Skip to main content
The Hacktron REST API lets you trigger pentest scans, browse and triage findings, and run cost estimations from your own tooling. Everything you can do in the Hacktron dashboard as a scan operator or reviewer is available through the API, scoped to a single organization per key.

Base URL

https://api.hacktron.ai/v1
All endpoints in this reference are relative to this base URL.

Interactive API reference

A Swagger UI rendered from the live OpenAPI spec is hosted at https://api.hacktron.ai/docs. It covers the same endpoints documented here with raw request and response schemas and a “Try it out” console, useful for verifying field names or cross-checking schemas against production.

What you can do

Run pentest scans

Start full pentest scans against one or more repositories and track their status.

Estimate cost

Generate a cost estimation for a set of repositories before committing credits.

Browse findings

List, filter, and inspect findings across scans, including their full triage context.

Triage findings

Update finding state, adjust severity, and add comments from your own systems.

Requirements

  • A Hacktron organization with an Admin or Owner role (required to create API keys).
  • An API key — see Authentication for how to create one.
  • An HTTP client that can set custom headers.

Next steps

Authentication

Create an API key and make your first authenticated request.

Rate limits

Understand request quotas and how to handle 429 responses.

Pagination & filtering

Learn the shared query conventions used across list endpoints.

Errors

HTTP status codes and error shapes you should handle.