PluginInsight API

Upload a plugin for analysis

One upload per IP every 5 minutes. Results redirect to www.plugininsight.com automatically.

Quick start

Upload a plugin ZIP with a single curl command:

curl -X POST https://api.plugininsight.com/ \
     -F "plugin=@/path/to/your-plugin.zip"

Endpoints

Method	Path	Description
POST	`/`	Upload a plugin ZIP for analysis
GET	`/{uuid}`	Retrieve the analysis result for a previous upload

POST/ — Upload plugin

Request

Send a multipart/form-data request with a single field named plugin containing the plugin ZIP file.

Content-Type: multipart/form-data
Field name:   plugin
Max size:     128 MB
Extension:    .zip

Successful responses

HTTP	Meaning
`201 Created`	Plugin uploaded and queued for analysis via RabbitMQ.
`202 Accepted`	Plugin uploaded but not yet queued (broker temporarily unavailable). Will be retried automatically.

Response body (201 / 202)

{
  "uuid":   "550e8400-e29b-41d4-a716-446655440000",
  "status": "queued",
  "plugin": {
    "slug":         "my-plugin",
    "name":         "My Plugin",
    "version":      "1.2.3",
    "author":       "Jane Doe",
    "requires":     "6.0",
    "tested":       "6.7",
    "requires_php": "8.0",
    "description":  "A short description of the plugin."
  },
  "result_url": "https://www.plugininsight.com/api/550e8400-e29b-41d4-a716-446655440000/",
  "api_url":    "https://api.plugininsight.com/550e8400-e29b-41d4-a716-446655440000/"
}

Error responses

HTTP	Error code	Reason
`400`	`no_file`	No file uploaded or field name wrong
`400`	`upload_error`	PHP upload error (e.g. partial upload)
`400`	`invalid_extension`	File does not end in `.zip`
`400`	`invalid_mime`	File magic bytes do not match a valid ZIP
`413`	`file_too_large`	File exceeds 128 MB
`422`	`extraction_failed`	ZIP could not be extracted or parsed
`500`	`internal_error`	Unexpected server error
`503`	`service_unavailable`	API is temporarily disabled

GET/{uuid} — Retrieve result

Poll this endpoint to check analysis progress. Replace {uuid} with the value returned by the upload call.

curl https://api.plugininsight.com/550e8400-e29b-41d4-a716-446655440000

Response body

{
  "uuid":         "550e8400-e29b-41d4-a716-446655440000",
  "status":       "done",
  "uploaded_at":  "2026-03-21 10:00:00",
  "processed_at": "2026-03-21 10:01:00",
  "plugin": {
    "slug":         "my-plugin",
    "name":         "My Plugin",
    "version":      "1.2.3",
    "author":       "Jane Doe",
    "requires":     "6.0",
    "tested":       "6.7",
    "requires_php": "8.0",
    "description":  "A short description of the plugin."
  },
  "error":      null,
  "result_url": "https://www.plugininsight.com/api/550e8400-e29b-41d4-a716-446655440000/",
  "results": {
    "basic": {
      "runner":      "Basic Analysis",
      "analysed_at": "2026-03-21 10:01:00",
      "result": { }
    },
    "security": {
      "runner":      "Security Analysis",
      "analysed_at": "2026-03-21 10:01:05",
      "result": { }
    }
  }
}

results is an object keyed by runner slug. Each entry contains the runner display name, the timestamp the analysis was stored, and the full raw result JSON produced by that runner. The object is empty while analysis is still in progress.

Status values

pending — uploaded, waiting to be queued
queued — published to the analysis queue; results may already be arriving
done — all expected runners have finished
error — analysis failed; see the error field for details

Notes

No authentication is required.
All requests and responses use UTF-8 encoding.
Results are public and retained indefinitely.
The HTML report is available at the result_url returned in the response.
Poll the result endpoint every few seconds — analysis typically completes within a minute.

PluginInsight Upload API