Developer platform

Embed launch clearance in your pipeline.

REST API, typed SDK, CLI, GitHub Action, and signed webhooks — gate deploys on real clearance verdicts, not vanity scores.

REST API

Versioned JSON API under /v1. Authenticate with X-API-Key. Responses use a standard envelope: { success, data } or { success: false, error }.

Browse interactive reference

Create a scan

curl

curl -X POST https://api.launchauditor.com/v1/scans \
  -H "Content-Type: application/json" \
  -H "X-API-Key: $ALA_API_KEY" \
  -d '{"url":"https://example.com","depth":3}'

API keys & scopes

Keys are prefixed with ala_live_, stored hashed, and scoped to your organization. Assign least-privilege scopes per integration.

scans:create

Queue new website scans

scans:read

Poll status, clearance, issues

reports:create

Generate PDF/CSV reports

reports:read

Download generated reports

projects:read

List launches and trends

webhooks:manage

Configure outbound webhooks (Agency)

CLI

launch-auditor (alias ala) wraps the API for local runs and CI gates. Exit codes map to clearance: 0 cleared, 1 hold, 2 no-go.

Install

# Global install (when published)
npm i -g @ala/cli

# From this monorepo
pnpm --filter @ala/cli build
pnpm link --global --filter @ala/cli

# Authenticate
export ALA_API_KEY="ala_live_..."

Usage

# Run a scan and gate on clearance (exit 1 on HOLD, 2 on NO-GO)
launch-auditor scan https://staging.example.com --depth 3

# Fetch clearance for an existing scan
launch-auditor clearance <scan-id>

TypeScript SDK

Thin typed client in @ala/sdk — polling, clearance, issues, and report download helpers included. More SDK examples →

Quick start

import { LaunchAuditorClient } from "@ala/sdk";

const client = new LaunchAuditorClient({
  apiKey: process.env.ALA_API_KEY!,
  baseUrl: "https://api.launchauditor.com/v1",
});

const { id } = await client.createScan({ url: "https://example.com" });
const scan = await client.pollScan(id, {
  onProgress: (s) => console.log(s.status, s.progress),
});

const clearance = await client.getClearance(id);
console.log(clearance.verdict, clearance.blockers.length);

GitHub Action

Composite action in templates/github-action creates a scan, waits for completion, checks launch readiness, and fails the workflow when the verdict is below your policy.

Store ALA_API_KEY as a repository secret with scans:create and scans:read scopes.

workflow.yml

- name: Launch Auditor gate
  uses: ./templates/github-action
  with:
    url: https://staging.example.com
    api-key: ${{ secrets.ALA_API_KEY }}
    api-url: https://api.launchauditor.com/v1
    depth: "3"
    min-verdict: fix

Outbound webhooks

Agency plans can register HTTPS endpoints for scan, monitor, and blocker events. Payloads are signed with HMAC-SHA256 via X-ALA-Signature. Delivery logs live in Settings.

scan.completedscan.failedcode_scan.completedcode_scan.failedmonitor.regressionmonitor.alertcritical.blockersclearance.downgradedtimeline.phase_clearedtimeline.task_completedcompetitor.movementreview.completed
Manage webhooks

Verify signature

import crypto from "node:crypto";

const signature = req.headers["x-ala-signature"];
const expected = crypto
  .createHmac("sha256", process.env.WEBHOOK_SECRET!)
  .update(rawBody)
  .digest("hex");

if (signature !== expected) {
  throw new Error("Invalid webhook signature");
}
Developers — API, CLI & CI | Launch Auditor