This guide shows you how to trigger a manual scan on a server. There are two ways to do this: through the Monarx web app, or via the Monarx API.
Prerequisites
Access to app.monarx.com with permissions to view server agents.
Manual scans are limited to Monarx hosting partners — see Can I Trigger a Malware Scan from the Monarx cPanel Plugin? if you're not a direct Monarx customer.
Method 1: Via the Monarx Web App
1. Navigate to the server's agent page
Go to Dashboard > Server Agents, then select the server you want to scan.
2. Open the Scans tab
In the right sidebar, click the Scans tab. This shows details of the last scan, including:
Number of users scanned
Scan type
Status
Files scanned
Start time and end time
Total scan duration
3. Start a manual scan
Below the last scan details, find the Manual Scans card. Enter the full path you want to scan, then click Scan. That's all that's needed to kick off the scan.
Method 2: Via the Monarx API
📚 Full API Documentation can be found https://api.monarx.com/docs/#/scan-request.
The scan-request endpoint lets you submit an on-demand scan programmatically — useful for scripting or integrating scans into your own tooling.
1. Authenticate
Every request needs both API key headers:
Header | Value |
| Your API Key ID |
| Your API Secret Key |
See Provisioning API Keys if you need to generate a key pair. The key must have the scan_request:create scope to submit a scan, and scan_request:read to check its status.
2. Submit the scan request
POST https://api.monarx.com/v1/enterprise/{enterprise_id}/agent/{agent_id}/scan-request
Path parameters:
enterprise_id— your Enterprise IDagent_id— the Agent ID of the server you want to scan
Request body:
{ "directory": "/path/to/directory/" }
Example (curl):
curl -X POST "https://api.monarx.com/v1/enterprise/YOUR_ENTERPRISE_ID/agent/YOUR_AGENT_ID/scan-request" \ -H "x-api-id: YOUR_API_KEY_ID" \ -H "x-api-key: YOUR_API_SECRET_KEY" \ -H "Content-Type: application/json" \ -d '{"directory": "/home/example/public_html/"}'
A successful request returns 202 Accepted with the new scan request record:
{
"id": "string",
"audit_created": "2026-07-14T18:44:21.078Z",
"audit_modified": "2026-07-14T18:44:21.078Z",
"enterprise_id": "string",
"host_id": "server1.hoster.com",
"directory": "/path/to/directory/",
"status": "requested",
"_links": {
"self": {
"href": "https://api.monarx.com/v1/enterprise/{enterprise_id}/agent/{agent_id}/scan-request/{id}"
}
}
}Save the id from the response — you'll need it to check on the scan's progress.
3. Check scan status
GET https://api.monarx.com/v1/enterprise/{enterprise_id}/agent/{agent_id}/scan-request/{id}
Example (curl):
curl -X GET "https://api.monarx.com/v1/enterprise/YOUR_ENTERPRISE_ID/agent/YOUR_AGENT_ID/scan-request/SCAN_REQUEST_ID" \ -H "x-api-id: YOUR_API_KEY_ID" \ -H "x-api-key: YOUR_API_SECRET_KEY"
Returns 200 OK with the current record, including scan results once complete:
{ "id": "string", "audit_created": "2026-07-14T18:44:21.084Z", "audit_modified": "2026-07-14T18:44:21.084Z", "enterprise_id": "string", "host_id": "server1.hoster.com", "directory": "/path/to/directory/", "status": "requested", "error": null, "scan_result": { "start": "2026-07-14T18:44:21.084Z", "end": "2026-07-14T18:44:21.084Z", "duration": 0, "files": 0 }, "_links": { "self": { "href": "https://api.monarx.com/v1/enterprise/{enterprise_id}/agent/{agent_id}/scan-request/{id}" } } }Poll this endpoint until status moves past requested and scan_result is populated with start, end, duration, and files scanned.
Common API errors
Code | Meaning |
| Missing or invalid |
| The API key is valid but lacks the required |
Reviewing Scan Results
If the scan finds anything, results surface in Dashboard > Files. Filter by path, agent_id, or both to narrow down to the server/path you just scanned.
If a suspected malware file doesn't appear in the results
If you expected a specific file to be flagged as malware but it isn't listed under Dashboard > Files, please submit a false negative or upload a sample so our team can review it.
Still Having Issues?
Contact Monarx support via live chat if you're unable to trigger a scan or have questions about the results.
