{ "item": [ { "name": "scans", "description": "", "item": [ { "id": "c6965634-f9d4-4243-8fb0-829f876c1904", "name": "List scans", "request": { "name": "List scans", "description": { "content": "Returns scans for the workspace, newest first.", "type": "text/plain" }, "url": { "path": [ "scans" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "Maximum items per page (1-100, default 25).", "type": "text/plain" }, "key": "limit", "value": "25" }, { "disabled": false, "description": { "content": "Opaque pagination cursor returned by a prior call.", "type": "text/plain" }, "key": "cursor", "value": "" }, { "disabled": false, "description": { "content": "Filter by scan status. (This can only be one of queued,running,completed,failed,canceled)", "type": "text/plain" }, "key": "status", "value": "canceled" } ], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" } ], "method": "GET", "body": {}, "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{bearerToken}}" } ] } }, "response": [ { "id": "107876cf-4101-4962-9225-b7f4508a252c", "name": "Page of scans.", "originalRequest": { "url": { "path": [ "scans" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "Maximum items per page (1-100, default 25).", "type": "text/plain" }, "key": "limit", "value": "25" }, { "disabled": false, "description": { "content": "Opaque pagination cursor returned by a prior call.", "type": "text/plain" }, "key": "cursor", "value": "" }, { "disabled": false, "description": { "content": "Filter by scan status. (This can only be one of queued,running,completed,failed,canceled)", "type": "text/plain" }, "key": "status", "value": "canceled" } ], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "OK", "code": 200, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"data\": [\n {\n \"id\": \"\",\n \"target_hostname\": \"\",\n \"target_verification_id\": \"\",\n \"scan_type\": \"compliance\",\n \"status\": \"canceled\",\n \"vulnerability_counts\": {\n \"critical\": \"\",\n \"high\": \"\",\n \"medium\": \"\",\n \"low\": \"\",\n \"info\": \"\"\n },\n \"created_at\": \"\",\n \"pentagi_flow_id\": \"\",\n \"started_at\": \"\",\n \"completed_at\": \"\",\n \"duration_seconds\": \"\",\n \"error_message\": \"\",\n \"report_url\": \"\",\n \"report_pdf_url\": \"\"\n },\n {\n \"id\": \"\",\n \"target_hostname\": \"\",\n \"target_verification_id\": \"\",\n \"scan_type\": \"quick\",\n \"status\": \"running\",\n \"vulnerability_counts\": {\n \"critical\": \"\",\n \"high\": \"\",\n \"medium\": \"\",\n \"low\": \"\",\n \"info\": \"\"\n },\n \"created_at\": \"\",\n \"pentagi_flow_id\": \"\",\n \"started_at\": \"\",\n \"completed_at\": \"\",\n \"duration_seconds\": \"\",\n \"error_message\": \"\",\n \"report_url\": \"\",\n \"report_pdf_url\": \"\"\n }\n ],\n \"next_cursor\": \"\",\n \"total\": \"\"\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "e62b06d8-faa1-44d6-a207-4337eabd7cef", "name": "Missing or invalid API key.", "originalRequest": { "url": { "path": [ "scans" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "Maximum items per page (1-100, default 25).", "type": "text/plain" }, "key": "limit", "value": "25" }, { "disabled": false, "description": { "content": "Opaque pagination cursor returned by a prior call.", "type": "text/plain" }, "key": "cursor", "value": "" }, { "disabled": false, "description": { "content": "Filter by scan status. (This can only be one of queued,running,completed,failed,canceled)", "type": "text/plain" }, "key": "status", "value": "canceled" } ], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Unauthorized", "code": 401, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"code\": \"\",\n \"message\": \"\",\n \"request_id\": \"\",\n \"details\": null\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "99fb8571-13b5-49c7-8014-8dee1d7c7c85", "name": "API key lacks the required scope.", "originalRequest": { "url": { "path": [ "scans" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "Maximum items per page (1-100, default 25).", "type": "text/plain" }, "key": "limit", "value": "25" }, { "disabled": false, "description": { "content": "Opaque pagination cursor returned by a prior call.", "type": "text/plain" }, "key": "cursor", "value": "" }, { "disabled": false, "description": { "content": "Filter by scan status. (This can only be one of queued,running,completed,failed,canceled)", "type": "text/plain" }, "key": "status", "value": "canceled" } ], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Forbidden", "code": 403, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"code\": \"\",\n \"message\": \"\",\n \"request_id\": \"\",\n \"details\": null\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "5b3b2977-a75c-447f-b7dd-be02be68ba5e", "name": "Caller exceeded the per-key rate limit.", "originalRequest": { "url": { "path": [ "scans" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "Maximum items per page (1-100, default 25).", "type": "text/plain" }, "key": "limit", "value": "25" }, { "disabled": false, "description": { "content": "Opaque pagination cursor returned by a prior call.", "type": "text/plain" }, "key": "cursor", "value": "" }, { "disabled": false, "description": { "content": "Filter by scan status. (This can only be one of queued,running,completed,failed,canceled)", "type": "text/plain" }, "key": "status", "value": "canceled" } ], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Too Many Requests", "code": 429, "header": [ { "key": "Content-Type", "value": "application/json" }, { "disabled": false, "description": { "content": "Seconds to wait before retrying.", "type": "text/plain" }, "key": "Retry-After", "value": "" } ], "body": "{\n \"code\": \"\",\n \"message\": \"\",\n \"request_id\": \"\",\n \"details\": null\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "d85fa60e-c168-457c-8b13-e5dcf655b8d5", "name": "Unexpected server error.", "originalRequest": { "url": { "path": [ "scans" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "Maximum items per page (1-100, default 25).", "type": "text/plain" }, "key": "limit", "value": "25" }, { "disabled": false, "description": { "content": "Opaque pagination cursor returned by a prior call.", "type": "text/plain" }, "key": "cursor", "value": "" }, { "disabled": false, "description": { "content": "Filter by scan status. (This can only be one of queued,running,completed,failed,canceled)", "type": "text/plain" }, "key": "status", "value": "canceled" } ], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Internal Server Error", "code": 500, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"code\": \"\",\n \"message\": \"\",\n \"request_id\": \"\",\n \"details\": null\n}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } }, { "id": "8b4d9f00-2be0-402b-bebf-5cdc5478359b", "name": "Create a scan", "request": { "name": "Create a scan", "description": { "content": "Queues a new scan against a verified target. The target hostname\nmust already have a verified `Target` resource in this workspace\n(see `POST /targets` + `POST /targets/{id}/verify`).\n\nToken cost (deducted from the workspace balance on create):\n - `quick` → 1,000 tokens\n - `standard` → 5,000 tokens\n - `compliance`→ 25,000 tokens\n\nIf the workspace has insufficient tokens the call returns 402\nwith the canonical `insufficient_tokens` payload.\n", "type": "text/plain" }, "url": { "path": [ "scans" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "disabled": false, "description": { "content": "Optional client-generated key (recommended UUIDv4, max 255\nchars) that makes a state-changing POST safe to retry. The\nfirst successful response is cached for 24 hours, scoped to\n`(api_key, route, key)`. A replay with the **same** body\nreturns the original response plus header\n`Idempotency-Replay: true` and does not consume tokens or\ncreate a duplicate resource. A replay with a **different**\nbody returns 409 `idempotency_key_conflict`.\n", "type": "text/plain" }, "key": "Idempotency-Key", "value": "" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"target\": \"\",\n \"scan_type\": \"compliance\"\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } }, "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{bearerToken}}" } ] } }, "response": [ { "id": "477acbf7-0fad-47c6-ab73-0ad6463d331d", "name": "Scan accepted and queued. If the request supplied\n`Idempotency-Key`, a successful first response is cached\nfor 24 hours; replays return the same body with header\n`Idempotency-Replay: true`.", "originalRequest": { "url": { "path": [ "scans" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "disabled": false, "description": { "content": "Optional client-generated key (recommended UUIDv4, max 255\nchars) that makes a state-changing POST safe to retry. The\nfirst successful response is cached for 24 hours, scoped to\n`(api_key, route, key)`. A replay with the **same** body\nreturns the original response plus header\n`Idempotency-Replay: true` and does not consume tokens or\ncreate a duplicate resource. A replay with a **different**\nbody returns 409 `idempotency_key_conflict`.\n", "type": "text/plain" }, "key": "Idempotency-Key", "value": "" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"target\": \"\",\n \"scan_type\": \"compliance\"\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Created", "code": 201, "header": [ { "key": "Content-Type", "value": "application/json" }, { "disabled": false, "description": { "content": "Present and equal to `true` when this response was\nserved from the idempotency cache rather than freshly\ncomputed. Absent on the first call.\n", "type": "text/plain" }, "key": "Idempotency-Replay", "value": "" } ], "body": "{\n \"id\": \"\",\n \"target_hostname\": \"\",\n \"target_verification_id\": \"\",\n \"scan_type\": \"standard\",\n \"status\": \"failed\",\n \"vulnerability_counts\": {\n \"critical\": \"\",\n \"high\": \"\",\n \"medium\": \"\",\n \"low\": \"\",\n \"info\": \"\"\n },\n \"created_at\": \"\",\n \"pentagi_flow_id\": \"\",\n \"started_at\": \"\",\n \"completed_at\": \"\",\n \"duration_seconds\": \"\",\n \"error_message\": \"\",\n \"report_url\": \"\",\n \"report_pdf_url\": \"\"\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "b0a64c43-7bc8-4487-a304-c886c9171e17", "name": "Request payload failed validation.", "originalRequest": { "url": { "path": [ "scans" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "disabled": false, "description": { "content": "Optional client-generated key (recommended UUIDv4, max 255\nchars) that makes a state-changing POST safe to retry. The\nfirst successful response is cached for 24 hours, scoped to\n`(api_key, route, key)`. A replay with the **same** body\nreturns the original response plus header\n`Idempotency-Replay: true` and does not consume tokens or\ncreate a duplicate resource. A replay with a **different**\nbody returns 409 `idempotency_key_conflict`.\n", "type": "text/plain" }, "key": "Idempotency-Key", "value": "" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"target\": \"\",\n \"scan_type\": \"compliance\"\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Bad Request", "code": 400, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"code\": \"\",\n \"message\": \"\",\n \"request_id\": \"\",\n \"details\": null\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "68873d29-17be-458f-a167-0f4056837e83", "name": "Missing or invalid API key.", "originalRequest": { "url": { "path": [ "scans" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "disabled": false, "description": { "content": "Optional client-generated key (recommended UUIDv4, max 255\nchars) that makes a state-changing POST safe to retry. The\nfirst successful response is cached for 24 hours, scoped to\n`(api_key, route, key)`. A replay with the **same** body\nreturns the original response plus header\n`Idempotency-Replay: true` and does not consume tokens or\ncreate a duplicate resource. A replay with a **different**\nbody returns 409 `idempotency_key_conflict`.\n", "type": "text/plain" }, "key": "Idempotency-Key", "value": "" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"target\": \"\",\n \"scan_type\": \"compliance\"\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Unauthorized", "code": 401, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"code\": \"\",\n \"message\": \"\",\n \"request_id\": \"\",\n \"details\": null\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "cec44883-0cfb-4ddc-9ba3-1b0e2e660d60", "name": "Workspace token balance is too low to satisfy this request.\nBody includes the canonical `insufficient_tokens` payload.", "originalRequest": { "url": { "path": [ "scans" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "disabled": false, "description": { "content": "Optional client-generated key (recommended UUIDv4, max 255\nchars) that makes a state-changing POST safe to retry. The\nfirst successful response is cached for 24 hours, scoped to\n`(api_key, route, key)`. A replay with the **same** body\nreturns the original response plus header\n`Idempotency-Replay: true` and does not consume tokens or\ncreate a duplicate resource. A replay with a **different**\nbody returns 409 `idempotency_key_conflict`.\n", "type": "text/plain" }, "key": "Idempotency-Key", "value": "" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"target\": \"\",\n \"scan_type\": \"compliance\"\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Payment Required", "code": 402, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"code\": \"\",\n \"message\": \"\",\n \"request_id\": \"\",\n \"details\": {\n \"required\": \"\",\n \"balance\": \"\",\n \"top_up_url\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "9aafcf07-afd4-4125-8ac2-33a7c50f36d0", "name": "API key lacks the required scope.", "originalRequest": { "url": { "path": [ "scans" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "disabled": false, "description": { "content": "Optional client-generated key (recommended UUIDv4, max 255\nchars) that makes a state-changing POST safe to retry. The\nfirst successful response is cached for 24 hours, scoped to\n`(api_key, route, key)`. A replay with the **same** body\nreturns the original response plus header\n`Idempotency-Replay: true` and does not consume tokens or\ncreate a duplicate resource. A replay with a **different**\nbody returns 409 `idempotency_key_conflict`.\n", "type": "text/plain" }, "key": "Idempotency-Key", "value": "" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"target\": \"\",\n \"scan_type\": \"compliance\"\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Forbidden", "code": 403, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"code\": \"\",\n \"message\": \"\",\n \"request_id\": \"\",\n \"details\": null\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "5196848a-78d4-42d5-a236-cd864041239e", "name": "Either the target is not verified\n(`code=target_not_verified`) or the supplied\n`Idempotency-Key` was previously used with a different\nrequest body (`code=idempotency_key_conflict`).", "originalRequest": { "url": { "path": [ "scans" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "disabled": false, "description": { "content": "Optional client-generated key (recommended UUIDv4, max 255\nchars) that makes a state-changing POST safe to retry. The\nfirst successful response is cached for 24 hours, scoped to\n`(api_key, route, key)`. A replay with the **same** body\nreturns the original response plus header\n`Idempotency-Replay: true` and does not consume tokens or\ncreate a duplicate resource. A replay with a **different**\nbody returns 409 `idempotency_key_conflict`.\n", "type": "text/plain" }, "key": "Idempotency-Key", "value": "" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"target\": \"\",\n \"scan_type\": \"compliance\"\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Conflict", "code": 409, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"code\": \"\",\n \"message\": \"\",\n \"request_id\": \"\",\n \"details\": null\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "54cc12f2-ea72-44b5-a3cd-c0e39b068256", "name": "Caller exceeded the per-key rate limit.", "originalRequest": { "url": { "path": [ "scans" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "disabled": false, "description": { "content": "Optional client-generated key (recommended UUIDv4, max 255\nchars) that makes a state-changing POST safe to retry. The\nfirst successful response is cached for 24 hours, scoped to\n`(api_key, route, key)`. A replay with the **same** body\nreturns the original response plus header\n`Idempotency-Replay: true` and does not consume tokens or\ncreate a duplicate resource. A replay with a **different**\nbody returns 409 `idempotency_key_conflict`.\n", "type": "text/plain" }, "key": "Idempotency-Key", "value": "" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"target\": \"\",\n \"scan_type\": \"compliance\"\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Too Many Requests", "code": 429, "header": [ { "key": "Content-Type", "value": "application/json" }, { "disabled": false, "description": { "content": "Seconds to wait before retrying.", "type": "text/plain" }, "key": "Retry-After", "value": "" } ], "body": "{\n \"code\": \"\",\n \"message\": \"\",\n \"request_id\": \"\",\n \"details\": null\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "c9f098bf-1954-42d1-9fde-68a6e1ca0bd3", "name": "Unexpected server error.", "originalRequest": { "url": { "path": [ "scans" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "disabled": false, "description": { "content": "Optional client-generated key (recommended UUIDv4, max 255\nchars) that makes a state-changing POST safe to retry. The\nfirst successful response is cached for 24 hours, scoped to\n`(api_key, route, key)`. A replay with the **same** body\nreturns the original response plus header\n`Idempotency-Replay: true` and does not consume tokens or\ncreate a duplicate resource. A replay with a **different**\nbody returns 409 `idempotency_key_conflict`.\n", "type": "text/plain" }, "key": "Idempotency-Key", "value": "" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"target\": \"\",\n \"scan_type\": \"compliance\"\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Internal Server Error", "code": 500, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"code\": \"\",\n \"message\": \"\",\n \"request_id\": \"\",\n \"details\": null\n}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } }, { "name": "{id}", "description": "", "item": [ { "id": "ef0080ad-48c2-4a8c-aa10-3d3e24c547e6", "name": "Get a scan", "request": { "name": "Get a scan", "description": {}, "url": { "path": [ "scans", ":id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "type": "any", "value": "", "key": "id", "disabled": false, "description": { "content": "(Required) Resource identifier (UUID).", "type": "text/plain" } } ] }, "header": [ { "key": "Accept", "value": "application/json" } ], "method": "GET", "body": {}, "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{bearerToken}}" } ] } }, "response": [ { "id": "8e4cd225-5149-40ab-933e-2891b27166af", "name": "Scan resource.", "originalRequest": { "url": { "path": [ "scans", ":id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Resource identifier (UUID).", "type": "text/plain" }, "type": "any", "value": "", "key": "id" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "OK", "code": 200, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"id\": \"\",\n \"target_hostname\": \"\",\n \"target_verification_id\": \"\",\n \"scan_type\": \"standard\",\n \"status\": \"failed\",\n \"vulnerability_counts\": {\n \"critical\": \"\",\n \"high\": \"\",\n \"medium\": \"\",\n \"low\": \"\",\n \"info\": \"\"\n },\n \"created_at\": \"\",\n \"pentagi_flow_id\": \"\",\n \"started_at\": \"\",\n \"completed_at\": \"\",\n \"duration_seconds\": \"\",\n \"error_message\": \"\",\n \"report_url\": \"\",\n \"report_pdf_url\": \"\"\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "508f90b7-7ae8-4cff-8ffa-02e0d0c3bee0", "name": "Missing or invalid API key.", "originalRequest": { "url": { "path": [ "scans", ":id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Resource identifier (UUID).", "type": "text/plain" }, "type": "any", "value": "", "key": "id" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Unauthorized", "code": 401, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"code\": \"\",\n \"message\": \"\",\n \"request_id\": \"\",\n \"details\": null\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "a4a097e1-5ab1-4176-92f0-ea32dc9079ea", "name": "API key lacks the required scope.", "originalRequest": { "url": { "path": [ "scans", ":id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Resource identifier (UUID).", "type": "text/plain" }, "type": "any", "value": "", "key": "id" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Forbidden", "code": 403, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"code\": \"\",\n \"message\": \"\",\n \"request_id\": \"\",\n \"details\": null\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "67f477f2-7b1a-4d4f-b3be-75c27c01f2e3", "name": "Resource not found in this workspace.", "originalRequest": { "url": { "path": [ "scans", ":id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Resource identifier (UUID).", "type": "text/plain" }, "type": "any", "value": "", "key": "id" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Not Found", "code": 404, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"code\": \"\",\n \"message\": \"\",\n \"request_id\": \"\",\n \"details\": null\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "3bf5da24-071f-48e4-ab74-31eb1553f73a", "name": "Unexpected server error.", "originalRequest": { "url": { "path": [ "scans", ":id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Resource identifier (UUID).", "type": "text/plain" }, "type": "any", "value": "", "key": "id" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Internal Server Error", "code": 500, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"code\": \"\",\n \"message\": \"\",\n \"request_id\": \"\",\n \"details\": null\n}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } }, { "name": "cancel", "description": "", "item": [ { "id": "9eba2bea-d823-4b61-a3da-f9f63bb0d500", "name": "Cancel a running or queued scan", "request": { "name": "Cancel a running or queued scan", "description": { "content": "Transitions a `queued` or `running` scan to `canceled`. No-op /\n409 if the scan is already in a terminal state.\n", "type": "text/plain" }, "url": { "path": [ "scans", ":id", "cancel" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "type": "any", "value": "", "key": "id", "disabled": false, "description": { "content": "(Required) Resource identifier (UUID).", "type": "text/plain" } } ] }, "header": [ { "key": "Accept", "value": "application/json" } ], "method": "POST", "body": {}, "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{bearerToken}}" } ] } }, "response": [ { "id": "658add24-123a-4a2e-bdb3-99c39b39ec5e", "name": "Scan cancellation accepted; updated resource returned.", "originalRequest": { "url": { "path": [ "scans", ":id", "cancel" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Resource identifier (UUID).", "type": "text/plain" }, "type": "any", "value": "", "key": "id" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": {} }, "status": "OK", "code": 200, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"id\": \"\",\n \"target_hostname\": \"\",\n \"target_verification_id\": \"\",\n \"scan_type\": \"standard\",\n \"status\": \"failed\",\n \"vulnerability_counts\": {\n \"critical\": \"\",\n \"high\": \"\",\n \"medium\": \"\",\n \"low\": \"\",\n \"info\": \"\"\n },\n \"created_at\": \"\",\n \"pentagi_flow_id\": \"\",\n \"started_at\": \"\",\n \"completed_at\": \"\",\n \"duration_seconds\": \"\",\n \"error_message\": \"\",\n \"report_url\": \"\",\n \"report_pdf_url\": \"\"\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "ff579ab3-1920-40aa-ab56-5aa660fddc73", "name": "Missing or invalid API key.", "originalRequest": { "url": { "path": [ "scans", ":id", "cancel" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Resource identifier (UUID).", "type": "text/plain" }, "type": "any", "value": "", "key": "id" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": {} }, "status": "Unauthorized", "code": 401, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"code\": \"\",\n \"message\": \"\",\n \"request_id\": \"\",\n \"details\": null\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "4cf47d31-b8b1-4ced-8262-c7e856f94102", "name": "API key lacks the required scope.", "originalRequest": { "url": { "path": [ "scans", ":id", "cancel" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Resource identifier (UUID).", "type": "text/plain" }, "type": "any", "value": "", "key": "id" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": {} }, "status": "Forbidden", "code": 403, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"code\": \"\",\n \"message\": \"\",\n \"request_id\": \"\",\n \"details\": null\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "4bbed8ff-5421-4acf-8632-9d110395c27b", "name": "Resource not found in this workspace.", "originalRequest": { "url": { "path": [ "scans", ":id", "cancel" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Resource identifier (UUID).", "type": "text/plain" }, "type": "any", "value": "", "key": "id" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": {} }, "status": "Not Found", "code": 404, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"code\": \"\",\n \"message\": \"\",\n \"request_id\": \"\",\n \"details\": null\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "08b6c8e5-be79-4f2a-a7ab-74d58980032a", "name": "Scan is in a terminal state and cannot be canceled.", "originalRequest": { "url": { "path": [ "scans", ":id", "cancel" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Resource identifier (UUID).", "type": "text/plain" }, "type": "any", "value": "", "key": "id" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": {} }, "status": "Conflict", "code": 409, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"code\": \"\",\n \"message\": \"\",\n \"request_id\": \"\",\n \"details\": null\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "340d4460-cc02-4b5f-8035-b6f040e2a36b", "name": "Unexpected server error.", "originalRequest": { "url": { "path": [ "scans", ":id", "cancel" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Resource identifier (UUID).", "type": "text/plain" }, "type": "any", "value": "", "key": "id" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": {} }, "status": "Internal Server Error", "code": 500, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"code\": \"\",\n \"message\": \"\",\n \"request_id\": \"\",\n \"details\": null\n}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } } ] }, { "name": "report", "description": "", "item": [ { "id": "2705d69f-d300-499f-8224-dc709d005abe", "name": "Get JSON report", "request": { "name": "Get JSON report", "description": { "content": "Structured report including findings and compliance mapping.", "type": "text/plain" }, "url": { "path": [ "scans", ":id", "report" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "type": "any", "value": "", "key": "id", "disabled": false, "description": { "content": "(Required) Resource identifier (UUID).", "type": "text/plain" } } ] }, "header": [ { "key": "Accept", "value": "application/json" } ], "method": "GET", "body": {}, "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{bearerToken}}" } ] } }, "response": [ { "id": "37cfd3f3-3e34-4615-8c21-b68b29b5df47", "name": "Report.", "originalRequest": { "url": { "path": [ "scans", ":id", "report" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Resource identifier (UUID).", "type": "text/plain" }, "type": "any", "value": "", "key": "id" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "OK", "code": 200, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"scan_id\": \"\",\n \"status\": \"failed\",\n \"finding_counts\": {\n \"critical\": \"\",\n \"high\": \"\",\n \"medium\": \"\",\n \"low\": \"\",\n \"info\": \"\"\n },\n \"total_findings\": \"\",\n \"findings\": [\n {\n \"id\": \"\",\n \"severity\": \"medium\",\n \"title\": \"\",\n \"target\": \"\",\n \"description\": \"\",\n \"evidence_urls\": [\n \"\",\n \"\"\n ],\n \"cve_ids\": [\n \"\",\n \"\"\n ],\n \"created_at\": \"\"\n },\n {\n \"id\": \"\",\n \"severity\": \"info\",\n \"title\": \"\",\n \"target\": \"\",\n \"description\": \"\",\n \"evidence_urls\": [\n \"\",\n \"\"\n ],\n \"cve_ids\": [\n \"\",\n \"\"\n ],\n \"created_at\": \"\"\n }\n ],\n \"scan_type\": \"quick\",\n \"target_hostname\": \"\",\n \"started_at\": \"\",\n \"completed_at\": \"\",\n \"report_url\": \"\",\n \"report_pdf_url\": \"\",\n \"compliance\": {\n \"key_0\": {\n \"status\": \"needs_attention\",\n \"issues\": \"\"\n }\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "6103bb0c-6df3-4ba8-bbe2-1d714587778b", "name": "Missing or invalid API key.", "originalRequest": { "url": { "path": [ "scans", ":id", "report" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Resource identifier (UUID).", "type": "text/plain" }, "type": "any", "value": "", "key": "id" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Unauthorized", "code": 401, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"code\": \"\",\n \"message\": \"\",\n \"request_id\": \"\",\n \"details\": null\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "7a51be08-2d15-4ab0-b2c9-705f6ec15964", "name": "Resource not found in this workspace.", "originalRequest": { "url": { "path": [ "scans", ":id", "report" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Resource identifier (UUID).", "type": "text/plain" }, "type": "any", "value": "", "key": "id" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Not Found", "code": 404, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"code\": \"\",\n \"message\": \"\",\n \"request_id\": \"\",\n \"details\": null\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "bc7f8906-ac3a-49a6-bda6-55254421343f", "name": "Scan has not produced a report yet.", "originalRequest": { "url": { "path": [ "scans", ":id", "report" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Resource identifier (UUID).", "type": "text/plain" }, "type": "any", "value": "", "key": "id" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Conflict", "code": 409, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"code\": \"\",\n \"message\": \"\",\n \"request_id\": \"\",\n \"details\": null\n}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } } ] }, { "name": "report.pdf", "description": "", "item": [ { "id": "018119cc-3e0e-4625-8d8e-63203e1df094", "name": "Get PDF report", "request": { "name": "Get PDF report", "description": { "content": "Binary PDF rendering of the report.", "type": "text/plain" }, "url": { "path": [ "scans", ":id", "report.pdf" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "type": "any", "value": "", "key": "id", "disabled": false, "description": { "content": "(Required) Resource identifier (UUID).", "type": "text/plain" } } ] }, "header": [ { "key": "Accept", "value": "application/pdf" } ], "method": "GET", "body": {}, "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{bearerToken}}" } ] } }, "response": [ { "id": "7d11309b-5dd9-4bd9-a100-3ba327ee011c", "name": "PDF file.", "originalRequest": { "url": { "path": [ "scans", ":id", "report.pdf" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Resource identifier (UUID).", "type": "text/plain" }, "type": "any", "value": "", "key": "id" } ] }, "header": [ { "key": "Accept", "value": "application/pdf" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "OK", "code": 200, "header": [ { "key": "Content-Type", "value": "application/pdf" } ], "body": "", "cookie": [], "_postman_previewlanguage": "text" }, { "id": "f6b77ae0-5b08-4af0-9334-638ffa9d0c32", "name": "Missing or invalid API key.", "originalRequest": { "url": { "path": [ "scans", ":id", "report.pdf" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Resource identifier (UUID).", "type": "text/plain" }, "type": "any", "value": "", "key": "id" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Unauthorized", "code": 401, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"code\": \"\",\n \"message\": \"\",\n \"request_id\": \"\",\n \"details\": null\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "570fde70-bd4a-4f52-9d4f-3fbfb0924118", "name": "Resource not found in this workspace.", "originalRequest": { "url": { "path": [ "scans", ":id", "report.pdf" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Resource identifier (UUID).", "type": "text/plain" }, "type": "any", "value": "", "key": "id" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Not Found", "code": 404, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"code\": \"\",\n \"message\": \"\",\n \"request_id\": \"\",\n \"details\": null\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "f2a58e0a-0fd2-4dc5-a4cc-41b9572273f8", "name": "Scan has not produced a report yet.", "originalRequest": { "url": { "path": [ "scans", ":id", "report.pdf" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Resource identifier (UUID).", "type": "text/plain" }, "type": "any", "value": "", "key": "id" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Conflict", "code": 409, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"code\": \"\",\n \"message\": \"\",\n \"request_id\": \"\",\n \"details\": null\n}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } } ] }, { "name": "findings", "description": "", "item": [ { "id": "10e76b0d-e765-44cf-8c6b-0b3780849ae3", "name": "List findings for a scan", "request": { "name": "List findings for a scan", "description": {}, "url": { "path": [ "scans", ":id", "findings" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "Maximum items per page (1-100, default 25).", "type": "text/plain" }, "key": "limit", "value": "25" }, { "disabled": false, "description": { "content": "Opaque pagination cursor returned by a prior call.", "type": "text/plain" }, "key": "cursor", "value": "" }, { "disabled": false, "description": { "content": "Filter by severity. (This can only be one of critical,high,medium,low,info)", "type": "text/plain" }, "key": "severity", "value": "medium" } ], "variable": [ { "type": "any", "value": "", "key": "id", "disabled": false, "description": { "content": "(Required) Resource identifier (UUID).", "type": "text/plain" } } ] }, "header": [ { "key": "Accept", "value": "application/json" } ], "method": "GET", "body": {}, "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{bearerToken}}" } ] } }, "response": [ { "id": "a4d0ecd7-71a8-4e03-95b8-2b84c8a03cee", "name": "Page of findings.", "originalRequest": { "url": { "path": [ "scans", ":id", "findings" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "Maximum items per page (1-100, default 25).", "type": "text/plain" }, "key": "limit", "value": "25" }, { "disabled": false, "description": { "content": "Opaque pagination cursor returned by a prior call.", "type": "text/plain" }, "key": "cursor", "value": "" }, { "disabled": false, "description": { "content": "Filter by severity. (This can only be one of critical,high,medium,low,info)", "type": "text/plain" }, "key": "severity", "value": "medium" } ], "variable": [ { "disabled": false, "description": { "content": "(Required) Resource identifier (UUID).", "type": "text/plain" }, "type": "any", "value": "", "key": "id" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "OK", "code": 200, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"data\": [\n {\n \"id\": \"\",\n \"severity\": \"high\",\n \"title\": \"\",\n \"target\": \"\",\n \"description\": \"\",\n \"evidence_urls\": [\n \"\",\n \"\"\n ],\n \"cve_ids\": [\n \"\",\n \"\"\n ],\n \"created_at\": \"\"\n },\n {\n \"id\": \"\",\n \"severity\": \"info\",\n \"title\": \"\",\n \"target\": \"\",\n \"description\": \"\",\n \"evidence_urls\": [\n \"\",\n \"\"\n ],\n \"cve_ids\": [\n \"\",\n \"\"\n ],\n \"created_at\": \"\"\n }\n ],\n \"next_cursor\": \"\",\n \"total\": \"\"\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "f54886d1-8bfa-47db-afa7-be7b46e3f7f5", "name": "Missing or invalid API key.", "originalRequest": { "url": { "path": [ "scans", ":id", "findings" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "Maximum items per page (1-100, default 25).", "type": "text/plain" }, "key": "limit", "value": "25" }, { "disabled": false, "description": { "content": "Opaque pagination cursor returned by a prior call.", "type": "text/plain" }, "key": "cursor", "value": "" }, { "disabled": false, "description": { "content": "Filter by severity. (This can only be one of critical,high,medium,low,info)", "type": "text/plain" }, "key": "severity", "value": "medium" } ], "variable": [ { "disabled": false, "description": { "content": "(Required) Resource identifier (UUID).", "type": "text/plain" }, "type": "any", "value": "", "key": "id" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Unauthorized", "code": 401, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"code\": \"\",\n \"message\": \"\",\n \"request_id\": \"\",\n \"details\": null\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "1bbd0ec7-d944-4278-b90b-829228589a9b", "name": "Resource not found in this workspace.", "originalRequest": { "url": { "path": [ "scans", ":id", "findings" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "Maximum items per page (1-100, default 25).", "type": "text/plain" }, "key": "limit", "value": "25" }, { "disabled": false, "description": { "content": "Opaque pagination cursor returned by a prior call.", "type": "text/plain" }, "key": "cursor", "value": "" }, { "disabled": false, "description": { "content": "Filter by severity. (This can only be one of critical,high,medium,low,info)", "type": "text/plain" }, "key": "severity", "value": "medium" } ], "variable": [ { "disabled": false, "description": { "content": "(Required) Resource identifier (UUID).", "type": "text/plain" }, "type": "any", "value": "", "key": "id" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Not Found", "code": 404, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"code\": \"\",\n \"message\": \"\",\n \"request_id\": \"\",\n \"details\": null\n}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } } ] } ] } ] }, { "name": "targets", "description": "", "item": [ { "id": "ecc224ce-b04a-498d-ae39-9bd8d7470ace", "name": "List target verifications", "request": { "name": "List target verifications", "description": {}, "url": { "path": [ "targets" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "Maximum items per page (1-100, default 25).", "type": "text/plain" }, "key": "limit", "value": "25" }, { "disabled": false, "description": { "content": "Opaque pagination cursor returned by a prior call.", "type": "text/plain" }, "key": "cursor", "value": "" } ], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" } ], "method": "GET", "body": {}, "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{bearerToken}}" } ] } }, "response": [ { "id": "2a7cd089-a086-4d80-aa08-ff20928f2f3b", "name": "Page of targets.", "originalRequest": { "url": { "path": [ "targets" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "Maximum items per page (1-100, default 25).", "type": "text/plain" }, "key": "limit", "value": "25" }, { "disabled": false, "description": { "content": "Opaque pagination cursor returned by a prior call.", "type": "text/plain" }, "key": "cursor", "value": "" } ], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "OK", "code": 200, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"data\": [\n {\n \"id\": \"\",\n \"hostname\": \"\",\n \"method\": \"dns_txt\",\n \"status\": \"verified\",\n \"created_at\": \"\",\n \"token\": \"\",\n \"instructions\": {\n \"method\": \"http_file\",\n \"record_name\": \"\",\n \"record_value\": \"\"\n },\n \"verified_at\": \"\",\n \"expires_at\": \"\"\n },\n {\n \"id\": \"\",\n \"hostname\": \"\",\n \"method\": \"http_file\",\n \"status\": \"pending\",\n \"created_at\": \"\",\n \"token\": \"\",\n \"instructions\": {\n \"method\": \"http_file\",\n \"record_name\": \"\",\n \"record_value\": \"\"\n },\n \"verified_at\": \"\",\n \"expires_at\": \"\"\n }\n ],\n \"next_cursor\": \"\",\n \"total\": \"\"\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "4be5c8d7-ab4a-4faf-b078-b429a17312bf", "name": "Missing or invalid API key.", "originalRequest": { "url": { "path": [ "targets" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "Maximum items per page (1-100, default 25).", "type": "text/plain" }, "key": "limit", "value": "25" }, { "disabled": false, "description": { "content": "Opaque pagination cursor returned by a prior call.", "type": "text/plain" }, "key": "cursor", "value": "" } ], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Unauthorized", "code": 401, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"code\": \"\",\n \"message\": \"\",\n \"request_id\": \"\",\n \"details\": null\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "6c7ea75c-af07-47da-9072-cdd04d47424b", "name": "Unexpected server error.", "originalRequest": { "url": { "path": [ "targets" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "Maximum items per page (1-100, default 25).", "type": "text/plain" }, "key": "limit", "value": "25" }, { "disabled": false, "description": { "content": "Opaque pagination cursor returned by a prior call.", "type": "text/plain" }, "key": "cursor", "value": "" } ], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Internal Server Error", "code": 500, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"code\": \"\",\n \"message\": \"\",\n \"request_id\": \"\",\n \"details\": null\n}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } }, { "id": "e8314eb3-44a4-4121-817d-7b4032d1bbf5", "name": "Create a target verification challenge", "request": { "name": "Create a target verification challenge", "description": { "content": "Issues a fresh verification token for the given hostname. The\nresponse includes the exact DNS TXT record or HTTP file the\ncaller must publish before calling `POST /targets/{id}/verify`.\n", "type": "text/plain" }, "url": { "path": [ "targets" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"hostname\": \"\",\n \"method\": \"http_file\"\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } }, "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{bearerToken}}" } ] } }, "response": [ { "id": "2e231749-5e2a-45d4-a894-447e7d2ae510", "name": "Verification challenge issued.", "originalRequest": { "url": { "path": [ "targets" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"hostname\": \"\",\n \"method\": \"http_file\"\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Created", "code": 201, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"id\": \"\",\n \"hostname\": \"\",\n \"method\": \"http_file\",\n \"status\": \"verified\",\n \"created_at\": \"\",\n \"token\": \"\",\n \"instructions\": {\n \"method\": \"http_file\",\n \"record_name\": \"\",\n \"record_value\": \"\"\n },\n \"verified_at\": \"\",\n \"expires_at\": \"\"\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "c12f5c98-b302-4261-a0c0-be21477ce3e0", "name": "Request payload failed validation.", "originalRequest": { "url": { "path": [ "targets" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"hostname\": \"\",\n \"method\": \"http_file\"\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Bad Request", "code": 400, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"code\": \"\",\n \"message\": \"\",\n \"request_id\": \"\",\n \"details\": null\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "d76585b9-688e-4c84-b127-c6168a8cefc9", "name": "Missing or invalid API key.", "originalRequest": { "url": { "path": [ "targets" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"hostname\": \"\",\n \"method\": \"http_file\"\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Unauthorized", "code": 401, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"code\": \"\",\n \"message\": \"\",\n \"request_id\": \"\",\n \"details\": null\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "3194e395-c4ea-4791-92a1-d1f4992fc765", "name": "Unexpected server error.", "originalRequest": { "url": { "path": [ "targets" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"hostname\": \"\",\n \"method\": \"http_file\"\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Internal Server Error", "code": 500, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"code\": \"\",\n \"message\": \"\",\n \"request_id\": \"\",\n \"details\": null\n}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } }, { "name": "{id}", "description": "", "item": [ { "id": "5d62b3a6-d518-4a56-8afb-4892573ebdb7", "name": "Get a target verification", "request": { "name": "Get a target verification", "description": {}, "url": { "path": [ "targets", ":id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "type": "any", "value": "", "key": "id", "disabled": false, "description": { "content": "(Required) Resource identifier (UUID).", "type": "text/plain" } } ] }, "header": [ { "key": "Accept", "value": "application/json" } ], "method": "GET", "body": {}, "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{bearerToken}}" } ] } }, "response": [ { "id": "6b42a98f-2af5-4734-8b87-71c238977f5c", "name": "Target resource.", "originalRequest": { "url": { "path": [ "targets", ":id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Resource identifier (UUID).", "type": "text/plain" }, "type": "any", "value": "", "key": "id" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "OK", "code": 200, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"id\": \"\",\n \"hostname\": \"\",\n \"method\": \"http_file\",\n \"status\": \"verified\",\n \"created_at\": \"\",\n \"token\": \"\",\n \"instructions\": {\n \"method\": \"http_file\",\n \"record_name\": \"\",\n \"record_value\": \"\"\n },\n \"verified_at\": \"\",\n \"expires_at\": \"\"\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "10f14696-c830-489a-91a6-b58de6511af9", "name": "Missing or invalid API key.", "originalRequest": { "url": { "path": [ "targets", ":id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Resource identifier (UUID).", "type": "text/plain" }, "type": "any", "value": "", "key": "id" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Unauthorized", "code": 401, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"code\": \"\",\n \"message\": \"\",\n \"request_id\": \"\",\n \"details\": null\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "a560cd50-1630-4bd4-8210-0d054f180888", "name": "Resource not found in this workspace.", "originalRequest": { "url": { "path": [ "targets", ":id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Resource identifier (UUID).", "type": "text/plain" }, "type": "any", "value": "", "key": "id" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Not Found", "code": 404, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"code\": \"\",\n \"message\": \"\",\n \"request_id\": \"\",\n \"details\": null\n}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } }, { "name": "verify", "description": "", "item": [ { "id": "04682e6d-8469-4977-beb0-d2140d7bb23e", "name": "Trigger verification check", "request": { "name": "Trigger verification check", "description": { "content": "Runs the verification probe (DNS TXT lookup or HTTPS file fetch\non `/.well-known/pentify-verify.txt`) and returns the updated\ntarget. Verification is cached for 30 days on success.\n", "type": "text/plain" }, "url": { "path": [ "targets", ":id", "verify" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "type": "any", "value": "", "key": "id", "disabled": false, "description": { "content": "(Required) Resource identifier (UUID).", "type": "text/plain" } } ] }, "header": [ { "key": "Accept", "value": "application/json" } ], "method": "POST", "body": {}, "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{bearerToken}}" } ] } }, "response": [ { "id": "d8612125-6440-4a2a-8807-c3acb523cf43", "name": "Probe completed; updated target returned.", "originalRequest": { "url": { "path": [ "targets", ":id", "verify" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Resource identifier (UUID).", "type": "text/plain" }, "type": "any", "value": "", "key": "id" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": {} }, "status": "OK", "code": 200, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"id\": \"\",\n \"hostname\": \"\",\n \"method\": \"http_file\",\n \"status\": \"verified\",\n \"created_at\": \"\",\n \"token\": \"\",\n \"instructions\": {\n \"method\": \"http_file\",\n \"record_name\": \"\",\n \"record_value\": \"\"\n },\n \"verified_at\": \"\",\n \"expires_at\": \"\"\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "d44e5161-245e-42b3-98f5-6bae1dcad17a", "name": "Missing or invalid API key.", "originalRequest": { "url": { "path": [ "targets", ":id", "verify" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Resource identifier (UUID).", "type": "text/plain" }, "type": "any", "value": "", "key": "id" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": {} }, "status": "Unauthorized", "code": 401, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"code\": \"\",\n \"message\": \"\",\n \"request_id\": \"\",\n \"details\": null\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "67240953-ecc8-44d2-8a0d-2a8cb8452cee", "name": "Resource not found in this workspace.", "originalRequest": { "url": { "path": [ "targets", ":id", "verify" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Resource identifier (UUID).", "type": "text/plain" }, "type": "any", "value": "", "key": "id" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": {} }, "status": "Not Found", "code": 404, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"code\": \"\",\n \"message\": \"\",\n \"request_id\": \"\",\n \"details\": null\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "2da10877-62b6-4497-8f1c-84f170155585", "name": "Caller exceeded the per-key rate limit.", "originalRequest": { "url": { "path": [ "targets", ":id", "verify" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Resource identifier (UUID).", "type": "text/plain" }, "type": "any", "value": "", "key": "id" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": {} }, "status": "Too Many Requests", "code": 429, "header": [ { "key": "Content-Type", "value": "application/json" }, { "disabled": false, "description": { "content": "Seconds to wait before retrying.", "type": "text/plain" }, "key": "Retry-After", "value": "" } ], "body": "{\n \"code\": \"\",\n \"message\": \"\",\n \"request_id\": \"\",\n \"details\": null\n}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } } ] } ] } ] }, { "name": "usage", "description": "", "item": [ { "id": "451c21ea-6518-44f9-ad2f-fd7acf224074", "name": "Token usage and balance", "request": { "name": "Token usage and balance", "description": { "content": "Returns the current token balance plus a per-operation breakdown\nof the last 30 days of consumption.\n", "type": "text/plain" }, "url": { "path": [ "usage" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" } ], "method": "GET", "body": {}, "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{bearerToken}}" } ] } }, "response": [ { "id": "0cd48a1b-54b5-4952-9bb7-2e18629de667", "name": "Usage snapshot.", "originalRequest": { "url": { "path": [ "usage" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "OK", "code": 200, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"balance\": \"\",\n \"period_start\": \"\",\n \"period_end\": \"\",\n \"breakdown\": {\n \"key_0\": \"\",\n \"key_1\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "08aa50ac-8c07-4a67-b40c-19cf7beab877", "name": "Missing or invalid API key.", "originalRequest": { "url": { "path": [ "usage" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Unauthorized", "code": 401, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"code\": \"\",\n \"message\": \"\",\n \"request_id\": \"\",\n \"details\": null\n}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } } ] }, { "name": "profile", "description": "", "item": [ { "id": "0c65f65e-3740-4f97-9805-ee9d6f3cb894", "name": "Resolve the signed-in user, workspace, and API key", "request": { "name": "Resolve the signed-in user, workspace, and API key", "description": { "content": "Returns the user behind the calling API key, the workspace\n(tenant) the key is bound to, and the key's own metadata. Lets\nclients (notably Pentify Terminal) render \"signed in as\n · \" without a second auth round-trip.\n", "type": "text/plain" }, "url": { "path": [ "profile" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" } ], "method": "GET", "body": {}, "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{bearerToken}}" } ] } }, "response": [ { "id": "857e0f23-be85-4fc6-9f97-26c25ea6f07c", "name": "Profile snapshot.", "originalRequest": { "url": { "path": [ "profile" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "OK", "code": 200, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"user\": {\n \"id\": \"\",\n \"name\": \"\",\n \"email\": \"\",\n \"avatar_url\": \"\"\n },\n \"workspace\": {\n \"id\": \"\",\n \"clerk_org_id\": \"\",\n \"name\": \"\",\n \"plan\": \"solo\"\n },\n \"api_key\": {\n \"id\": \"\",\n \"name\": \"\",\n \"scopes\": [\n \"\",\n \"\"\n ]\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "34eae5e0-8d72-4f88-a204-0cf5c42fa9ee", "name": "Missing or invalid API key.", "originalRequest": { "url": { "path": [ "profile" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Unauthorized", "code": 401, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"code\": \"\",\n \"message\": \"\",\n \"request_id\": \"\",\n \"details\": null\n}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } } ] }, { "name": "workspaces", "description": "", "item": [ { "id": "e65dbd99-7369-4451-afbf-cd1486411c16", "name": "List workspaces accessible to the calling API key's owner", "request": { "name": "List workspaces accessible to the calling API key's owner", "description": { "content": "Returns every Pentify workspace the calling key's owner can access,\nplus the workspace the key is currently paired to. Used by the\nPentify Terminal desktop client to render a workspace switcher.\n\nFor `scope_type='workspace'` keys the list reflects what the key's\ncreator can see (workspace switching is a personal-terminal\nconcept). Clerk organizations that haven't onboarded into Pentify\nare omitted. The current workspace is always returned first.\n", "type": "text/plain" }, "url": { "path": [ "workspaces" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" } ], "method": "GET", "body": {}, "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{bearerToken}}" } ] } }, "response": [ { "id": "af44cb10-e98c-46d8-b0ff-fa5a8f43c9d8", "name": "Workspace list, current first.", "originalRequest": { "url": { "path": [ "workspaces" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "OK", "code": 200, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"current_workspace_id\": \"\",\n \"data\": [\n {\n \"id\": \"\",\n \"clerk_org_id\": \"\",\n \"name\": \"\",\n \"plan\": \"solo\",\n \"role\": \"admin\"\n },\n {\n \"id\": \"\",\n \"clerk_org_id\": \"\",\n \"name\": \"\",\n \"plan\": \"enterprise\",\n \"role\": \"unknown\"\n }\n ]\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "25a3513c-53b2-4ad6-8547-37d786de2d0d", "name": "Missing or invalid API key.", "originalRequest": { "url": { "path": [ "workspaces" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Unauthorized", "code": 401, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"code\": \"\",\n \"message\": \"\",\n \"request_id\": \"\",\n \"details\": null\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "97fc1302-20a1-44f8-be68-6381a5b3e916", "name": "Workspace token balance is too low to satisfy this request.\nBody includes the canonical `insufficient_tokens` payload.", "originalRequest": { "url": { "path": [ "workspaces" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Payment Required", "code": 402, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"code\": \"\",\n \"message\": \"\",\n \"request_id\": \"\",\n \"details\": {\n \"required\": \"\",\n \"balance\": \"\",\n \"top_up_url\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "827bd5ed-8bc9-4d60-b607-ead3084a5067", "name": "Identity provider temporarily unavailable.", "originalRequest": { "url": { "path": [ "workspaces" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Service Unavailable", "code": 503, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"code\": \"\",\n \"message\": \"\",\n \"request_id\": \"\",\n \"details\": null\n}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } } ] }, { "name": "webhooks", "description": "", "item": [ { "id": "9eaa0ef0-335e-417c-94c7-c1b74ee0acb7", "name": "List webhook subscriptions", "request": { "name": "List webhook subscriptions", "description": {}, "url": { "path": [ "webhooks" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" } ], "method": "GET", "body": {}, "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{bearerToken}}" } ] } }, "response": [ { "id": "92c6d31b-e375-4d90-a679-44556b1015bd", "name": "Page of webhook subscriptions.", "originalRequest": { "url": { "path": [ "webhooks" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "OK", "code": 200, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"data\": [\n {\n \"id\": \"\",\n \"url\": \"\",\n \"events\": [\n \"scan.completed\",\n \"scan.failed\"\n ],\n \"created_at\": \"\",\n \"secret\": \"\"\n },\n {\n \"id\": \"\",\n \"url\": \"\",\n \"events\": [\n \"finding.created\",\n \"scan.failed\"\n ],\n \"created_at\": \"\",\n \"secret\": \"\"\n }\n ],\n \"next_cursor\": \"\",\n \"total\": \"\"\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "89586428-9840-420e-86ff-f5de9ff0c1f6", "name": "Missing or invalid API key.", "originalRequest": { "url": { "path": [ "webhooks" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Unauthorized", "code": 401, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"code\": \"\",\n \"message\": \"\",\n \"request_id\": \"\",\n \"details\": null\n}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } }, { "id": "107bf9b6-5304-489c-b8db-e0d7c3f0ca5f", "name": "Create a webhook subscription", "request": { "name": "Create a webhook subscription", "description": { "content": "Registers an HTTPS endpoint to receive lifecycle events. Each\nevent delivery is signed with `X-Pentify-Signature: sha256=`\nusing the subscription's `secret`. If `secret` is omitted on\ncreate the server generates one and returns it ONCE in the\nresponse body.\n", "type": "text/plain" }, "url": { "path": [ "webhooks" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"url\": \"\",\n \"events\": [\n \"scan.completed\"\n ],\n \"secret\": \"\"\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } }, "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{bearerToken}}" } ] } }, "response": [ { "id": "58d0c9b3-f686-43f4-9a58-707e84202637", "name": "Subscription created.", "originalRequest": { "url": { "path": [ "webhooks" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"url\": \"\",\n \"events\": [\n \"scan.completed\"\n ],\n \"secret\": \"\"\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Created", "code": 201, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"id\": \"\",\n \"url\": \"\",\n \"events\": [\n \"finding.created\",\n \"scan.started\"\n ],\n \"created_at\": \"\",\n \"secret\": \"\"\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "609dafb3-6f21-4927-b826-00269635d19b", "name": "Request payload failed validation.", "originalRequest": { "url": { "path": [ "webhooks" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"url\": \"\",\n \"events\": [\n \"scan.completed\"\n ],\n \"secret\": \"\"\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Bad Request", "code": 400, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"code\": \"\",\n \"message\": \"\",\n \"request_id\": \"\",\n \"details\": null\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "2391bff3-9d81-4ef4-a776-6cd96e1f8283", "name": "Missing or invalid API key.", "originalRequest": { "url": { "path": [ "webhooks" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"url\": \"\",\n \"events\": [\n \"scan.completed\"\n ],\n \"secret\": \"\"\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Unauthorized", "code": 401, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"code\": \"\",\n \"message\": \"\",\n \"request_id\": \"\",\n \"details\": null\n}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } }, { "name": "{id}", "description": "", "item": [ { "id": "925e94ac-2a3b-412f-8c51-1a232da7c7d3", "name": "Revoke a webhook subscription", "request": { "name": "Revoke a webhook subscription", "description": {}, "url": { "path": [ "webhooks", ":id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "type": "any", "value": "", "key": "id", "disabled": false, "description": { "content": "(Required) Resource identifier (UUID).", "type": "text/plain" } } ] }, "header": [ { "key": "Accept", "value": "application/json" } ], "method": "DELETE", "body": {}, "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{bearerToken}}" } ] } }, "response": [ { "id": "beb411b5-2b7e-4cf5-ba66-3178131388d7", "name": "Subscription revoked.", "originalRequest": { "url": { "path": [ "webhooks", ":id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Resource identifier (UUID).", "type": "text/plain" }, "type": "any", "value": "", "key": "id" } ] }, "header": [ { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "DELETE", "body": {} }, "status": "No Content", "code": 204, "header": [], "cookie": [], "_postman_previewlanguage": "text" }, { "id": "618e3fee-970e-42c8-a80b-38dba2bb2c41", "name": "Missing or invalid API key.", "originalRequest": { "url": { "path": [ "webhooks", ":id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Resource identifier (UUID).", "type": "text/plain" }, "type": "any", "value": "", "key": "id" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "DELETE", "body": {} }, "status": "Unauthorized", "code": 401, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"code\": \"\",\n \"message\": \"\",\n \"request_id\": \"\",\n \"details\": null\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "b25e7e22-ed98-42b2-bf41-a34aeabd6b52", "name": "Resource not found in this workspace.", "originalRequest": { "url": { "path": [ "webhooks", ":id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Resource identifier (UUID).", "type": "text/plain" }, "type": "any", "value": "", "key": "id" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "DELETE", "body": {} }, "status": "Not Found", "code": 404, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"code\": \"\",\n \"message\": \"\",\n \"request_id\": \"\",\n \"details\": null\n}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } } ] } ] }, { "name": "openapi.json", "description": "", "item": [ { "id": "874bc638-8b1b-4316-8d77-b89d00002681", "name": "Machine-readable OpenAPI spec", "request": { "name": "Machine-readable OpenAPI spec", "description": { "content": "Returns this very document as JSON. No authentication required.", "type": "text/plain" }, "url": { "path": [ "openapi.json" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" } ], "method": "GET", "body": {}, "auth": null }, "response": [ { "id": "ffb089ff-ff44-4926-9ab7-f720d4f78fdb", "name": "OpenAPI 3.1 document.", "originalRequest": { "url": { "path": [ "openapi.json" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "OK", "code": 200, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"key_0\": true\n}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } } ] }, { "name": "healthz", "description": "", "item": [ { "id": "ad2cdb6a-288b-407d-955a-46d5dfb1fda0", "name": "Health probe", "request": { "name": "Health probe", "description": { "content": "Returns `{status:\"ok\"}` when the API is reachable.", "type": "text/plain" }, "url": { "path": [ "healthz" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" } ], "method": "GET", "body": {}, "auth": null }, "response": [ { "id": "f9d071f7-242a-4229-9e9e-10d22c77e6a6", "name": "API is healthy.", "originalRequest": { "url": { "path": [ "healthz" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "OK", "code": 200, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"status\": \"ok\"\n}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } } ] }, { "name": "auth", "description": "", "item": [ { "name": "terminal", "description": "", "item": [ { "name": "pair", "description": "", "item": [ { "id": "f2733cb7-9eaa-46ae-885a-c424d750de5d", "name": "Complete the browser side of Pentify Terminal pairing", "request": { "name": "Complete the browser side of Pentify Terminal pairing", "description": { "content": "Called by the portal once the user clicks \"Pair this device\" with\na Clerk session JWT. Mints (or rotates) a `pt_live_*` API key\nbound to the active workspace and stores it in a short-lived\n(~5 min) row keyed by `device_id`. The desktop CLI then drains\nthe row via `GET /auth/terminal/poll`.\n\nAuthenticated with the user's Clerk session JWT, NOT a Pentify\nAPI key.\n", "type": "text/plain" }, "url": { "path": [ "auth", "terminal", "pair" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"device_id\": \"653ee6aef701b9874d003cf97bfd84c4e55e095baf085693ecd2e2cf28\",\n \"device_name\": \"\"\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } }, "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{bearerToken}}" } ] } }, "response": [ { "id": "89ed8c2e-a34d-4e56-aab3-aed032f9361e", "name": "Pairing recorded; CLI may now poll.", "originalRequest": { "url": { "path": [ "auth", "terminal", "pair" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"device_id\": \"653ee6aef701b9874d003cf97bfd84c4e55e095baf085693ecd2e2cf28\",\n \"device_name\": \"\"\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "OK", "code": 200, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"paired\": \"\",\n \"expires_at\": \"\",\n \"device_id\": \"59019f923b46862cc7b515d5fe7\",\n \"key_id\": \"\"\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "5f3ef019-e5a9-495a-89d5-bd6cca19ddc6", "name": "Validation error (e.g. malformed `device_id`).", "originalRequest": { "url": { "path": [ "auth", "terminal", "pair" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"device_id\": \"653ee6aef701b9874d003cf97bfd84c4e55e095baf085693ecd2e2cf28\",\n \"device_name\": \"\"\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Bad Request", "code": 400, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"code\": \"\",\n \"message\": \"\",\n \"request_id\": \"\",\n \"details\": null\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "06158338-9020-40b4-974f-bfc7ca40d1a3", "name": "Missing or invalid Clerk session JWT.", "originalRequest": { "url": { "path": [ "auth", "terminal", "pair" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"device_id\": \"653ee6aef701b9874d003cf97bfd84c4e55e095baf085693ecd2e2cf28\",\n \"device_name\": \"\"\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Unauthorized", "code": 401, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"code\": \"\",\n \"message\": \"\",\n \"request_id\": \"\",\n \"details\": null\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "19646a6e-8c9e-4c2c-90f5-69301473f7d2", "name": "Caller is not a member of the active Clerk organization.", "originalRequest": { "url": { "path": [ "auth", "terminal", "pair" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"device_id\": \"653ee6aef701b9874d003cf97bfd84c4e55e095baf085693ecd2e2cf28\",\n \"device_name\": \"\"\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Forbidden", "code": 403, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"code\": \"\",\n \"message\": \"\",\n \"request_id\": \"\",\n \"details\": null\n}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } } ] }, { "name": "poll", "description": "", "item": [ { "id": "6d2ba6c8-e355-4bd4-8706-10bb832a82af", "name": "Drain the freshly minted API key for a paired device", "request": { "name": "Drain the freshly minted API key for a paired device", "description": { "content": "Public, unauthenticated, per-IP rate-limited. Called by the\nPentify Terminal CLI on a short interval after the user kicks\noff `pentify auth pair`. The pairing row is single-use: the\nfirst successful poll consumes it (returns the plaintext\n`pt_live_*` key); any subsequent poll for the same `device_id`\nreturns 410 `pairing_consumed`.\n\nThe same code (`not_paired_yet`) is used for both \"never paired\"\nand \"expired\" so callers cannot enumerate live device ids.\n", "type": "text/plain" }, "url": { "path": [ "auth", "terminal", "poll" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "(Required) Stable per-device identifier the CLI generated locally.\n16-64 lowercase hex characters.\n", "type": "text/plain" }, "key": "device_id", "value": "b5c6d19f8ee0b70fc46f113ea156ad0e6833" } ], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" } ], "method": "GET", "body": {}, "auth": null }, "response": [ { "id": "8f5b5123-adcd-4cc8-8302-b5c127c7daa0", "name": "Pairing was found, fresh, and is now consumed.", "originalRequest": { "url": { "path": [ "auth", "terminal", "poll" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "(Required) Stable per-device identifier the CLI generated locally.\n16-64 lowercase hex characters.\n", "type": "text/plain" }, "key": "device_id", "value": "b5c6d19f8ee0b70fc46f113ea156ad0e6833" } ], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "OK", "code": 200, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"key\": \"pt_test_hosNK\",\n \"expires_at\": \"\"\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "3e4baa51-43b4-4a26-8927-51f020fd6d8e", "name": "Missing or malformed `device_id`.", "originalRequest": { "url": { "path": [ "auth", "terminal", "poll" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "(Required) Stable per-device identifier the CLI generated locally.\n16-64 lowercase hex characters.\n", "type": "text/plain" }, "key": "device_id", "value": "b5c6d19f8ee0b70fc46f113ea156ad0e6833" } ], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Bad Request", "code": 400, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"code\": \"\",\n \"message\": \"\",\n \"request_id\": \"\",\n \"details\": null\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "22755bd7-4fd7-44a4-9d08-b53b576fa53e", "name": "No pairing row exists for this `device_id` yet, or the row\nalready expired. Same code is intentionally used for both so\ncallers cannot enumerate live device ids.", "originalRequest": { "url": { "path": [ "auth", "terminal", "poll" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "(Required) Stable per-device identifier the CLI generated locally.\n16-64 lowercase hex characters.\n", "type": "text/plain" }, "key": "device_id", "value": "b5c6d19f8ee0b70fc46f113ea156ad0e6833" } ], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Not Found", "code": 404, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"code\": \"\",\n \"message\": \"\",\n \"request_id\": \"\",\n \"details\": null\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "e0002984-21ed-4bd5-af8a-aca7c6d134c8", "name": "Pairing key was already retrieved (single-use).", "originalRequest": { "url": { "path": [ "auth", "terminal", "poll" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "(Required) Stable per-device identifier the CLI generated locally.\n16-64 lowercase hex characters.\n", "type": "text/plain" }, "key": "device_id", "value": "b5c6d19f8ee0b70fc46f113ea156ad0e6833" } ], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Gone", "code": 410, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"code\": \"\",\n \"message\": \"\",\n \"request_id\": \"\",\n \"details\": null\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "3decdf68-5ab1-4351-b310-77e392de3568", "name": "Per-IP poll rate limit exceeded.", "originalRequest": { "url": { "path": [ "auth", "terminal", "poll" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "(Required) Stable per-device identifier the CLI generated locally.\n16-64 lowercase hex characters.\n", "type": "text/plain" }, "key": "device_id", "value": "b5c6d19f8ee0b70fc46f113ea156ad0e6833" } ], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Too Many Requests", "code": 429, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"code\": \"\",\n \"message\": \"\",\n \"request_id\": \"\",\n \"details\": null\n}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } } ] } ] } ] } ], "auth": { "type": "bearer", "bearer": [ { "type": "any", "value": "{{bearerToken}}", "key": "token" } ] }, "event": [], "variable": [ { "key": "baseUrl", "value": "https://api.pentify.io/v1" } ], "info": { "_postman_id": "162e8119-14b6-4a21-b8d9-ff432e544107", "name": "Pentify API", "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json", "description": { "content": "AI-powered penetration testing API for Pentify.\n\nAll requests require a Bearer API key (`pt_live_*`) issued from the\nPentify portal. Every operation is scoped to the workspace (tenant)\nbound to the API key and obeys plan-level token quotas. Scans cost\ntokens; balances and per-operation breakdowns are exposed via\n`/usage`.\n\nConventions:\n - All resource IDs are UUIDs.\n - Timestamps are ISO 8601 UTC (`date-time`).\n - List endpoints return cursor-paginated responses with `next_cursor`.\n - Errors share a common envelope (`Error`) with stable `code` values.\n\n\nContact Support:\n Name: Pentify\n Email: api@pentify.io", "type": "text/plain" } } }