Get started with the Invicti Platform API
Deployment: Invicti Platform on-demand, Invicti Platform on-premises
The Invicti Platform REST API lets you manage applications, assets, vulnerabilities, and more programmatically. You can use it to integrate Invicti into your own tools, automate workflows, or export data.
This document introduces the available learning series, API definitions, and quick reference information to help you get started. Use structured series to go from basic concepts to advanced implementations. Each series focuses on specific skills and use cases.
Learning path recommendation
New to APIs? → Start with API fundamentals → Then proceed to API scanning workflows
Available learning series
Two series are currently available. Start with API fundamentals if you're new to the API, or go straight to API scanning workflows if you're ready to implement.
API fundamentals (5 parts)
Focus: Conceptual foundation and basic API operations
Audience: Beginners, first-time API users
Learning path: Understand concepts → Get credentials → Learn authentication → Make calls → Manage responses
| Part | Topic | Description |
|---|---|---|
| 1 | When to use the API | Decision framework for choosing API vs web interface |
| 2 | Get your API key | Obtain credentials and access documentation |
| 3 | Authenticate | Authentication methods and security best practices |
| 4 | Make your first call | Hands-on examples with Postman, curl, and Python |
| 5 | Handle responses | Response handling and robust error management |
API scanning workflows (4 parts)
Focus: Complete scanning implementation workflows
Audience: Developers, DevOps engineers, security engineers
Learning path: Setup → Configure targets → Execute scans → Analyze results
| Part | Topic | Description |
|---|---|---|
| 1 | Get started | Foundation setup for scanning workflows |
| 2 | Configure | Create and configure targets for scanning |
| 3 | Launch | Execute scans and track progress |
| 4 | Review and report | Analyze findings and generate reports |
API definitions reference
The Invicti Platform provides multiple API definitions for different use cases. Access them through Swagger UI using the Select a definition dropdown.
| Definition | Use it to… |
|---|---|
| Inventory API | Manage applications, assets, collections, and vulnerabilities. Primary API for most integration use cases. |
| DAST API | Manage scan targets, trigger and monitor scans, retrieve results, and generate reports. |
| External Scan API | Import vulnerability findings from third-party tools such as Mend or SARIF-compatible scanners. |
| Inventory REST API | Manage API definitions, API targets, and their links to DAST scan targets. |
| API Importers API | Configure and trigger integrations that automatically import API definitions from external sources. |
| Integrations API | Manage plugin integrations, automation rules, CI/CD scan profiles, and Jira connections. |
| Identity Management API | Manage SAML SSO configuration, client applications, organizations, and licenses. |
| Identity SCIM v2 | Provision and manage users, groups, and roles using the SCIM 2.0 standard. |
Authentication is per session and per definition. When you switch to a different definition, click Authorize again and re-enter your API key.
Common HTTP status codes
| Status | Meaning | Next steps |
|---|---|---|
200 / 201 | Success | Request completed successfully |
400 Bad Request | Invalid parameters or request body | Check the response body for validation details |
401 Unauthorized | Missing or invalid API key | Verify your API key and authentication header |
403 Forbidden | Insufficient permissions | Check your user role and account permissions |
404 Not Found | Resource doesn't exist | Verify the resource ID or endpoint URL |
429 Too Many Requests | Rate limit exceeded | Wait and retry, implement backoff strategy |
For detailed error handling strategies, see Handle responses.
Quick reference
Need specific guidance?
| I want to… | Go to… |
|---|---|
| Learn API basics | API fundamentals series |
| Run my first scan | API scanning workflows series |
| Implement scanning workflows | API scanning workflows series |
| Get or manage my API key | Get your API key |
| Fix API errors | Handle responses |
Next steps
- Start learning: Begin with When to use the API
- Jump to implementation: Go directly to Get started
- Get hands-on practice: Try the API scanning workflows series
Need help choosing the right starting point? Review When to use the API for guidance on when APIs are the best choice for your use case.
Need help?
Invicti Support team is ready to provide you with technical help. Go to Help Center