VeriSpec
Scan
Pricing

Start free. Upgrade when you ship.

Run a free scan to see your score. Upgrade for the full issue list, fix pack, PDF export, recurring scans, team access, and CI monitoring.

Free

One scan to see where you stand.

$0forever
Run a free scan
  • 1 scan (upload or URL)
  • Overall + category scores
  • Top 5 findings
  • Shareable teaser report

Starter

For indie SaaS & API teams.

$99/month
  • 3 API projects
  • 20 scans / month
  • Full findings list
  • HTML / PDF export
  • Fix pack
  • Public readiness badge
Most popular

Growth

For active SaaS & API teams.

$199/month
  • 10 API projects
  • 100 scans / month
  • Scheduled scans + score history
  • Team members
  • Advanced MCP readiness
  • GitHub Action (when available)
  • Priority support

Team

For platform & API teams.

$399/month
  • 25 API projects
  • 500 scans / month
  • Team roles & permissions
  • Public / private reports
  • Custom rules
  • Slack alerts (when available)
  • Jira / Linear export (when available)
Done-for-you audit

We run the audit and hand you a roadmap. Manual review by a founder · Full VeriSpec report · Loom walkthrough · Prioritized API / docs fix roadmap · 30-day follow-up scan.

$999
one-time
Book an audit

Prices in USD. Annual billing and volume plans available on request. Every paid plan includes evidence-backed findings, the fix pack, and shareable reports.

FAQ

Answers for skeptical developers

Positioning

VeriSpec is an API readiness and design auditor. It flags agent-safety and permission-design gaps — it is not a penetration test, threat model, or runtime security tool.

What does VeriSpec actually check?

Deterministic checks across eight categories: spec validity, schema quality, endpoint intent & naming, examples & docs coverage, auth/permissions/rate limits, errors & recovery, agent safety & side effects, and MCP/tool-call readiness. Each finding points to an exact location in your spec.

Is this a security scanner or penetration test?

No. VeriSpec is an API readiness and design auditor. It can flag safety and permission-design gaps that matter for AI-agent usage, but it is not a replacement for penetration testing, threat modeling, or runtime API security tooling.

Do I need to provide API keys?

No. The scanner reads your OpenAPI spec and public docs. We never call your protected endpoints, and we don't require credentials for a scan.

What can I scan?

Upload an OpenAPI JSON or YAML file, upload a Postman collection JSON file, paste a URL to a spec, or paste a public docs/Postman Documenter URL. GitHub import and MCP manifests are on the roadmap.

What is MCP readiness?

Model Context Protocol turns API operations into agent tools. VeriSpec grades whether your operations can become clean, safe MCP tools — clear names, complete input schemas, typed responses, and approval boundaries for dangerous actions.

Are my reports private?

Yes. Reports are private by default. You explicitly opt in to generate a shareable public link or an embeddable readiness badge, and you can keep detailed findings hidden.

Audit your API before AI agents do.

Run a free readiness scan in minutes. Get a score, the exact gaps, and a fix plan your team can ship.

Run a free scan View sample report