API Reference

Overview

The PentestPad API is a RESTful API that allows you to programmatically interact with your PentestPad instance. You can manage projects, findings, teams, and perform bulk operations like CSV imports.

Base URL

https://your-instance.pentestpad.com/api/v1

Features

• Full CRUD Operations - Complete create, read, update, delete operations for all resources
• Team Management - List teams and filter resources by team
• Project Management - Create, update, clone, and manage project lifecycles
• Finding Management - Comprehensive vulnerability tracking and management
• CSV Import - Bulk import findings from CSV files with field mapping
• Consistent Responses - Standardized JSON responses across all endpoints
• Error Handling - Detailed error messages and validation feedback

Supported Resources

Getting Started

1. Generate API Key - Create an API key from your PentestPad dashboard
2. Choose Base URL - Use your instance's API endpoint
3. Set Authentication - Include your API key in request headers
4. Make Requests - Start with a simple GET request to list projects

Quick Example

curl -H "Authorization: Bearer your_api_key" \
     https://your-instance.pentestpad.com/api/v1/projects

Response Format

All API endpoints return JSON responses in a consistent format:

Success Response

{
  "success": true,
  "message": "Operation completed successfully",
  "data": {
    // Response data
  }
}

Error Response

{
  "success": false,
  "message": "Error description",
  "errors": {
    // Validation errors (if applicable)
  }
}

HTTP Status Codes

Rate Limiting

API requests are rate-limited per API key. The specific limits depend on your instance configuration. Contact your administrator for details.

Need Help?

• Authentication Issues - Check the Authentication Guide
• Project Management - See Projects API
• Finding Management - See Findings API
• Template Management - See Templates API
• Bulk Import - See CSV Import Guide
• Code Examples - Check API Examples