Recon API

The Recon API provides programmatic access to Charlie Recon scanning capabilities. Use it to initiate scans, track progress, and retrieve results.

Base URL: https://nprzmfiqtqvoljvcvsyi.supabase.co

Endpoints:

POST /functions/v1/recon-scan Initiates a new recon scan against a target domain.

Request body: { "domain": "example.com", "scan_type": "full" }

Response (202 Accepted): { "scan_id": "uuid", "status": "pending", "target_domain": "example.com", "created_at": "2026-03-22T00:00:00Z" }

GET /functions/v1/recon-progress?scan_id={id} Returns the current progress of a scan, including per-module status.

Response (200 OK): { "scan_id": "uuid", "status": "running", "modules": [ { "module_name": "ssl_tls", "status": "completed", "execution_time_ms": 1200 }, { "module_name": "dns_security", "status": "running", "execution_time_ms": null }, { "module_name": "http_headers", "status": "pending", "execution_time_ms": null } ], "completed_count": 1, "total_count": 10 }

POST /functions/v1/recon-claim Claims scan results for the authenticated user. Requires a valid JWT.

Request body: { "scan_id": "uuid" }

Response (200 OK): { "scan_id": "uuid", "claimed_by": "user-uuid", "score_overall": 72, "score_by_domain": { "DPS": 65, "VSD": 78, "SPH": 80, "IAT": 70, "TID": 60, "RGA": 75 }, "recommended_tier": "C-BUILD" }

RPC: get_recon_results_for_c3(user_id) Returns all claimed scans for a user with module details and recommended missions.

RPC: get_recon_history(user_id) Returns scan history with score deltas over time.

Rate limiting: Recon scans are rate-limited independently of general API limits. Use the check_recon_rate_limit RPC to verify availability before initiating a scan. Default limits are 5 scans per hour per session and 20 scans per day per IP.

Error codes: - 429: Rate limit exceeded. Retry after the window resets. - 400: Invalid domain format or missing required fields. - 401: Authentication required for claim endpoints. - 404: Scan not found or expired (scans are pruned after 30 days if unclaimed).