API Reference
The Auto Offensive REST API lets you programmatically manage projects, trigger scan jobs, retrieve results, and generate reports. Integrate security scanning into your CI/CD pipeline or internal tooling.
Overview
REST APIAll API requests are made to the base URL below. The API returns JSON for all responses. Authentication is required for every request using an API key passed in the request header.
Base URL https://api.autooffensive.com/v1
// All responses are returned as JSON.
// All requests must include the Authorization header.Authentication
Auto Offensive uses API key authentication. Generate your key from Settings - API Keys. Pass the key in every request using the Authorization header.
Authorization: Bearer aof_live_xxxxxxxxxxxxxxxxxxxx
Content-Type: application/jsonRate Limits
API rate limits apply per API key per day. Scan jobs also count against your plan's daily scan quota. If you exceed the limit, requests return 429 Too Many Requests.
X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset headers so you can track usage programmatically.Error Codes
All errors return a JSON body with a code and message field describing what went wrong.
| HTTP Status | Code | Meaning |
|---|---|---|
| 400 | ERR_INVALID_PARAM | Missing or invalid request parameters |
| 401 | ERR_AUTH_FAILED | Missing or invalid API key |
| 403 | ERR_FORBIDDEN | Plan does not allow this action |
| 404 | ERR_NOT_FOUND | Project, scan, or report does not exist |
| 429 | ERR_QUOTA_EXCEEDED | Daily request or scan limit reached |
| 500 | ERR_SERVER_ERROR | Internal server error - try again later |
{
"code": "ERR_QUOTA_EXCEEDED",
"message": "Daily scan limit reached. Resets at 00: 00 UTC.",
"status": 429
}Projects
EndpointsProjects are the top-level container for all scan jobs, results, and reports. All scan activity must belong to a project.
/projects{
"projects": [
{
"id": "proj_01HX...",
"name": "ACME Corp - Q2 Assessment",
"created_at": "2025-03-10T08: 30: 00Z",
"scan_count": 14
}
]
}/projectsBody Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| name | string | required | Name of the project (e.g. "ACME Corp Q2 Pentest") |
| description | string | optional | Short description of the engagement scope |
// Request body
{
"name": "ACME Corp - Q2 Assessment",
"description": "Full-scope web and network pentest"
}
// Response 201
{
"id": "proj_01HX...",
"name": "ACME Corp - Q2 Assessment",
"created_at": "2025-03-10T08: 30: 00Z"
}/projects/{project_id}{
"id": "proj_01HX...",
"name": "ACME Corp - Q2 Assessment",
"description": "Full-scope web and network pentest",
"scan_count": 14,
"created_at": "2025-03-10T08: 30: 00Z",
"last_scan_at": "2025-03-14T11: 20: 00Z"
}/projects/{project_id}{ "deleted": true, "id": "proj_01HX..." }Scan Jobs
EndpointsScan jobs represent a single scan execution against a target using one or more modules. All scan jobs belong to a project.
/projects/{project_id}/scansrunning status on creation.Body Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| target | string | required | Domain, URL, or IP address to scan |
| modules | array | required | One or more module names: subfinder nmap nuclei httpx sqli and more |
| config | object | optional | Per-module configuration options (port range, wordlist, threads, etc.) |
| pipeline | boolean | optional | If true, runs modules sequentially, passing output to the next module |
// Request body
{
"target": "example.com",
"modules": ["subfinder", "httpx", "nuclei"],
"pipeline": true,
"config": {
"nuclei": { "severity": "critical,high" }
}
}
// Response 201
{
"scan_id": "scan_02KY...",
"status": "running",
"target": "example.com",
"modules": ["subfinder", "httpx", "nuclei"],
"created_at": "2025-03-14T09: 00: 00Z"
}/projects/{project_id}/scansQuery Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| status | string | optional | Filter by status: running completed failed cancelled |
| limit | integer | optional | Number of results to return (default: 20, max: 100) |
/scans/{scan_id}{
"scan_id": "scan_02KY...",
"status": "completed",
"target": "example.com",
"modules": ["subfinder", "httpx", "nuclei"],
"finding_count": 22,
"started_at": "2025-03-14T09: 00: 00Z",
"completed_at": "2025-03-14T09: 04: 12Z"
}/scans/{id} every 5 seconds while status is running. When status changes to completed or failed, stop polling and fetch results./scans/{scan_id}/stop{ "scan_id": "scan_02KY...", "status": "cancelled" }/scans/{scan_id}/retryscan_id is returned for the new job.{
"scan_id": "scan_03LZ...",
"status": "running",
"retried_from": "scan_02KY..."
}Results
EndpointsRetrieve structured findings from a completed scan job. Results are linked to the scan and stored indefinitely.
/scans/{scan_id}/resultsQuery Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| type | string | optional | Filter by finding type: asset port vulnerability endpoint |
| severity | string | optional | Filter vulnerabilities by severity: critical high medium low |
{
"scan_id": "scan_02KY...",
"total": 22,
"results": [
{
"type": "vulnerability",
"title": "SQL Injection - /api/users?id=",
"severity": "critical",
"cvss": 9.8,
"tool": "nuclei",
"evidence": "Error-based SQLi confirmed via time-delay"
},
{
"type": "asset",
"value": "api.example.com",
"tool": "subfinder"
}
]
}Reports
EndpointsGenerate, list, and download security reports from completed scan jobs. Reports can be exported in PDF, DOCX, Excel, or JSON.
/scans/{scan_id}/reportsBody Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| template | string | required | executive technical developer compliance |
| format | string | required | pdf docx excel json |
| company_name | string | optional | Company name shown on the report cover page |
| compliance | string | optional | pci_dss iso_27001 soc2 nist |
// Request body
{
"template": "technical",
"format": "pdf",
"company_name": "ACME Corp",
"compliance": "pci_dss"
}
// Response 201
{
"report_id": "rpt_04MN...",
"status": "generating",
"format": "pdf",
"template": "technical"
}/reports/{report_id} until status is ready, then call the download endpoint. AI writing typically takes 10-30 seconds./projects/{project_id}/reports{
"reports": [
{
"report_id": "rpt_04MN...",
"scan_id": "scan_02KY...",
"template": "technical",
"format": "pdf",
"status": "ready",
"created_at": "2025-03-14T09: 10: 00Z"
}
]
}/reports/{report_id}/downloadready.{
"report_id": "rpt_04MN...",
"download_url": "https://cdn.autooffensive.com/reports/rpt_04MN...pdf?token=...",
"expires_at": "2025-03-14T09: 25: 00Z",
"format": "pdf"
}Issues
EndpointsRetrieve the detailed list of vulnerabilities and issues found during your scans.
/scans/{scan_id}/issuesQuery Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| severity | string | optional | Filter by severity: critical high medium low |
| cursor | string | optional | Pagination cursor for fetching the next page |
{
"data": [
{
"id": "issue_987",
"severity": "high",
"type": "SQL Injection",
"file": "src/db/queries.ts",
"line": 42,
"description": "Unsanitized input passed directly to SQL execution context."
}
],
"meta": {
"next_cursor": null
}
}AI Analysis
EndpointsInteract with the AI engine for vulnerability remediation suggestions.
/issues/{issue_id}/remediate{
"issue_id": "issue_987",
"suggestion": "Use parameterized queries to prevent SQL injection.",
"code_snippet": "const query = 'SELECT * FROM users WHERE id = $1';\nawait db.query(query, [userId]);"
}Webhooks
EndpointsRegister webhooks to receive real-time notifications for events like scan completion.
/projects/{project_id}/webhooksBody Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| url | string | required | The destination URL that will receive POST requests |
| events | array | required | Array of events like: scan.completed scan.failed report.ready |
| secret | string | optional | Secret key for verifying payload signatures |
// Request
{
"url": "https://your-domain.com/webhooks/aof",
"events": ["scan.completed", "report.ready"],
"secret": "wh_secret_xyz123"
}
// Response 201
{
"webhook_id": "wh_05OP...",
"status": "active"
}