Pentify
SDKs

cURL recipes

Copy-paste cookbook for the most common Pentify API calls. No SDK required — just curl and jq.

Set PENTIFY_API_KEY first:

export PENTIFY_API_KEY="pk_live_..."

Smoke test

curl https://api.pentify.io/v1/usage \
  -H "Authorization: Bearer $PENTIFY_API_KEY"

Register and verify a target

TARGET_ID=$(curl -s https://api.pentify.io/v1/targets \
  -H "Authorization: Bearer $PENTIFY_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"hostname":"example.com"}' | jq -r .id)

curl -X POST "https://api.pentify.io/v1/targets/$TARGET_ID/verify" \
  -H "Authorization: Bearer $PENTIFY_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"method":"dns"}'

Create a scan and poll until done

SCAN_ID=$(curl -s https://api.pentify.io/v1/scans \
  -H "Authorization: Bearer $PENTIFY_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"target":"example.com","scan_type":"quick"}' \
  | jq -r .id)

while :; do
  STATUS=$(curl -s "https://api.pentify.io/v1/scans/$SCAN_ID" \
    -H "Authorization: Bearer $PENTIFY_API_KEY" | jq -r .status)
  case "$STATUS" in
    queued|running) sleep 5 ;;
    *) echo "$STATUS"; break ;;
  esac
done

Cancel a scan

curl -X POST "https://api.pentify.io/v1/scans/$SCAN_ID/cancel" \
  -H "Authorization: Bearer $PENTIFY_API_KEY"

Pull the JSON report and the PDF

curl "https://api.pentify.io/v1/scans/$SCAN_ID/report" \
  -H "Authorization: Bearer $PENTIFY_API_KEY" \
  -o report.json

curl -L "https://api.pentify.io/v1/scans/$SCAN_ID/report.pdf" \
  -H "Authorization: Bearer $PENTIFY_API_KEY" \
  -o report.pdf

List critical findings only

curl "https://api.pentify.io/v1/scans/$SCAN_ID/findings?severity=critical" \
  -H "Authorization: Bearer $PENTIFY_API_KEY" | jq .

Subscribe to webhooks

curl https://api.pentify.io/v1/webhooks \
  -H "Authorization: Bearer $PENTIFY_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://example.com/pentify-hook",
    "events": ["scan.completed", "scan.failed"]
  }'

Save the whsec_* secret returned — see Webhooks for verification.

Inspect token consumption

curl https://api.pentify.io/v1/usage \
  -H "Authorization: Bearer $PENTIFY_API_KEY" \
  | jq .last_30d.by_operation

Walk paginated lists

CURSOR=""
while :; do
  RES=$(curl -s "https://api.pentify.io/v1/scans?limit=100&cursor=$CURSOR" \
    -H "Authorization: Bearer $PENTIFY_API_KEY")
  echo "$RES" | jq -c '.data[]'
  CURSOR=$(echo "$RES" | jq -r '.next_cursor // empty')
  [ -z "$CURSOR" ] && break
done