brin
api

API Overview

The brin REST API — no auth, no signup, one GET request

The brin API scores any external context your agent might interact with. No auth, no signup, no SDK required.

##Base URL

Text
https://api.brin.sh

##Entity types

brin supports 9 origin types across 6 context categories:

OriginExample
npmnpm/express
pypipypi/requests
cratecrate/tokio
reporepo/expressjs/express
domaindomain/example.com
pagepage/example.com/path
mcpmcp/owner/repo
skillskill/owner/repo

##Quick example

Bash
curl https://api.brin.sh/npm/express
JSON
{
  "score": 85,
  "verdict": "safe",
  "confidence": "high",
  "tolerance": "conservative",
  "url": "https://api.brin.sh/npm/express",
  "scanned_at": "2026-03-01T12:00:00Z"
}

Every response also includes headers for lightweight checks:

Text
x-brin-score:      85
x-brin-verdict:    safe
x-brin-confidence: high
x-brin-tolerance:  conservative

##Verdicts

VerdictMeaning
safeProceed
cautionReview before using
suspiciousLikely malicious
dangerousDo not use

##New artifacts

If an artifact hasn't been scanned yet, brin returns a preliminary score immediately and queues a full 3-tier scan in the background. Subsequent requests return the full result. Use a webhook to get notified when the scan completes:

Bash
curl "https://api.brin.sh/npm/some-package?webhook=https://your-server.com/callback"

##Safety tolerance

Tolerance controls how the numeric score (0–100) maps to a verdict. The raw score never changes.

ScoreConservative (default)LenientYolo
80–100safesafesafe
60–79cautionsafesafe
50–59cautioncautionsafe
40–49suspiciouscautionsafe
20–39suspicioussuspiciouscaution
0–19dangerousdangeroussuspicious
Bash
curl "https://api.brin.sh/npm/express?tolerance=lenient"

##Authentication

No authentication required. The API is public and free.

##Rate limits

300 requests per minute per IP. Contact us for higher limits.