CG Scanning API V2
latest
  • latest
  • 5.2.0
  • 5.3.0
HomeDocs
HomeDocs
latest
  • latest
  • 5.2.0
  • 5.3.0
  1. Scanning API
  • Scanning API
    • Getting Started
    • Authentication
    • Common Error Responses
    • Filtering Data
    • Authentication
      • User Confirmation
        • Confirm a User
        • Show confirmation form
      • User Invitation
        • Accept an invitation
        • Pre-Accept invitation check
      • Password Reset
        • Forgot Password
        • Reset Password
      • Impersonation
        • Impersonate user
        • Impersonate user
      • MFA
        • Check 2fa
        • Send SMS OTP
      • Sign in authentication
      • Sign in with recovery code
      • Sign out authentication
      • SSO Link login
    • Targets
      • List targets
      • Create Target
      • Show a target
      • Updates a target
      • Delete a target
      • Delete targets
    • Scans
      • Scan Histories
        • List of history for a scan
        • History details for a scan
      • Scan Hosts
        • List of hosts for a scan
        • Host details for a scan
      • Scan Vulnerabilities
        • List of vulnerabilities for a scan
        • Show vulnerability details
        • Statistics for a scan
      • List scans
      • Create Scan
      • Show a scan
      • Updates a scan
      • Delete a scan
      • Delete scans
      • Start a scan
      • Stop a scan
      • List upcoming scans
      • List recent scans that have been completed
      • List of the running scans
      • Create Scan from Wizard
    • Reports
      • List Reports
      • Show a report
      • Delete a report
      • Delete reports
      • Generates a report file
      • Downloads a report file
      • Check if a report file exists
      • Verifies file integrity by comparing hashes
    • Vulnerabilities
      • List of vulnerabilities
      • Vulnerability details
      • Total Vulnerabilities (widget)
      • Top Vulnerabilities (widget)
      • PCI Compliant (widget)
      • Send prompt about a given Vulnerability
      • Chat history about a given Vulnerability
    • Exceptions
      • List Exceptions
      • Create Exception
      • Update Exception
      • Show an exception
      • Delete an exception
      • Show exception details
      • Delete exceptions
      • Activate exceptions
      • Reset exceptions
      • Show the exceptions statistics
    • Schedules
      • List Schedules
      • Create Schedule
      • Updates a schedule
      • Show a schedule
      • Delete a schedule
      • Delete schedules
      • Calculate First Time Schedule Date
      • Calculate Next Schedule Dates
    • Webhooks
      • Deliveries
        • List all deliveries for a webhook
        • Get a delivery for a webhook
      • List all webhooks
      • Create a webhook
      • Show a webhook
      • Update a webhook
      • Delete a webhook
      • Activate a webhook
      • Deactivate a webhook
    • Advanced Reports
      • List Advanced Reports
      • Create an advanced report
      • Show an advanced report
      • Update an advanced report
      • Delete an advanced report
      • Delete advanced reports
      • Generates an advanced report file
      • Downloads an advanced report file
    • Audit
      • Get all events
      • Get event by id
    • Notifications
      • List Notifications
      • Show a notification
      • Delete a notification
      • Mark as read a notification
      • Mark as seen a notification
      • Mark as read all notifications
      • Mark as seen all notifications
    • Hosts
      • List of hosts
      • Host details
      • List of most vulnerable hosts
    • Scanners
      • List scanners
      • Create scanner
      • Show scanner
      • Update scanner
      • Delete scanner
      • List activated scanners
      • Activate scanner
      • Deactivate scanner
      • Update scanner app type
      • Assign a scanner to an organization
      • Verify a scanner
    • Port Lists
      • List port lists
      • Create a port list
      • Show a port list
      • Update a port list
      • Delete a port list
      • List activated port lists
      • Add a port range to a port list
      • Delete a port range to a port list
      • Activate a port list
      • Deactivate a port list
      • Updates the app_type of a port list
      • Sync the a port lists
    • User
      • User 2FA
        • Enable 2FA
        • Verify 2FA installation
        • Disable 2FA
        • Lookup phone number
        • Default 2FA method
        • Generate Recovery Codes
        • Get Recovery Codes
      • User Preferences
        • Get users notification preferences
        • Change users product
        • Enable user's event notification preference
        • Disable user's event notification preference
      • Get current user
      • Update current user
      • Change current user password
      • Get current user active plans (Not implemented yet)
      • Get organization members
      • Get current user products
      • Get current organization
      • Update current organization
      • Get subscriptions history
      • Change users product
      • Checks if authorization token is valid
      • Get current user permissions
      • Check if the user can be deleted
      • Delete my account
      • Generates a new access token
      • Revokes the current access token
      • Transfers all the resources from the user to another user
    • Organizations
      • Organization Subscriptions
        • Retrieves all subscriptions of organization
        • Retrieves all active subscriptions of organization
        • Show a subscription of organization
        • Update organization's subscription
        • Assign features to a subscription
        • Revoke features from a subscription
      • Subscribe to a plan
      • List organizations
      • Create Organization
      • List dependent subscriptions
      • Retrieve an organization
      • Update an organization
      • Delete an organization
      • Subscribe an organization to a plan
      • Unsubscribe an organization from a plan
      • Change users Organization
      • Export organizations
    • Users
      • List Users
      • Create User
      • Show User
      • Update User
      • Delete a User
      • Create Customer
      • Invite User
      • Resend Confirmation Instructions
      • Import Users
      • Check if a user can be deleted
      • Inherit all the resources from a user
      • Export all users to a CSV file
      • Set partner
      • Unset partner
    • Whitelabel Settings
      • Show the white label settings
      • Show the white label settings
      • Update white label settings
  • SAQ API
    • List all SAQs
      GET
    • Get SAQ (JSON) or Download SAQ (PDF)
      GET
    • List Available SAQ Types
      GET
    • Get SAQ Type Template
      GET
    • Create a New SAQ
      POST
    • Delete an SAQ
      DELETE
    • Clone an SAQ
      PUT
    • Approve an SAQ
      PUT
    • Set SAQ as a template
      PUT
  1. Scanning API

Authentication

Our API provides flexible authentication options to suit different use cases. This section explains how to authenticate using credentials, Two-Factor Authentication (2FA), or ussing the Access Tokens.

Authenticate with Username and Password#

Use this method to authenticate with a user's credentials (username and password). Depending on whether 2FA is enabled, the process may require an additional step.
API Key required
All API requests must include the API key in the headers. This is required for all endpoints, regardless of the authentication method used.
# Headers Example
x-api-key: your-api-key
Without 2FA
With 2FA
1.
Send a POST request to /auth/sign_in with the username and password.
2.
The server responds with an authentication token, which must be included in the Authorization header for subsequent requests.

Example Request#

POST /auth/sign_in
Content-Type: application/json

  {
    "username": "your_username",
    "password": "your_password"
  }

Example Response#

{
    "token": "your-auth-token",
}

Authorization Header for Subsequent Requests:#

Authorization: Bearer your-auth-token

Authentication with Access Token#

The Access Token method allows long-term authentication without requiring a login for each session. This is ideal for applications or scripts that need to interact with the API regularly.

Generate an Access Token#

Access Tokens can be generated in the My Settings section of the portal or by using the PUT /v2/user/generate_access_token endpoint. Once generated, the token does not expire and can be used for all API requests.

Use an Access Token#

Include the token in the Authorization header of your requests:
Authorization: Basic your-access-token
Modified at 2025-04-24 11:02:04
Previous
Getting Started
Next
Common Error Responses
Built with