Developer platform
Embed launch clearance in your pipeline.
REST API, typed SDK, CLI, GitHub Action, and signed webhooks — gate deploys on real clearance verdicts, not vanity scores.
REST API
Versioned JSON API under /v1. Authenticate with X-API-Key. Responses use a standard envelope: { success, data } or { success: false, error }.
- Base URL:
https://api.launchauditor.com/v1 - OpenAPI 3.1: /api/v1/openapi.json (same-origin proxy)
- Public benchmarks: GET /v1/public/benchmarks/state-of-launch · report
Create a scan
curl
curl -X POST https://api.launchauditor.com/v1/scans \
-H "Content-Type: application/json" \
-H "X-API-Key: $ALA_API_KEY" \
-d '{"url":"https://example.com","depth":3}'API keys & scopes
Keys are prefixed with ala_live_, stored hashed, and scoped to your organization. Assign least-privilege scopes per integration.
scans:create
Queue new website scans
scans:read
Poll status, clearance, issues
reports:create
Generate PDF/CSV reports
reports:read
Download generated reports
projects:read
List launches and trends
webhooks:manage
Configure outbound webhooks (Agency)
CLI
launch-auditor (alias ala) wraps the API for local runs and CI gates. Exit codes map to clearance: 0 cleared, 1 hold, 2 no-go.
Install
# Global install (when published)
npm i -g @ala/cli
# From this monorepo
pnpm --filter @ala/cli build
pnpm link --global --filter @ala/cli
# Authenticate
export ALA_API_KEY="ala_live_..."Usage
# Run a scan and gate on clearance (exit 1 on HOLD, 2 on NO-GO)
launch-auditor scan https://staging.example.com --depth 3
# Fetch clearance for an existing scan
launch-auditor clearance <scan-id>TypeScript SDK
Thin typed client in @ala/sdk — polling, clearance, issues, and report download helpers included. More SDK examples →
Quick start
import { LaunchAuditorClient } from "@ala/sdk";
const client = new LaunchAuditorClient({
apiKey: process.env.ALA_API_KEY!,
baseUrl: "https://api.launchauditor.com/v1",
});
const { id } = await client.createScan({ url: "https://example.com" });
const scan = await client.pollScan(id, {
onProgress: (s) => console.log(s.status, s.progress),
});
const clearance = await client.getClearance(id);
console.log(clearance.verdict, clearance.blockers.length);GitHub Action
Composite action in templates/github-action creates a scan, waits for completion, checks launch readiness, and fails the workflow when the verdict is below your policy.
Store ALA_API_KEY as a repository secret with scans:create and scans:read scopes.
workflow.yml
- name: Launch Auditor gate
uses: ./templates/github-action
with:
url: https://staging.example.com
api-key: ${{ secrets.ALA_API_KEY }}
api-url: https://api.launchauditor.com/v1
depth: "3"
min-verdict: fixOutbound webhooks
Agency plans can register HTTPS endpoints for scan, monitor, and blocker events. Payloads are signed with HMAC-SHA256 via X-ALA-Signature. Delivery logs live in Settings.
Verify signature
import crypto from "node:crypto";
const signature = req.headers["x-ala-signature"];
const expected = crypto
.createHmac("sha256", process.env.WEBHOOK_SECRET!)
.update(rawBody)
.digest("hex");
if (signature !== expected) {
throw new Error("Invalid webhook signature");
}