Pentests

List pentests

GET /api/pentests

Returns all pentests for the authenticated user's organization.

Response 200 OK

Response
[
  {
    "id": "clx123...",
    "domain": "example.com",
    "status": "completed",
    "scanType": "full",
    "createdAt": "2025-03-15T10:00:00Z",
    "completedAt": "2025-03-15T10:45:00Z"
  }
]

Create a pentest

POST /api/pentests

Starts a new penetration test. Requires a verified domain and available credits.

Request body

FieldTypeRequiredDescription
domainstringYesTarget domain (must be verified)
scanTypestringNo"full" (default) or "quick"
whiteBoxbooleanNoEnable white-box testing

Response 201 Created

Response
{
  "id": "clx456...",
  "domain": "example.com",
  "status": "queued",
  "scanType": "full"
}

Get pentest details

GET /api/pentests/:id

Returns detailed results for a specific pentest, including findings.

Response 200 OK

Response
{
  "id": "clx123...",
  "domain": "example.com",
  "status": "completed",
  "findings": [
    {
      "severity": "high",
      "title": "SQL Injection in login form",
      "tool": "sqlmap",
      "description": "..."
    }
  ]
}

Delete a pentest

DELETE /api/pentests/:id

Permanently deletes a pentest and its results. This action cannot be undone.

Response 204 No Content

Download PDF report

GET /api/pentests/:id/report

Downloads the full pentest report as a PDF file.

Response 200 OK with Content-Type: application/pdf

Download attestation letter

GET /api/pentests/:id/attestation

Downloads the signed attestation letter for compliance purposes.

Response 200 OK with Content-Type: application/pdf

Previous

Authentication

Next

Credits

On this page