Authentication
`POST /api/auth/register` and `POST /api/auth/login` establish workspace access.
API reference
The JSON API is served below `/api`. Workspace endpoints require authenticated access, and trial capabilities use the API credential issued to the requester.
Last updated 14 July 2026
01
`POST /api/auth/register` and `POST /api/auth/login` establish workspace access.
`GET /api/assets` lists authorized assets; asset creation accepts the supported target types and environment metadata.
`POST /api/scans` starts an assessment, while `GET /api/scans` and `GET /api/scans/:id` return status and results.
02
Requests and responses use JSON unless an export endpoint explicitly returns a document.
Authenticated resources are restricted to the caller's authorized workspace and role.
Clients should handle 401, 403, 404, 409, 429, and 5xx responses without automatically widening scan scope.
Next step