Skip to content

Backend API Specification

The Backend API provides internal service-to-service communication, primarily for n8n workflow integration.

OpenAPI Specification

Overview

This API is used internally by n8n workflows to:

  • Validate API keys before pentest execution
  • Submit command results from Kali Linux
  • Report discovered vulnerabilities
  • Update pentest status and progress
  • Notify when PDF reports are ready

Authentication

All endpoints require dual authentication:

X-API-Key: <user-api-key>
X-Master-Key: <master-key>

The master key (MANAGER_BACKEND_MASTER_KEY) ensures only n8n can access these endpoints.

Common Endpoints

Validate Keys

POST /api/validate

Validates API keys before starting a pentest.

Submit Command

POST /api/command/{pentest_id}

Submits command execution results from Kali.

Submit Vulnerability

POST /api/vulnerability/{pentest_id}

Reports a discovered vulnerability.

Update Status

POST /api/update/{pentest_id}

Updates pentest execution status.

Integration Notes

  • All sensitive data is encrypted before storage
  • Commands support approval workflows for dangerous operations
  • Real-time updates pushed via SSE to webapp