Base URL
Interactive API reference
A Swagger UI rendered from the live OpenAPI spec is hosted at https://api.hacktron.ai/docs. It covers the same endpoints documented here with raw request and response schemas and a “Try it out” console, useful for verifying field names or cross-checking schemas against production.What you can do
Run pentest scans
Start full pentest scans against one or more repositories and track their status.
Estimate cost
Generate a cost estimation for a set of repositories before committing credits.
Browse findings
List, filter, and inspect findings across scans, including their full triage context.
Triage findings
Update finding state, adjust severity, and add comments from your own systems.
Requirements
- A Hacktron organization with an Admin or Owner role (required to create API keys).
- An API key — see Authentication for how to create one.
- An HTTP client that can set custom headers.
Next steps
Authentication
Create an API key and make your first authenticated request.
Rate limits
Understand request quotas and how to handle 429 responses.
Pagination & filtering
Learn the shared query conventions used across list endpoints.
Errors
HTTP status codes and error shapes you should handle.