API Overview

Pentora provides REST and gRPC APIs for programmatic access and integration.

Base URL

https://pentora.company.com/api/v1

Authentication

All API requests require authentication via Bearer token:

curl -H "Authorization: Bearer <token>" \
     https://pentora.company.com/api/v1/scans

Generate API Token

pentora server token create --name "CI Pipeline" --scopes scan:read,scan:write

API Versioning

Current version: v1

URL format: /api/v1/<resource>

Rate Limiting

Default limits:

• Free/Starter: 60 requests/minute
• Team: 100 requests/minute
• Business: 500 requests/minute
• Enterprise: Unlimited (configurable)

Common Headers

Authorization: Bearer <token>
Content-Type: application/json
X-Tenant-ID: <tenant-id>  (multi-tenant only)

Response Format

Success (200):

{
  "data": { ... },
  "meta": {
    "timestamp": "2023-10-06T14:30:22Z"
  }
}

Error (4xx/5xx):

{
  "error": {
    "code": "invalid_request",
    "message": "Target validation failed",
    "details": { ... }
  }
}

Available APIs

• REST API - Scan management
• UI Portal - Web interface
• Module API - Custom modules

See sections for detailed endpoints.