Skip to main content

REST API Authentication

Secure API access with token-based authentication.

API Tokens​

Create Token​

pentora server token create \
  --name "Production API" \
  --scopes "scan:read,scan:write,workspace:read" \
  --expires 90d

List Tokens​

pentora server token list

Revoke Token​

pentora server token revoke <token-id>

Using Tokens​

Bearer Authentication​

curl -H "Authorization: Bearer eyJhbGc..." \
     https://pentora.company.com/api/v1/scans

Environment Variable​

export PENTORA_API_TOKEN=eyJhbGc...
curl -H "Authorization: Bearer $PENTORA_API_TOKEN" \
     https://pentora.company.com/api/v1/scans

Token Scopes​

  • scan:read - View scans
  • scan:write - Create/delete scans
  • scan:execute - Execute scans
  • workspace:read - View workspace
  • workspace:write - Modify workspace
  • admin - Full access

SSO Integration (Enterprise)​

OIDC​

server:
  auth:
    provider: oidc
    oidc:
      issuer: https://auth.company.com
      client_id: pentora
      client_secret: ${OIDC_SECRET}

SAML​

server:
  auth:
    provider: saml
    saml:
      idp_metadata_url: https://idp.company.com/metadata
      sp_entity_id: pentora

See Enterprise Multi-Tenant for details.