Credits

List credits

GET /api/v2/credits

Returns all credits for your account. Use the optional status query parameter to filter by credit status.

Query parameters

ParameterTypeRequiredDescription
statusstringNoFilter by status: available, used, expired, or scheduled

Response 200 OK

[
  {
    "id": "cred_001",
    "sourceType": "subscription",
    "status": "available",
    "createdAt": "2026-01-01T00:00:00Z",
    "usedAt": null,
    "expiresAt": "2027-01-01T00:00:00Z"
  },
  {
    "id": "cred_002",
    "sourceType": "one_time",
    "status": "used",
    "createdAt": "2026-01-15T10:30:00Z",
    "usedAt": "2026-02-01T14:00:00Z",
    "expiresAt": "2027-01-15T10:30:00Z"
  }
]

Get credit balance

GET /api/v2/credits/balance

Returns aggregated credit counts for your account. This is the fastest way to check how many credits you have available.

Response 200 OK

{
  "available": 8,
  "used": 4,
  "expired": 0,
  "expiringSoon": 2,
  "total": 12
}
FieldDescription
availableCredits ready to use
usedCredits consumed by completed pentests
expiredCredits that passed their 1-year expiry date
expiringSoonAvailable credits expiring within 30 days
totalSum of available, used, and expired

Consume a credit

POST /api/v2/credits/{id}/use

Consume a specific credit to start a pentest against a target. The target's domain must be verified.

Request body

FieldTypeRequiredDescription
targetIdstringYesThe ID of the target to pentest

Response 200 OK

{
  "scanId": "scan_abc123"
}

Error responses

StatusCondition
400Credit is not in available status
400Domain verification has expired
400Missing targetId in request body
404Credit not found
404Target not found

Each pentest consumes one credit. Credits are consumed using FIFO order (oldest first) when no specific credit ID is provided. All credits expire 1 year from the date of purchase.

Previous

Pentests

Next

Domains

On this page