Get Started in 3 Steps
Go from sign-up to your first analysis report in under five minutes.
Create an Account
Sign up with email or SSO. A 14-day free trial starts automatically with full API access.
Create accountGenerate an API Key
Navigate to Settings and create a key with the scopes you need: read, write, or admin.
See auth docsSubmit Your First Binary
POST your binary to the analysis endpoint. 228 engines process it across 12 phases.
View endpointAuthentication
All API requests require a Bearer token in the Authorization header. Generate keys from your dashboard at /settings/api-keys.
Scopes
read, write, admin
Keys are scoped to specific permissions
Storage
SHA-256 hashed
Full key shown only once at creation
Prefixes
b2e_live_ / b2e_test_
Production and sandbox environments
Endpoints
The B2E API provides 11 endpoints for binary analysis, status tracking, and report retrieval.
/api/v1/analysisRequires authenticationSubmit a binary for analysis. Returns a job ID for polling.
curl -X POST https://api.binary2english.com/api/v1/analysis \
-H "Authorization: Bearer b2e_live_your_key_here" \
-F "[email protected]" \
-F "output_formats=[\"pdf\",\"json\"]" \
-F "dynamic_analysis=false"/api/v1/analysis/{job_id}Requires authenticationGet the current status of an analysis including phase progress and engine counts.
curl https://api.binary2english.com/api/v1/analysis/job_a1b2c3d4e5 \
-H "Authorization: Bearer b2e_live_your_key_here"/api/v1/analysis/{job_id}/reportRequires authenticationRetrieve the full analysis report. Supports ?format=json|pdf|docx|sarif.
/api/v1/analysis/{job_id}/report/section/{n}Requires authenticationRetrieve a single report section (1-24). Useful for dashboard integrations.
/api/v1/analysis/{job_id}/vulnerabilitiesRequires authenticationVulnerability findings with CVE matches, CWE classifications, and severity scores.
/api/v1/analysis/{job_id}/provenanceRequires authenticationComplete provenance chain with cryptographic signatures for audit verification.
/api/v1/validateRequires authenticationQuick pre-screen: runs Phase 1 only. Returns format, architecture, and basic threat indicators in under 5 seconds.
/api/v1/analysesRequires authenticationList all analyses with pagination, filtering by status/format/architecture/date, and sorting.
/api/v1/analysis/{job_id}Requires authenticationPermanently delete an analysis and all associated data. Requires admin scope.
/api/v1/usageRequires authenticationCurrent billing period metrics: API calls, analyses, storage, rate limit status.
/api/v1/healthSystem status: engine availability, queue depth, average processing time.
Rate Limits
Limits are enforced per API key. Upgrade your plan for higher throughput.
| Tier | Requests / min | Analyses / mo | Concurrent Jobs |
|---|---|---|---|
| Starter | 60 | 10 | 2 |
| Professional | 300 | 100 | 10 |
| Enterprise | Custom | Unlimited | Custom |
Rate limit headers are included in every response: X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset. When exceeded: HTTP 429 with Retry-After header.
Response Format
All responses follow a consistent envelope structure for predictable parsing.
1 {
2 "status": "success",
3 "data": { ... },
4 "meta": {
5 "request_id": "req_uuid",
6 "timestamp": "2026-03-20T...",
7 "api_version": "v1"
8 }
9 } 1 {
2 "status": "error",
3 "error": {
4 "code": "analysis_not_found",
5 "message": "No analysis found.",
6 "docs_url": "https://docs..."
7 },
8 "meta": { ... }
9 }Ready to integrate?
Create a free account, generate an API key, and submit your first binary in minutes.
Analysis Profiles
Each profile runs the same 228-engine pipeline but produces a report tailored to a specific practitioner — different section ordering, language register, verdict logic, and detection items.
Is this binary malicious?
Where are the bugs?
Is this device secure?
Can we trust every component?
What do we block right now?
Does it meet compliance?
What tech does this implement?
Can this be certified?
Who built this?
Does this match release config?