Developer API
Panoptic Scans provides a REST API for programmatic access to scans, results, targets, webhooks, and more.
Authentication
The API uses JWT authentication. Create an API key in the app, call the login endpoint to obtain an access_token, then send Authorization: Bearer <token> on each request until the token expires.
Base URL
Production base URL: https://panopticscans.com/api
Capabilities
The API lets you manage scans (create, list, update, delete, rerun), view vulnerabilities, manage targets, manage webhooks, and download reports, among other operations.
Documentation and specification
- Interactive docs —
/api(the API developer portal with links to the interactive reference). - OpenAPI spec —
/openapi.yaml
Quick example: authentication with curl
Obtain a token with your API key, then call a protected endpoint:
curl -X POST "https://panopticscans.com/api/login" \
-H "Content-Type: application/json" \
-d '{"api_key":"YOUR_API_KEY"}'
curl "https://panopticscans.com/api/scans" \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN"
Replace YOUR_API_KEY and YOUR_ACCESS_TOKEN with values from your account and login response.
Webhooks
For outbound events when scans finish or fail, configure webhooks under Settings → Webhooks. See also Webhooks in this documentation for behavior, signing, and testing.
Info: The full interactive API reference is available at https://panopticscans.com/api.