diff --git a/util/secscan/api.py b/util/secscan/api.py
index 73eaa5f4c..5755134e1 100644
--- a/util/secscan/api.py
+++ b/util/secscan/api.py
@@ -242,24 +242,19 @@ class SecurityScannerAPI(object):
     if security_config is None:
       raise Exception('Cannot call unconfigured security system')
 
-    api_url = urljoin(security_config['ENDPOINT'], '/' + security_config['API_VERSION']) + '/'
-    url = urljoin(api_url, relative_url)
-
     client = self.config['HTTPCLIENT']
     headers = {'Connection': 'close'}
-    timeout = security_config.get('API_TIMEOUT_SECONDS', 1)
-    post_timeout = security_config.get('API_TIMEOUT_POST_SECONDS', 480)
+
+    timeout = security_config['API_TIMEOUT_SECONDS']
+    endpoint = security_config['ENDPOINT']
+    if method != 'GET':
+      timeout = security_config.get('API_BATCH_TIMEOUT_SECONDS', timeout)
+      endpoint = security_config.get('ENDPOINT_BATCH', endpoint)
+
+    api_url = urljoin(endpoint, '/' + security_config['API_VERSION']) + '/'
+    url = urljoin(api_url, relative_url)
 
     with CloseForLongOperation(self.config):
-      if method == 'POST':
-        logger.debug('POSTing security URL %s', url)
-        return client.post(url, json=body, params=params, timeout=post_timeout, cert=self._keys,
-                           verify=self._certificate, headers=headers)
-      elif method == 'DELETE':
-        logger.debug('DELETEing security URL %s', url)
-        return client.delete(url, params=params, timeout=timeout, cert=self._keys,
-                             verify=self._certificate, headers=headers)
-      else:
-        logger.debug('GETing security URL %s', url)
-        return client.get(url, params=params, timeout=timeout, cert=self._keys,
-                          verify=self._certificate, headers=headers)
+      logger.debug('%sing security URL %s', method.upper(), url)
+      return client.request(method, url, json=body, params=params, timeout=timeout,
+                            cert=self._keys, verify=self._certificate, headers=headers)