Skip to main content

Documentation Index

Fetch the complete documentation index at: https://pentest-tools.com/docs/llms.txt

Use this file to discover all available pages before exploring further.

Overview

The API uses Bearer token authentication. Include your API key in the Authorization header of every request.
API access requires a plan that includes it. If you receive a 403 “Your plan does not have API access” error, check your subscription.

Getting your API key

1

Log in

Access your Pentest-Tools.com account.
2

Go to API settings

Navigate to My account > API.
3

Create a key

Click Create API Key, give it a name, and optionally set an expiration date.
4

Copy and store

Copy your key immediately. It won’t be shown again.

Using the API key

Include the key in the Authorization header with the Bearer prefix: 
Authorization: Bearer YOUR_API_KEY

Example request

import requests

API_KEY = "YOUR_API_KEY"
API_URL = "https://app.pentest-tools.com/api/v2"

response = requests.get(
    f"{API_URL}/targets",
    headers={"Authorization": f"Bearer {API_KEY}"}
)

print(response.json())

API key security

Treat your API key like a password. Never commit it to version control or expose it in client-side code.

Best practices

PracticeDescription
Environment VariablesStore keys in environment variables, not in code
RotationRotate keys periodically
ExpirationSet expiration dates on keys
NamingUse descriptive names to identify key purpose
MonitoringCheck “Last used” date in My account > API

Managing keys

From My account > API you can:
  • Create multiple keys for different purposes (CI/CD, scripts, integrations)
  • View when each key was last used
  • Set expiration dates (1-365 days, or never)
  • Revoke compromised keys immediately

Authentication errors

CodeMessageSolution
401UnauthorizedAPI key is missing or invalid
403Your plan does not have API accessUpgrade to a plan with API access
403ForbiddenValid key but insufficient permissions for the action