DAST API
The DAST API lets you manage scan targets, schedule scans, monitor scan progress, retrieve vulnerability results, and generate reports programmatically.
For authentication and general Swagger UI navigation, refer to Get started with the Invicti Platform API. Open this API definition directly in Swagger UI.
Common examples
List targets��
Use this to retrieve all scan targets in your organization.
View list targets example
Endpoint: GET /api/v1/targets
Try it in Swagger UI:
- Expand Targets and select GET /api/v1/targets.
- Click Try it out.
- Set
limitto20to control page size. Use thequeryparameter to filter, for exampleaddress:example.com. - Click Execute.
Example response:
{
"targets": [
{
"target_id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"address": "https://example.com",
"description": "Production environment",
"type": "default",
"last_scan_date": "2025-11-15",
"severity_counts": {
"critical": 2,
"high": 5,
"medium": 12,
"low": 8
}
}
],
"pagination": {
"count": 1
}
}
Create a target
Use this to add a new scan target.
View create target example
Endpoint: POST /api/v1/targets
Try it in Swagger UI:
- Expand Targets and select POST /api/v1/targets.
- Click Try it out.
- Replace the example request body with your values:
{
"address": "string",
"description": "string",
"type": "default",
"criticality": 3
}
- Click Execute.
A successful response returns HTTP 201 Created with the new target details including its target_id.
| Field | Required | Notes |
|---|---|---|
address | Yes | URL of the target |
description | No | Free-text label |
type | No | default or demo |
criticality | No | Integer value indicating business criticality |
List scans
Use this to retrieve all scans across your organization, with their current status and results summary.
View list scans example
Endpoint: GET /api/v1/scans
Try it in Swagger UI:
- Expand Scans and select GET /api/v1/scans.
- Click Try it out.
- Optionally use the
queryparameter to filter by target, for exampletarget_id:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx. - Click Execute.
Example response:
{
"scans": [
{
"scan_id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"target_id": "yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy",
"profile_name": "Full Scan",
"status": "completed",
"progress": 100,
"severity_counts": {
"critical": 1,
"high": 3,
"medium": 8,
"low": 15
},
"start_date": "2025-11-15T10:30:00Z",
"end_date": "2025-11-15T12:45:00Z"
}
],
"pagination": {
"count": 25
}
}
Supported status values: scheduled, queued, starting, processing, aborting, aborted, pausing, paused, completed, failed
Schedule a scan
Use this to schedule a new scan for a target.
View schedule scan example
Endpoint: POST /api/v1/scans
Try it in Swagger UI:
- Expand Scans and select POST /api/v1/scans.
- Click Try it out.
- Replace the example request body with your values:
{
"target_id": "string",
"profile_id": "string",
"schedule": {
"disable": false,
"triggerable": true
}
}
- Click Execute.
A successful response returns HTTP 201 Created with the new scan details including its scan_id and status: "scheduled".
| Field | Required | Notes |
|---|---|---|
target_id | Yes | UUID of the target to scan |
profile_id | Yes | UUID of the scanning profile to use |
schedule | Yes | Scheduling configuration object |
Built-in scan profile IDs:
| Profile | ID |
|---|---|
| Full Scan | 11111111-1111-1111-1111-111111111111 |
| Critical and High Risk | 11111111-1111-1111-1111-111111111112 |
| SQL Injection | 11111111-1111-1111-1111-111111111113 |
| Weak Passwords | 11111111-1111-1111-1111-111111111115 |
| XSS Vulnerabilities | 11111111-1111-1111-1111-111111111116 |
| Crawl Only | 11111111-1111-1111-1111-111111111117 |
Get scan results
Use this to retrieve the results of a specific scan, including vulnerability counts per severity.
View get scan results example
Endpoint: GET /api/v1/scans/{scan_id}/results
Try it in Swagger UI:
- Expand Results and select GET /api/v1/scans/{scan_id}/results.
- Click Try it out.
- Enter the
scan_id. You can retrieve this from the list scans endpoint. - Click Execute.
Example response:
{
"results": [
{
"result_id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"scan_session_id": "yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy",
"status": "completed",
"started": "2025-11-15T10:30:00Z",
"completed": "2025-11-15T12:45:00Z",
"severity_counts": {
"critical": 1,
"high": 3,
"medium": 8,
"low": 15
}
}
],
"pagination": {
"count": 10
}
}
Generate a report
Use this to generate a report from a completed scan result.
View generate report example
Endpoint: POST /api/v1/reports
Try it in Swagger UI:
- Expand Reports and select POST /api/v1/reports.
- Click Try it out.
- Enter a request body with the template and scan result to report on:
{
"template_id": "string",
"source": {
"type": "scan_result",
"id": "string"
}
}
- Click Execute.
A successful response returns HTTP 201 Created with the report ID and status: "processing". Once processing is complete, the report is available to download.
Built-in report template IDs:
| Template | ID |
|---|---|
| Developer | 11111111-1111-1111-1111-111111111111 |
| Executive Summary | 11111111-1111-1111-1111-111111111113 |
| HIPAA | 11111111-1111-1111-1111-111111111114 |
| OWASP Top 10 2017 | 11111111-1111-1111-1111-111111111125 |
| PCI DSS 3.2 | 11111111-1111-1111-1111-111111111120 |
Need help?
The Support team is ready to provide you with technical help. Go to Help Center