Frontend API Specification¶
The Frontend API serves the Pentest Manager web application.
OpenAPI Specification¶
Overview¶
This API powers the web interface for:
- User authentication and MFA
- Pentest management
- Vulnerability tracking
- Team collaboration
- Report generation
Authentication¶
Session-Based¶
Web interface uses cookie-based sessions with CSRF protection:
API Key¶
Programmatic access uses API key header:
Generate API keys in Profile → API Key.
Key Endpoints¶
Authentication¶
| Endpoint | Method | Description |
|---|---|---|
/login |
POST | User login |
/logout |
GET | End session |
/mfa/verify |
POST | Verify TOTP code |
Pentests¶
| Endpoint | Method | Description |
|---|---|---|
/pentests |
GET | List pentests |
/pentest/new |
POST | Create pentest |
/pentest/{id}/start |
POST | Start execution |
Real-Time¶
| Endpoint | Method | Description |
|---|---|---|
/api/pentests/{id}/execution-updates |
GET | SSE stream |
/api/pentests/{id}/vulnerability-updates |
GET | SSE stream |
Rate Limiting¶
Login endpoints are rate limited: - 5 failed attempts → 15 minute lockout - Applies per username