Multiple AAGUIDs are analyzed in one request.
REST API
POST /api/analyze- Body:
{"aaguids": ["…", "…"], "filters": {…}}— batch analysis, returns JSON per AAGUID. Optionalfiltersobject supports the same criteria as the catalog (ctap,min_certification,microsoft_allowed,hmac_or_prf,uv_or_client_pin,resident_key,valid_only,yubico_only,firmware,search,invert). GET /api/analyze/{aaguid}- Single AAGUID analysis.
GET /api/authenticators- Filtered catalog. Params:
ctap(2.0|2.1|2.2|2.3, minimum),min_certification(l1…l3+),microsoft_allowed(true|false),valid_only,hmac_or_prf,uv_or_client_pin,resident_key,yubico_only,firmware(e.g. 5.7),search,invert(list tokens NOT fulfilling the criteria; search still scopes). GET /api/sources- Cache/source status.
POST /api/refresh- Force-refresh the live sources (FIDO MDS, Microsoft), ignoring the 24 h cache TTL.
GET /docs- Interactive OpenAPI documentation.
Example: curl -s -X POST http://localhost:8080/api/analyze -H "Content-Type: application/json" -d '{"aaguids":["2fc0579f-8113-47ea-b116-bb5a8db9202a"]}'
Loading source status…
Forces a refetch of the live sources (FIDO MDS, Microsoft). The Yubico table is a bundled snapshot and is not affected.