{"name":"CyberStackHub API","version":"1.0","vertical":"cybersecurity","base_url":"https://cyberstackhub.ai","description":"API-first cybersecurity tools for risk assessment, compliance, and threat analysis. All endpoints return standardized envelopes with cross-vertical tagging for Stack Network orchestration.","authentication":{"type":"optional_jwt","description":"Unauthenticated: 10 req/hour per IP. Authenticated (JWT Bearer): 100 req/hour. Stack Network orchestrator (X-Stack-Orchestrator header): unlimited.","rate_limits":{"unauthenticated":"10 requests/hour per IP","authenticated":"100 requests/hour per user","orchestrator":"Unlimited (requires X-Stack-Orchestrator header)"}},"response_envelope":{"description":"All endpoints return a standardized envelope","schema":{"success":"boolean","data":"object (tool-specific payload)","meta":{"tool":"string (tool slug)","version":"string","generated_at":"ISO 8601 timestamp","vertical":"cybersecurity","cross_vertical_tags":"string[] — adjacent Stack Network verticals","ai_generated":"boolean","data_freshness":"real-time","source":"api | browser | orchestrator","source_site":"string (optional, from X-Source-Site header)"}}},"tools":[{"tool":"risk-assessment","endpoint":"POST /api/tools/risk-assessment","description":"Full cybersecurity risk assessment with per-domain scoring, grade, and AI-generated recommendations.","cross_vertical_tags":["compliance","insurance","legal","finance"],"input":{"company_name":"string (required) — organization name","industry":"string (optional) — industry sector","company_size":"string (optional) — employee count or range","answers":{"type":"object (optional) — boolean answer map","keys":{"mfa_enabled":"boolean","least_privilege":"boolean","privileged_access_managed":"boolean","data_encrypted_at_rest":"boolean","data_encrypted_in_transit":"boolean","data_classified":"boolean","firewall_configured":"boolean","network_segmentation":"boolean","vulnerability_scanning":"boolean","incident_response_plan":"boolean","ir_tested":"boolean","breach_notification_process":"boolean","framework_adopted":"boolean","annual_audit":"boolean","vendor_assessment":"boolean","security_training":"boolean","phishing_simulations":"boolean","security_policy_documented":"boolean"}}},"output":{"session_id":"string","score":"integer 0-100","grade":"A | B | C | D | F","domain_scores":{"access_control":"integer 0-100","data_protection":"integer 0-100","network_security":"integer 0-100","incident_response":"integer 0-100","compliance":"integer 0-100","employee_awareness":"integer 0-100"},"recommendations":"array of {domain, priority, action, detail}","executive_summary":"string","risk_summary":"string","generated_at":"ISO 8601 timestamp"}},{"tool":"password-check","endpoint":"POST /api/tools/password-check","description":"Password strength analyzer. Passwords are NEVER stored or logged.","cross_vertical_tags":["identity","access-management","iam"],"input":{"password":"string (required) — the password to analyze (max 512 chars)"},"output":{"strength_score":"integer 0-100","grade":"Strong | Moderate | Weak | Very Weak","crack_time_estimate":"string — human-readable estimate","character_length":"integer","issues":"string[] — identified weaknesses","recommendations":"string[] — actionable improvements","characteristics":{"has_uppercase":"boolean","has_lowercase":"boolean","has_numbers":"boolean","has_symbols":"boolean","unique_characters":"integer"},"generated_at":"ISO 8601 timestamp"},"privacy_note":"Password is never stored, logged, or transmitted beyond this analysis."},{"tool":"phishing-test","endpoint":"POST /api/tools/phishing-test","description":"Phishing indicator analyzer for email content, URLs, and sender addresses.","cross_vertical_tags":["email-security","awareness-training","fraud"],"input":{"email_text":"string (optional) — email body to analyze (max 2000 chars)","url":"string (optional) — URL to analyze (max 500 chars)","sender_address":"string (optional) — sender email address to analyze","note":"At least one of email_text, url, or sender_address is required"},"output":{"session_id":"string","risk_score":"integer 0-100","risk_level":"High | Medium | Low | Minimal","verdict":"Likely Phishing | Suspicious | Probably Safe | Cannot Determine","indicators":"array of {type, severity, detail}","explanation":"string — plain-English explanation for non-technical users","recommended_actions":"string[]","generated_at":"ISO 8601 timestamp"}},{"tool":"breach-scan","endpoint":"POST /api/tools/breach-scan","description":"Breach exposure simulation for email addresses and domains. AI-generated educational simulation.","cross_vertical_tags":["identity","privacy","legal"],"input":{"email":"string (optional) — email address to scan","domain":"string (optional) — domain to scan","note":"At least one of email or domain is required"},"output":{"session_id":"string","breaches_found":"boolean","breach_count":"integer","risk_level":"High | Medium | Low | None","breaches":"array of {name, date, data_types, severity, records_affected, description}","exposure_summary":"string","recommendations":"string[]","disclaimer":"string — clarifies AI simulation nature","generated_at":"ISO 8601 timestamp"},"disclaimer":"Results are AI-generated educational simulations. Not a live breach database query."},{"tool":"security-scorecard","endpoint":"POST /api/tools/security-scorecard","description":"Security posture scorecard with category scoring, industry benchmarking, and improvement roadmap.","cross_vertical_tags":["compliance","risk-management","regulatory","insurance"],"input":{"company_name":"string (required)","industry":"string (optional) — healthcare | finance | technology | retail | manufacturing | government | education","current_measures":"string[] (optional) — list of security measures in place (e.g. [\"mfa\", \"siem\", \"soc2\", \"encryption\"])","infrastructure_type":"string (optional) — cloud | on-prem | hybrid"},"output":{"session_id":"string","overall_score":"integer 0-100","grade":"A | B | C | D | F","category_scores":{"Identity & Access":"integer 0-100","Data Protection":"integer 0-100","Network Security":"integer 0-100","Threat Management":"integer 0-100","Compliance":"integer 0-100","Operational":"integer 0-100"},"benchmarks":{"industry_avg":"integer","industry_top_quartile":"integer","your_score":"integer","vs_industry_avg":"integer (positive = above average)","vs_top_quartile":"integer (negative = below top quartile)"},"executive_summary":"string","improvements":"array of {category, title, impact, effort, description}","strengths":"string[]","key_gaps":"string[]","generated_at":"ISO 8601 timestamp"}},{"tool":"compliance-check","endpoint":"POST /api/tools/compliance-check","description":"Compliance readiness assessment with per-framework scoring, gap analysis, and certification roadmap.","cross_vertical_tags":["legal","regulatory","audit","healthcare","finance"],"input":{"company_name":"string (required)","target_frameworks":"string[] (required) — one or more of: soc2, iso27001, hipaa, gdpr, pci_dss","current_measures":"string[] (optional) — list of current security measures","industry":"string (optional)"},"output":{"session_id":"string","company_name":"string","target_frameworks":"string[] — display names of assessed frameworks","readiness_scores":"object — {framework_display_name: integer 0-100}","readiness_scores_by_key":"object — {framework_key: integer 0-100}","executive_summary":"string","gaps":"array of {framework, control, requirement, status} — top 20 gaps","next_steps":"array of {step, title, framework, priority, description}","certification_timeline":"{estimated_months, key_milestones}","total_gaps_found":"integer","generated_at":"ISO 8601 timestamp"},"supported_frameworks":{"soc2":"SOC 2 Type II","iso27001":"ISO 27001:2022","hipaa":"HIPAA","gdpr":"GDPR","pci_dss":"PCI DSS v4.0"}}],"orchestrator_headers":{"X-Stack-Orchestrator":"Set to any truthy value to bypass rate limits","X-Source-Site":"Set to the referring Stack Network site slug for analytics"}}