affinda
Integrates with Affinda's document AI API to extract structured data from various document types using machine learning.
Install this skill
Security score
The affinda skill was audited on Feb 12, 2026 and we found 28 security issues across 2 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Curl to non-GitHub URL
| 123 | curl -X POST https://api.affinda.com/v3/documents \ |
Webhook reference - potential data exfiltration
| 3 | description: Integrate with Affinda's document AI API to extract structured data from documents (invoices, resumes, receipts, contracts, and custom types). Covers authentication, client libraries (Pyt |
Webhook reference - potential data exfiltration
| 25 | | **Workspace** | Logical container for documents. Scopes permissions, webhooks, and processing settings. | |
Webhook reference - potential data exfiltration
| 278 | ### 3. Asynchronous with Webhooks (recommended for production) |
Webhook reference - potential data exfiltration
| 280 | Upload the document, then receive a webhook notification when processing completes. This is the most efficient pattern for production systems. |
Webhook reference - potential data exfiltration
| 286 | # 2. Receive webhook at your endpoint when ready |
Webhook reference - potential data exfiltration
| 288 | doc = client.get_document(identifier_from_webhook) |
Webhook reference - potential data exfiltration
| 293 | See the [Webhooks section](#webhooks) below for setup details. |
Webhook reference - potential data exfiltration
| 337 | ## Webhooks |
Webhook reference - potential data exfiltration
| 339 | Affinda uses RESTHooks -- webhook subscriptions managed via REST API. Webhooks can be scoped to an organization or workspace. |
Webhook reference - potential data exfiltration
| 358 | 3. **Receive** -- Affinda sends webhook payloads to your endpoint. Respond `200` to acknowledge. |
Webhook reference - potential data exfiltration
| 362 | Enable payload signing via Organization Settings -> Webhook Signature Key. Incoming webhooks include an `X-Hook-Signature` header (`<timestamp>.<signature>`). Verify using HMAC-SHA256: |
Webhook reference - potential data exfiltration
| 367 | def verify_webhook(request, sig_key: bytes) -> bool: |
Webhook reference - potential data exfiltration
| 378 | ### Webhook Payload |
Webhook reference - potential data exfiltration
| 403 | Full webhook docs: <https://docs.affinda.com/reference/webhooks> |
Webhook reference - potential data exfiltration
| 457 | ### Webhooks |
Webhook reference - potential data exfiltration
| 476 | | Pattern | Description | Webhook Event | |
Webhook reference - potential data exfiltration
| 565 | - **[Upload Options](https://docs.affinda.com/reference/upload-options)** -- Sync, async polling, and webhook patterns. |
Webhook reference - potential data exfiltration
| 568 | - **[Webhooks](https://docs.affinda.com/reference/webhooks)** -- Webhook setup, events, signature verification. |
External URL reference
| 15 | OpenAPI spec: <https://api.affinda.com/static/v3/api_spec.yaml> |
External URL reference
| 39 | | Australia (Global) | `https://api.affinda.com` | `https://app.affinda.com` | |
External URL reference
| 40 | | United States | `https://api.us1.affinda.com` | `https://app.us1.affinda.com` | |
External URL reference
| 41 | | European Union | `https://api.eu1.affinda.com` | `https://app.eu1.affinda.com` | |
External URL reference
| 111 | npm: <https://www.npmjs.com/package/@affinda/affinda> |
External URL reference
| 116 | - **Java**: [Maven repository](https://mvnrepository.com/artifact/com.affinda.api/affinda-api-client) -- [GitHub](https://github.com/affinda/affinda-java) |
External URL reference
| 123 | curl -X POST https://api.affinda.com/v3/documents \ |
External URL reference
| 468 | OpenAPI spec: <https://api.affinda.com/static/v3/api_spec.yaml> |
External URL reference
| 594 | - **[Status](https://status.affinda.com/)** -- Service availability dashboard. |