When to use the API
Deployment: Invicti Platform on-demand, Invicti Platform on-premises
This is part 1 of 5 in the API fundamentals series.
Next: Get your API key
Invicti Platform offers both a web-based user interface and a comprehensive REST API. While both provide access to the same core functionality, each serves different use cases and workflows. This document helps you understand when to use each approach so you can choose the most efficient path for your security testing needs.
Reasons to use the web interface (UI)
The web interface is ideal for:
- Interactive exploration and setup - Initial platform setup, exploring scan results, ad-hoc testing, and creating scan configurations.
- Manual, one-time operations - Running occasional scans, reviewing vulnerability reports, and managing user accounts.
- Visual analysis - Examining vulnerability trends, comparing scan results, and building executive reports and dashboards.
Reasons to use the API
The API becomes essential when you need:
- Automation and scale - Run automated scripts that trigger scans and process results instead of manually managing Targets through the UI.
- Integration with existing workflows - Connect directly with Jira, Slack, CI/CD pipelines, and security dashboards so security data flows into your existing tools.
- Consistency and reliability - Execute identical processes every time with programmatic validation, eliminating human error and inconsistent configurations.
- Speed and efficiency - Exchange data directly with no UI overhead for faster execution and immediate access to results.
- Custom workflows and logic - Build custom logic like "If critical vulnerability found, then create ticket AND notify team AND pause deployment."
- Unattended operations - Schedule scans, automate result processing, and run continuous security testing without manual oversight.
Common API use cases
DevOps and CI/CD integration:
- Trigger security scans when code is deployed
- Gate deployments based on security scan results
- Automatically create tickets for new vulnerabilities
Batch operations:
- Onboard hundreds of targets
- Update scan configurations across multiple targets
- Bulk export scan results for compliance reporting
Custom reporting and analytics:
- Extract raw scan data for custom dashboards
- Combine Invicti data with other security tools
- Create executive reports with specific metrics
Automated remediation workflows:
- Automatically assign vulnerabilities to development teams
- Track remediation progress across multiple projects
- Send notifications based on vulnerability severity and age
Get started
Start with the UI to understand Invicti's capabilities and configure your first targets and scans. Once you're comfortable with the platform, move to the API for automation and integration.
For hands-on API experience, follow the API scanning workflows series, which walks you through the essential API operations you'll need for most workflows.
API documentation and authentication: Manage your API key and access the interactive API documentation to explore all available endpoints.
Next steps
Ready to start using the API? Get your credentials and access to documentation:
→ Continue to Get your API key
Complete fundamentals series
- Overview
- Part 1: When to use the API ← You are here
- Part 2: Get your API key
- Part 3: Authenticate
- Part 4: Make your first call
- Part 5: Handle responses
Need help?
Invicti Support team is ready to provide you with technical help. Go to Help Center