Endpoint Index
Overview
Server startup, authentication, and general endpoints.| Method | Endpoint | Description |
|---|---|---|
| GET | / | App info |
| GET | /health | Health check |
| GET | /server-info | Server info (uptime, DB driver, queue depth) |
| GET | /swagger/* | Swagger UI |
| GET | /metrics | Prometheus metrics |
HTTP Records
| Method | Endpoint | Description |
|---|---|---|
| GET | /api/http-records | List HTTP records (paginated, filterable) |
| GET | /api/http-records/:uuid | Get HTTP record detail |
| DELETE | /api/http-records/:uuid | Delete HTTP record |
Findings
| Method | Endpoint | Description |
|---|---|---|
| GET | /api/findings | List findings (paginated, filterable) |
| GET | /api/findings/:id | Get finding detail |
| DELETE | /api/findings/:id | Delete finding |
Ingestion
| Method | Endpoint | Description |
|---|---|---|
| POST | /api/ingest-http | Ingest HTTP data (URL, curl, OpenAPI, Burp, Postman) |
Scan
| Method | Endpoint | Description |
|---|---|---|
| POST | /api/scan-url | Scan a single URL |
| POST | /api/scan-request | Scan a raw HTTP request |
| POST | /api/scan | Trigger scan over ingested records |
| GET | /api/scan/status | Current scan status |
| DELETE | /api/scan | Cancel running scan |
| POST | /api/scan-records | Scan specific HTTP records by UUID |
| GET | /api/scans | List scan history |
| GET | /api/scans/:uuid | Get scan detail |
| DELETE | /api/scans/:uuid | Delete scan |
| POST | /api/scans/:uuid/stop | Stop a running scan |
Stats
| Method | Endpoint | Description |
|---|---|---|
| GET | /api/stats | Aggregated scan statistics |
Scope
| Method | Endpoint | Description |
|---|---|---|
| GET | /api/scope | View scope config |
| POST | /api/scope | Update scope config |
Config
| Method | Endpoint | Description |
|---|---|---|
| GET | /api/config | View configuration |
| POST | /api/config | Update configuration |
Modules
| Method | Endpoint | Description |
|---|---|---|
| GET | /api/modules | List scanner modules |
Source Repos
| Method | Endpoint | Description |
|---|---|---|
| GET | /api/source-repos | List source repos |
| POST | /api/source-repos | Create source repo |
| GET | /api/source-repos/:id | Get source repo |
| PUT | /api/source-repos/:id | Update source repo |
| DELETE | /api/source-repos/:id | Delete source repo |
OAST Interactions
| Method | Endpoint | Description |
|---|---|---|
| GET | /api/oast-interactions | List OAST interactions |
| GET | /api/oast-interactions/:id | Get OAST interaction detail |
| DELETE | /api/oast-interactions/:id | Delete OAST interaction |
Extensions
| Method | Endpoint | Description |
|---|---|---|
| GET | /api/extensions | List extensions |
| GET | /api/extensions/:name | Get extension (with raw content) |
| PUT | /api/extensions/:name | Edit extension |
| GET | /api/extensions/docs | List JS API functions |
Agent
| Method | Endpoint | Description |
|---|---|---|
| POST | /api/agent/run/query | Single-shot agent prompt execution |
| POST | /api/agent/run/autopilot | Autonomous AI-driven scanning session |
| POST | /api/agent/run/pipeline | Multi-phase scanning pipeline |
| GET | /api/agent/status/list | List agent runs |
| GET | /api/agent/status/:id | Agent run status |
| POST | /api/agent/chat/completions | OpenAI-compatible chat completions |