Skip to content

JavaScript Integration Guide

Complete JavaScript/TypeScript examples for BreachSpider API integration.

Client Setup

const BREACHSPIDER_BASE = "https://breachspider.com/api/v1";

class BreachSpiderClient {
  private headers: Record<string, string>;

  constructor(apiKey: string) {
    this.headers = {
      "Authorization": `Bearer ${apiKey}`,
      "Content-Type": "application/json",
    };
  }

  async getCve(cveId: string) {
    const res = await fetch(`${BREACHSPIDER_BASE}/cves/${cveId}`, {
      headers: this.headers,
    });
    if (!res.ok) {
      const err = await res.json();
      throw new Error(`${err.error.code}: ${err.error.message}`);
    }
    const data = await res.json();
    return data.data;
  }

  async searchCves(params: {
    severity?: string;
    kevOnly?: boolean;
    vendor?: string;
    page?: number;
    limit?: number;
  }) {
    const query = new URLSearchParams({
      page: String(params.page ?? 1),
      limit: String(params.limit ?? 20),
      ...(params.severity && { severity: params.severity }),
      ...(params.kevOnly && { kev_only: "true" }),
      ...(params.vendor && { vendor: params.vendor }),
    });

    const res = await fetch(`${BREACHSPIDER_BASE}/cves?${query}`, {
      headers: this.headers,
    });
    const data = await res.json();
    return data;
  }

  async getKev(limit = 100) {
    const res = await fetch(`${BREACHSPIDER_BASE}/cves/kev?limit=${limit}`, {
      headers: this.headers,
    });
    const data = await res.json();
    return data.data;
  }

  async getDashboard() {
    const res = await fetch(`${BREACHSPIDER_BASE}/dashboard`, {
      headers: this.headers,
    });
    const data = await res.json();
    return data.data;
  }
}

React Hook Example

import { useState, useEffect } from "react";

function useCve(cveId: string, apiKey: string) {
  const [cve, setCve] = useState(null);
  const [loading, setLoading] = useState(true);
  const [error, setError] = useState<string | null>(null);

  useEffect(() => {
    if (!cveId) return;

    fetch(`https://breachspider.com/api/v1/cves/${cveId}`, {
      headers: { Authorization: `Bearer ${apiKey}` },
    })
      .then((res) => res.json())
      .then((data) => {
        if (data.error) throw new Error(data.error.message);
        setCve(data.data);
      })
      .catch((err) => setError(err.message))
      .finally(() => setLoading(false));
  }, [cveId]);

  return { cve, loading, error };
}

Webhook Consumer (Node.js/Express)

const express = require("express");
const crypto = require("crypto");

const app = express();
const WEBHOOK_SECRET = "your-webhook-secret";

app.use(express.raw({ type: "application/json" }));

function verifySignature(payload, signature) {
  const expected =
    "sha256=" +
    crypto.createHmac("sha256", WEBHOOK_SECRET).update(payload).digest("hex");
  return crypto.timingSafeEqual(
    Buffer.from(expected),
    Buffer.from(signature)
  );
}

app.post("/breachspider-webhook", (req, res) => {
  const signature = req.headers["x-breachspider-signature"] || "";

  if (!verifySignature(req.body, signature)) {
    return res.status(401).json({ error: "Invalid signature" });
  }

  const event = JSON.parse(req.body);

  switch (event.event) {
    case "kev.new":
      console.log(`New KEV: ${event.data.cve_id}`);
      break;
    case "cve.critical":
      console.log(`Critical CVE: ${event.data.cve_id}`);
      break;
    default:
      console.log(`Event: ${event.event}`);
  }

  res.json({ status: "received" });
});

app.listen(3000);