codes

Status Code	Description
200	OK - Request successful
400	Bad Request - Invalid parameters
401	Unauthorized - Invalid or missing API key
403	Forbidden - Insufficient permissions
404	Not Found - Resource not found
405	Method Not Allowed - HTTP method not supported
500	Internal Server Error - Server error

Common Error Codes

Error Code	Description
INVALID_API_KEY	API key is invalid or expired
INSUFFICIENT_PERMISSIONS	Account lacks required permissions
SITE_NOT_FOUND	Requested site is not in your account
SCAN_COOLDOWN	Site scan is on cooldown period

Changelog

Version 1.0 - September 2025

Initial API release
Sites endpoint with filtering
Certificates endpoint
Scan request endpoint
API key authentication
Permission-based access control
Comprehensive documentation

SIGMA API Documentation

Table of Contents