API Reference
The PentestPad API is a RESTful API that allows you to programmatically interact with your PentestPad instance. You can manage projects, findings, teams, and perform bulk operations like CSV imports.
Base URL
Section titled “Base URL”https://your-instance.pentestpad.com/api/v1Features
Section titled “Features”- Full CRUD Operations - Complete create, read, update, delete operations for all resources
- Team Management - List teams and filter resources by team
- Project Management - Create, update, clone, and manage project lifecycles
- Finding Management - Comprehensive vulnerability tracking and management
- CSV Import - Bulk import findings from CSV files with field mapping
- Consistent Responses - Standardized JSON responses across all endpoints
- Error Handling - Detailed error messages and validation feedback
Supported Resources
Section titled “Supported Resources”| Resource | Description | Operations |
|---|---|---|
| Teams | Team management and statistics | List, View, Stats |
| Projects | Project lifecycle management | CRUD, Clone, Status, Restore |
| Clients | Client and contact management | CRUD, User management, Invitations |
| Findings | Vulnerability management | CRUD, Templates, Bulk operations |
| Templates | Vulnerability and executive summary templates | CRUD, CSV Import |
| CSV Import | Bulk data import | Import, Field mapping |
Getting Started
Section titled “Getting Started”- Generate API Key - Create an API key from your PentestPad dashboard
- Choose Base URL - Use your instance’s API endpoint
- Set Authentication - Include your API key in request headers
- Make Requests - Start with a simple GET request to list projects
Quick Example
Section titled “Quick Example”curl -H "Authorization: Bearer your_api_key" \ https://your-instance.pentestpad.com/api/v1/projectsResponse Format
Section titled “Response Format”All API endpoints return JSON responses in a consistent format:
Success Response
Section titled “Success Response”{ "success": true, "message": "Operation completed successfully", "data": { // Response data }}Error Response
Section titled “Error Response”{ "success": false, "message": "Error description", "errors": { // Validation errors (if applicable) }}HTTP Status Codes
Section titled “HTTP Status Codes”| Code | Description |
|---|---|
200 | Success |
201 | Created |
422 | Validation Error |
403 | Forbidden |
404 | Not Found |
500 | Internal Server Error |
Rate Limiting
Section titled “Rate Limiting”API requests are rate-limited per API key. The specific limits depend on your instance configuration. Contact your administrator for details.
Need Help?
Section titled “Need Help?”- Authentication Issues - Check the Authentication Guide
- Project Management - See Projects API
- Client Management - See Clients API
- Finding Management - See Findings API
- Template Management - See Templates API
- Bulk Import - See CSV Import Guide
- Code Examples - Check API Examples