ComplianceLayer — Marketplace Listing Copy

---

RapidAPI Listing

API Name: ComplianceLayer Security Scanner

Short Description (160 chars):
Full infrastructure security scoring for any domain. SSL, DNS/email, HTTP headers, open ports. One API call. JSON report. $0.99/scan.

Long Description:
ComplianceLayer is a comprehensive security scoring API that analyzes the external security posture of any domain and returns a detailed, scored report in seconds.

What It Checks

SSL/TLS Security

• Certificate validity and expiry
• TLS version support (flags TLS 1.0/1.1)
• HSTS configuration
• Cipher suite strength

DNS & Email Security

• SPF record (detects softfail ~all vs strict -all)
• DMARC policy and enforcement level
• DKIM selectors (checks common selectors)
• MX record configuration

HTTP Security Headers

• Content-Security-Policy
• Strict-Transport-Security (HSTS)
• X-Content-Type-Options
• X-Frame-Options
• Referrer-Policy
• Permissions-Policy

Open Ports

• Checks for exposed management ports (RDP, SSH, admin panels)
• Identifies non-standard open ports
• Risk rating per port

Response Format

JSON report with:

• Overall score (0-100) and letter grade (A-F)
• Per-module scores and grades
• List of issues with severity (Critical/High/Medium/Low)
• Specific remediation steps for each issue

Who Uses This

• MSPs — Automated client security reporting and pre-sales audits
• Cyber insurers — Domain pre-qualification before underwriting
• Security teams — Continuous external posture monitoring
• Developers — Security checks in CI/CD pipelines

Why Not BitSight or SecurityScorecard?

Enterprise security rating platforms start at $30,000/year with mandatory sales cycles. ComplianceLayer is API-first and self-serve. Pay per scan, no contracts, no meetings.

Keywords: security scanner, SSL checker, DMARC checker, DNS security, HTTP headers, security scoring, domain security, security rating, infrastructure security, port scanner

---

APILayer Listing

Category: Security & Identity

API Name: ComplianceLayer — Infrastructure Security Score

Tagline: Enterprise-grade security scoring at API prices. SSL, DNS, headers, ports — one call.

Description:

ComplianceLayer delivers comprehensive security posture scores for any internet-facing domain. Built for MSPs, security teams, and developers who need actionable security data without enterprise contracts.

Core Capabilities:

• Full SSL/TLS analysis with cipher suite inspection
• Email security validation (SPF, DMARC, DKIM)
• HTTP security header scoring (CSP, HSTS, X-Frame-Options, and more)
• Open port detection and risk classification
• Unified A-F letter grade with per-module breakdown
• Specific remediation recommendations for every issue

Technical specs:

• Response time: ~10-15 seconds (full scan)
• Output: JSON
• Authentication: API key (X-API-Key header)
• Rate limiting: per-key, configurable
• Uptime SLA: 99.9%

Ideal for:

• MSP client security reporting pipelines
• Cyber insurance pre-qualification workflows
• Security-as-code in DevOps pipelines
• Automated external attack surface monitoring

---

Product Hunt Listing

Name: ComplianceLayer

Tagline: BitSight-grade security scoring for $0.99/scan

Description:
We built a security scoring API that MSPs and developers actually afford. One API call returns a full external security posture score — SSL/TLS, DNS/email security, HTTP headers, and open ports — with A-F grades and specific fix recommendations.

Enterprise tools like BitSight charge $30K+/year. ComplianceLayer starts at $0.

Free: 10 scans/month
Starter: $99/month → 100 scans
Pro: $249/month → 500 scans

No sales calls. No contracts. Just an API key.

First comment (pin this):
Hey PH! 👋

I'm Robert, the founder. I built ComplianceLayer after getting frustrated with security tooling that's either free-but-useless or $30K/year-but-overkill.

The target user: MSPs who want to automate client security reports, developers who want to add security checks to their pipelines, and anyone who wants to know if a domain's security hygiene is actually good or just looks good.

Try the free tier — no credit card. Run a scan on your own domain and see what it finds.

What would make this actually useful for your workflow? Drop it in the comments.

Gallery screenshots needed:

1. Example JSON response (clean, formatted)
2. Score breakdown (A-F per category)
3. Remediation recommendations list
4. curl example command

---

Dev.to Article #1 (Tutorial)

Title: How to check any domain's security posture in 5 lines of Python

Opening hook:

Before you sign a new client, run this script on their domain. It'll tell you more in 15 seconds than a 2-hour security interview.

Body: [Tutorial using ComplianceLayer API in Python]

CTA at bottom:

ComplianceLayer API — free tier, 10 scans/month, no credit card.
pip install requests and you're good to go.

---

Twitter/X Launch Thread

Tweet 1:

I built a security scoring API because BitSight costs $30K/year and I couldn't justify it for checking client domains.

ComplianceLayer: SSL, DNS/email, HTTP headers, open ports. One API call. $0.99/scan.

🧵 Here's what it finds (real data):

Tweet 2:

Scanned 100 random domains this week.

• 41% had no DMARC record
• 23% had certs expiring in < 30 days
• 78% were missing Content-Security-Policy
• 8% had RDP publicly accessible

Basic stuff. Most of it fixable in an afternoon.

Tweet 3:

The API response looks like this:
[screenshot of clean JSON with grades]

A-F per category, overall score, specific fixes for each issue.
Takes about 15 seconds per scan.

Tweet 4:

Who's it for:
→ MSPs automating client security reports
→ DevOps teams adding security to pipelines

→ Cyber insurers pre-qualifying domains
→ Anyone who wants to know if their security hygiene is real or just vibes

compliancelayer.net — free tier, no card.

Tweet 5:

Also on RapidAPI if you prefer that workflow.

[link]

Would love feedback from anyone who runs it on their domain. Drop your score in the replies 👇

---

Built by ComplianceLayer — scan any domain for security compliance in seconds. Get your free API key.