ComplianceLayer — Marketplace Submission Assets

Created: 2026-03-25 | Use for all API marketplace listings

---

Status

Marketplace	Status	Notes
RapidAPI	✅ Live	Since March 21
Postman API Network	🔲 Ready to publish	Collection file ready
APILayer	🔲 Ready to submit	Apply at marketplace.apilayer.com
Zyla API Hub	🔲 Ready to submit	zylalabs.com/publish
ApyHub	🔲 Ready to submit	apyhub.com/submit
DigitalAPI Marketplace	🔲 Ready to submit	digitalapi.io

---

Core Submission Assets (Reuse Across All)

API Name

ComplianceLayer Security Scoring API

Tagline (short — 100 chars)

External security scanning for MSPs — DNS, SSL, ports, headers, blacklists in one API call

Short Description (250 chars)

Scan any domain and get a complete external security posture report in under 60 seconds. Covers DNS, SSL/TLS, HTTP headers, open ports, email authentication (SPF/DMARC/DKIM), blacklists, and WAF detection. API-first. JSON output. No install required.

Long Description (for marketplace pages)

ComplianceLayer is an external security scanning API built for MSPs, developers, and security teams who need to assess domain security posture at scale.

**What it scans:**
- DNS configuration (MX, SPF, DMARC, DKIM, DNSSEC, CAA)
- SSL/TLS certificate health, expiry date, chain validation, cipher suite
- Open port exposure (~100 ports including RDP/3389, SSH/22, FTP/21, SMB/445)
- HTTP security headers (HSTS, X-Frame-Options, CSP, CORS, Referrer-Policy)
- Email authentication completeness (SPF, DKIM, DMARC policy strength)
- Blacklist/blocklist status (35+ lists)
- Subdomain exposure
- WAF detection
- Breach indicator monitoring

**Output:** Structured JSON with overall A–F grade, per-category scores, individual findings with severity (critical/high/medium/low), and remediation steps. Client-ready PDF reports available.

**Use cases:**
- MSPs scanning client domains for cyber insurance audits
- Security teams monitoring external attack surface
- Developers building security dashboards and automation
- vCISOs generating client reports
- DevOps pipelines checking new deployments

**Why ComplianceLayer:**
Enterprise tools like BitSight ($30K+/year) and SecurityScorecard ($26K+/year) require demo calls and annual contracts. ComplianceLayer is $0.99/scan, self-serve, API-first, with no sales call required. Same external checks. 15-20x cheaper.

**Getting started:**
1. Get a free API key at compliancelayer.net (no credit card, 10 free scans)
2. POST your domain to /v1/scan/ — get a job_id back in < 1 second
3. Poll /v1/scan/jobs/{job_id} until status = "complete" (typically 15–60 seconds)
4. Full JSON results + PDF report available immediately

Free tier: 10 scans/month, no credit card required.

Categories (pick what applies per platform)

Primary: Security / Cybersecurity
Secondary: Developer Tools, Business Intelligence, Infrastructure, Monitoring
Tags: security, dns, ssl, api, msp, compliance, cyber-insurance, domain, scanning, headers, dmarc, spf, ports

Website

https://compliancelayer.net

API Base URL

https://compliancelayer.net/api

Documentation URL

https://compliancelayer.net/docs

OpenAPI Spec URL

https://compliancelayer.net/api/openapi.json

Support Email

robert@compliancelayer.net

Public Test API Key (rate limited — 5 scans/hr per IP)

cl_pub_YeiV6xHoTcBlOFrgCrIfVYlUoeYBSEyVl65d8bCQIlo

---

Pricing Tiers (adjust per platform's fee structure)

Direct pricing (compliancelayer.net)

Tier	Price	Scans/month
Free	$0	10
Starter	$99/mo	100
Professional	$249/mo	500
Enterprise	$599/mo	1,500

APILayer pricing (you keep 85%)

Tier	List Price	Scans/month
Free	$0	10
Basic	$49/mo	100
Pro	$149/mo	500
Business	$399/mo	1,500

Zyla / ApyHub / others (adjust as needed)

Tier	Price	Scans/month
Free	$0	10
Basic	$29/mo	50
Pro	$99/mo	200
Ultra	$249/mo	750

---

Code Examples

Python

import requests
import time

API_KEY = "your_api_key_here"
BASE_URL = "https://compliancelayer.net/api"

headers = {"Authorization": f"Bearer {API_KEY}"}

# Submit scan
response = requests.post(
    f"{BASE_URL}/v1/scan/",
    json={"domain": "example.com"},
    headers=headers
)
job_id = response.json()["job_id"]
print(f"Scan submitted: {job_id}")

# Poll for results
while True:
    result = requests.get(f"{BASE_URL}/v1/scan/jobs/{job_id}", headers=headers).json()
    if result["status"] == "complete":
        print(f"Grade: {result['grade']} ({result['score']}/100)")
        print(f"Findings: {len(result.get('findings', []))}")
        break
    time.sleep(3)

JavaScript / Node.js

const API_KEY = 'your_api_key_here';
const BASE_URL = 'https://compliancelayer.net/api';

async function scanDomain(domain) {
  const headers = { 'Authorization': `Bearer ${API_KEY}`, 'Content-Type': 'application/json' };

  // Submit scan
  const submit = await fetch(`${BASE_URL}/v1/scan/`, {
    method: 'POST',
    headers,
    body: JSON.stringify({ domain })
  });
  const { job_id } = await submit.json();

  // Poll for results
  while (true) {
    await new Promise(r => setTimeout(r, 3000));
    const result = await fetch(`${BASE_URL}/v1/scan/jobs/${job_id}`, { headers }).then(r => r.json());
    if (result.status === 'complete') {
      console.log(`Grade: ${result.grade} (${result.score}/100)`);
      return result;
    }
  }
}

scanDomain('example.com').then(console.log);

cURL

# Submit scan
JOB_ID=$(curl -s -X POST https://compliancelayer.net/api/v1/scan/ \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"domain": "example.com"}' | jq -r '.job_id')

echo "Job: $JOB_ID"

# Poll for result
curl -s "https://compliancelayer.net/api/v1/scan/jobs/$JOB_ID" \
  -H "Authorization: Bearer YOUR_API_KEY" | jq '{grade, score, findings: [.findings[].title]}'

No-Auth Free Scan (no API key needed)

curl -s -X POST https://compliancelayer.net/api/v1/scan/free \
  -H "Content-Type: application/json" \
  -d '{"domain": "example.com"}' | jq '{grade, score, top_findings: [.top_findings[].title]}'

---

APILayer Specific — Application Notes

Apply at: https://marketplace.apilayer.com → "Submit Your API"

What they check:

• Live endpoint responding in < 2s ✅
• OpenAPI/Swagger spec available ✅ (https://compliancelayer.net/api/openapi.json)
• Proper error responses ✅
• Stable uptime ✅ (Vultr Miami, 3 worker replicas)

Application pitch (their intake form):

ComplianceLayer is an external security scanning API for MSPs and developers. One API call returns a complete domain security posture: DNS, SSL, open ports, HTTP headers, email authentication, and blacklist status — everything cyber insurance carriers check during renewal. 13 scanner categories, structured JSON output, PDF reports. Free tier included. We're positioned as the affordable alternative to enterprise TPRM tools (BitSight: $30K+/yr, SecurityScorecard: $26K+/yr). $0.99/scan, no sales call, API-first.

---

Zyla API Hub Specific

Submit at: https://zylalabs.com → "Publish your API"

Category: Security & Cybersecurity
Subcategory: Domain Security / Infrastructure Monitoring

---

ApyHub Specific

Submit at: https://apyhub.com → "Submit API"

Focus for their audience: Utility/automation angle — MSP technicians building workflows

"Replace 4 manual security tools (MXToolbox, SSL Labs, Shodan, SecurityHeaders.com) with one API call. Automates domain security checks for PSA integrations, client onboarding workflows, and compliance reporting."

---

Postman API Network

Steps:

1. Import /tmp/compliancelayer-postman-collection.json into Postman
2. Create public workspace: "ComplianceLayer"
3. Publish collection to workspace
4. Share to Postman API Network with tags: security, dns, ssl, msp, compliance
5. Add link to compliancelayer.net/docs

Collection file location: /tmp/compliancelayer-postman-collection.json
(Also copy to: /Users/gigabob/clawd/compliancelayer/docs/postman-collection.json)

---

Updated: 2026-03-25

---

Built by ComplianceLayer — scan any domain for security compliance in seconds. Get your free API key.