Overview
The API uses Bearer token authentication. Include your API key in the Authorization header of every request.
API access requires a plan that includes it. If you receive a 403 “Your plan does not have API access” error, check your subscription.
Getting your API key
Log in
Access your Pentest-Tools.com account.
Go to API settings
Navigate to My account > API.
Create a key
Click Create API Key, give it a name, and optionally set an expiration date.
Copy and store
Copy your key immediately. It won’t be shown again.
Using the API key
Include the key in the Authorization header with the Bearer prefix:
Authorization: Bearer YOUR_API_KEY
Example request
import requests
API_KEY = "YOUR_API_KEY"
API_URL = "https://app.pentest-tools.com/api/v2"
response = requests.get(
f"{API_URL}/targets",
headers={"Authorization": f"Bearer {API_KEY}"}
)
print(response.json())
API key security
Treat your API key like a password. Never commit it to version control or expose it in client-side code.
Best practices
| Practice | Description |
|---|
| Environment Variables | Store keys in environment variables, not in code |
| Rotation | Rotate keys periodically |
| Expiration | Set expiration dates on keys |
| Naming | Use descriptive names to identify key purpose |
| Monitoring | Check “Last used” date in My account > API |
Managing keys
From My account > API you can:
- Create multiple keys for different purposes (CI/CD, scripts, integrations)
- View when each key was last used
- Set expiration dates (1-365 days, or never)
- Revoke compromised keys immediately
Authentication errors
| Code | Message | Solution |
|---|
| 401 | Unauthorized | API key is missing or invalid |
| 403 | Your plan does not have API access | Upgrade to a plan with API access |
| 403 | Forbidden | Valid key but insufficient permissions for the action |
