Developer Integration Guide
Integrate the Yuki Security Engine directly into your dApps, CI/CD pipelines, and audit workflows.
1Authentication
To access the API, you need an API Key.
- Log in to your Yuki Dashboard.
- Navigate to API Keys in the sidebar.
- Click "Generate New Key".
- Keep this key safe! It starts with
yuki_sk_....
yuki_sk_...) in frontend code. All API calls should be made from your secure backend environment.2Using the SDK (Recommended)
Our official SDK provides a type-safe, easy way to interact with the Yuki Engine.
Installation
npm install @agent-yuki/sdk
# or
yarn add @agent-yuki/sdkInitialization
import { YukiClient } from '@agent-yuki/sdk';
const yuki = new YukiClient({
apiKey: process.env.YUKI_API_KEY, // e.g., 'yuki_sk_...'
});Examples
Scan a Solana Address
Analyze a deployed smart contract or wallet address.
const analysis = await yuki.scan.address({
address: 'DezXAZ8z7PnrnRJjz3wXBoRgixCa6xjnB7YaB1pPB263',
network: 'SOLANA', // 'SOLANA' | 'ETHEREUM' | 'BASE'
});
console.log(`Score: ${analysis.score}/100`);
console.log('Vulnerabilities:', analysis.vulnerabilities);Scan a GitHub Repository
Perfect for CI/CD integrations.
const analysis = await yuki.scan.github({
url: 'https://github.com/client-xyz/new-defi-protocol',
branch: 'main' // optional
});Scan Raw Code
Analyze un-deployed code snippets on the fly.
const codeSnippet = `
pub fn insecure_transfer(ctx: Context<Transfer>, amount: u64) -> Result<()> {
// ... risky logic ...
}
`;
const analysis = await yuki.scan.raw({
content: codeSnippet,
language: 'RUST' // optional hint
});3Direct API Usage
If you prefer not to use the SDK, you can make HTTP requests directly.
Headers
Content-Type: application/json
Authorization: Bearer yuki_sk_...Request Body
{
"type": "ADDRESS",
"content": "DezXAZ8z7PnrnRJjz3wXBoRgixCa6xjnB7YaB1pPB263",
"network": "SOLANA"
}Response Preview
{
"score": 85,
"severity": "Low",
"status": "No Issues Detected",
"summary": "Contract appears well-structured...",
"vulnerabilities": [],
"timestamp": "2026-05-10T12:00:00Z"
}4Response Schema
The API returns a JSON object containing the analysis results. The vulnerabilities array contains detailed findings.
{
"score": 85, // 0-100 Security Score
"severity": "Low", // Critical | High | Medium | Low | Info
"status": "No Issues Detected",
"summary": "Contract appears well-structured...",
"vulnerabilities": [
{
"id": "vuln-123",
"name": "Reentrancy Risk",
"severity": "High",
"line": 42,
"description": "External call before state update...",
"recommendation": "Use ReentrancyGuard or Checks-Effects-Interactions pattern."
}
],
"timestamp": "2026-05-10T12:00:00Z"
}5Supported Platforms
| Network | Languages | Key Features |
|---|---|---|
| Solana | Rust (Anchor), Native | PDA Validation, SPL Token Security, Signer Checks |
| Ethereum | Solidity, Vyper | Reentrancy, Gas Optimization, ERC Compliance |
| Base / L2s | Solidity | Standard EVM Security Checks |
6Error Handling
The API uses standard HTTP status codes to indicate success or failure.
400Bad RequestInvalid JSON or unsupported language.401UnauthorizedMissing or invalid API Key.402Payment RequiredInsufficient credits. Please top up.429Too Many RequestsRate limit exceeded (60/min).7Best Practices
🔒 CI/CD Integration
Fail your build pipelines if severity is 'High' or 'Critical'. This prevents vulnerable code from reaching production.
⚡ Caching
Cache analysis results for immutable smart contract versions to save credits and reduce latency.
8Rate Limits & Credits
Rate Limits
60 requests per minute per IP.
Credits
Each scan consumes 1 Credit.
Check your balance via yuki.users.me() or the Dashboard.